New PowerPoint Exploit Launches on Hover

A new exploit that uses a PowerPoint feature that enables “mouse-over actions.”  This feature allows a PowerPoint slide show to initiate activity without having to actually click on a link.  Just hovering on a link is enough to advance to the next step.  Since we have been teaching people for years to reveal a link destination by hovering over a link to show the top tip box, this exploit would take ...

Continue Reading →
0

Android Game Hides Crypto-Ransomware Exploit

There is a new encryption ransomware exploit hiding inside a spoofed copy of the popular Chinese game “King of Glory.”  Right now, this malware is affecting users in China, but it is a matter of time before another cyber-criminal group modifies it for English speaking victims.

This game is available on international gaming forums, and is being spread when gamers download a copy to ...

Continue Reading →
0

Windows 10 S – The S is for Security

Are you sick and tired of having to have your computer restored after every malware infection?  Looking for a way to fend off crypto-ransomware attacks for good?  Then Windows 10 S may be for you.

Windows 10 S is a new, stripped down and hardened version of the popular operating system.  This is a great option for computer users who mostly use computers for searching the web and reading email.  The only ...

Continue Reading →
0

Compliance is not Security

I am often asked to explain the difference between a security compliance audit, a vulnerability assessment, and a penetration test.  These exercises do many of the same things, but to a different degree.  A security compliance audit is like a 5K fun run, where a vulnerabilty assessment is more like a marathon.  A penetration test is an iron man competition.

In the course of ...

Continue Reading →
0

Tax Dollars At Work: FTC and US-CERT Resources for SMBs

US-CERT sent an announcement on May 9th about new resources for small and medium size business owners and managers.  Protecting Small Businesses can be found on the FTC website.  It includes information about:

  • Protecting your business from scams
  • Cybersecurity
  • Data breach response
  • Protecting personal information

There are also helpful videos about:

  • Building security into software development
  • Controlling access to data
  • Defending against ransomware
  • Fraud
  • Data ...
Continue Reading →
0

Should Facebook Manage Password Recovery?

Back on February 22nd, we discussed Facebook’s new Delegated Account Recovery feature.  Basically, if you should for some reason forget your password to any account, or lose your two-factor authentication device (smartphone), and can no longer get into your account, Facebook will help you recover the account, as long as it is one that is enrolled with Facebook.

This is not the same thing as password managers like DashLane or LastPass, although ...

Continue Reading →
0

Hacker Tools for Pen Testing

On Wednesday we took a look at a collection of mostly web-based reconnaissance tools.  Today we are taking it to the next level and actually attempting to find and exploit vulnerabilties.

Kali Linux – This is a pen-testers version of Linux that comes fully loaded with over a hundred testing applications.  Kali can be installed in any  old laptop you have laying around, installed as a virtual machine ...

Continue Reading →
0

Hacker Tools for Information Gathering

When starting an security assessment or penetration test with a new client, often the first step is information gathering or reconnaissance. Sure, you could just ask the client for the information you want, but where’s the fun in that?  Here is a list of tools to use to find information that they may not know is publicly available.

Google hacking or Google “dorks” – Johnny Long literally wrote the book about Google ...

Continue Reading →
0
Page 3 of 38 12345...»