Smartphone Malware Exploits On The Rise

Lately there have been a spate of incidents involving smartphone apps for the iPhone and Android phones that were discovered to be malicious in various ways.  The important commonality in these revelations was that cyber-criminals had actually modified legitimate apps by hijacking several developer’s credentials, including their “Developer Certificate.”  The developer key provides a digital signature that validates the app as being the ...

Continue Reading →
0

New Container Security Bug – Fix Now!

Virtualization and containerization technologies allow developers, pentesters, network admins and server admins to create multiple virtual instances of a computer system, running inside the actual, physical host system.  This is an easy way to quickly deploy and manage dozens or even hundreds of systems used in a learning lab, test network, or even to run full fledged user systems on a single server.

Virtual machines (VM) are created using hypervisor products such ...

Continue Reading →
0

Global Cyber Threats to the United States

In our last post we singled out North Korea as a key source of cyber-war action against the United States and other countries.  But they are not the only countries that the US is actively engaged with in cyber-space.  On January 29, 2019, Daniel Coats, Director of National Intelligence, released a report to the Senate, titled Worldwide Threat Assessment of ...

Continue Reading →
0

North Korean Botnet Attacked by FBI

The North Korean Cyberwar Operations group is known variously as Lazarus Group, Guardians of Peace, or Hidden Cobra. A few of their notable achievements include the 2014 attack on Sony Pictures inspired by the satirical Seth Rogan film “The Interview, ” the $81 million cyber bank heist  against Bangladesh’s central bank, and the 2017 WannaCry ransomware attack.

In June 2017, US-CERT sent a   Continue Reading →

0

Cyber Attacks Against Businesses – Frequency and Methodology

Cyber attacks against businesses, regardless of size, are increasing in the number of attacks, the types of attacks, and the costs of the attacks.  Company losses include theft of cash assets, employee identity information, stolen files and proprietary information, network downtime, loss of sales, and reputation costs.  For a small privately held business, a serious breach can put them out of business.

For large ...

Continue Reading →
0

Too Legit – The DocuSign No Malware Phishing Exploit

You or your CFO receive an email offering business capital at attractive interest rates.  The company that sent you the offer has provided an application for the loan using the legitimate document presentation platform, DocuSign.  Everything looks legit, and it is.  No fake web pages or near-miss web addresses.  But this is the latest in “no malware” phishing scams.

Filling out the form will give ...

Continue Reading →
0

Common Phishing Subject Lines

Phishing is still the number one tactic used by malicious actors to collect passwords and other information.  Phishing works because the attacker is able to create an email that is believable and looks realistic.  The best ones appear to come from a customer, supplier, coworker or other trusted source, and the content makes sense for your business or personal life.  The most successful way to prevent phishing from ruining your day ...

Continue Reading →
1

It’s Not Just Phishing – Other Ways Email Is Exploited – Part 2

On Monday we investigated five ways that your email account can be used to initiate an cyber-attack against you.  Today we finish up this article with another five email attack vectors.

  • Clickjacking – In traditional click-jacking, a malicious email link actually direct you to a malicious or impostor site.  A new version places something that looks like a dirt spot or hair on the web page and when the user tries to ...
Continue Reading →
0

It’s Not Just Phishing – Other Ways Email Is Exploited – Part 1

Phishing gets all the press when it comes to email account exploits. This is because phishing is the attack vector for over 90% of all cyber-attacks.  But there are other ways that bad actors, cyber-criminals, and state-sponsored cyber-warriors use email that don’t involve phishing at all, and the outcomes of these exploits can be as bad or even worse than phishing.  Today and Wednesday we will take a look at these ...

Continue Reading →
0

Collections 1-5 – Is This The Biggest Data Breach Ever?

Troy Hunt, of HaveIBeenPwned fame, on January 17 reported what may be the biggest data breach ever.  Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows.  That’s right, 2.6 billion rows.   773 million records, from over 12,000 files, with a total size surpassing 87 gigabytes.  That’s a lot of personally identifiable information ...

Continue Reading →
0
Page 3 of 67 12345...»