Credential Stealing Malware in PDF Attachments

On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims.  Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.

This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment.  The PDF variant uses Windows Powershell to install.  The ...

Continue Reading →
0

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

Facebook Searches Dark Web For Stolen Passwords

facebookThis actually is in the “good news” department.  The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites.  As we have discussed here many times, password reuse creates a serious security vulnerability.  If the cyber-crooks have your password for one site, they will try it on other ...

Continue Reading →
0

How Are Passwords Cracked?

password1The answer to this question is complicated, but not impossible to understand.  The first thing to know is that most passwords are not cracked by guessing, or trying thousands of possibilities one at a time on a typical login screen.  Most systems will lock the account after a certain small number of failed attempts, like 5 or 6. This makes the kind of password ...

Continue Reading →
1

What is The Dark Web?

dark-web-1When I am doing a cybersecurity presentation, someone is bound to ask about the Dark Web.  What is it, exactly, and how does someone get there?  The how part we discussed on Friday.  Linux Tails is a great tool for accessing and browsing the Dark Web, should you be so inclined.  Before we delve into the Dark Web, let’s talk about the different parts of the web.

  • The Clear Web – This ...
Continue Reading →
0

What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some ...

Continue Reading →
0

Two Factor Authentication for WordPress

Hardening and securing WordPress websites is one of my specialties.  We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence.  I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured.  Security appeared to be strong, but I wanted more.

I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...

Continue Reading →
0
Page 2 of 3 123