Why Would Someone Hijack My Website?

If you own a small business, you have a website.  Would you be surprised to learn that your site is a top target of cyber-criminals?  Most people believe their business is too small and insignificant to be interesting to attackers, but your website is valuable to them precisely because it is small.

What makes a small business website an attractive target?   It is ...

Continue Reading →
0

USB Exploits Pose Security Threats

Often when I am writing about cybersecurity, the situation seems worse than ever.  But its not more dangerous than its ever been, it dangerous in ways that its never been.

A team of Israeli researchers have cataloged 29 different USB exploits and attacks.  These attacks can come disguised as a smartphone charger connection, or may come hidden on a USB thumb drive.  Plugging an unknown ...

Continue Reading →
0

What Security Advice Do The Experts Offer?

I recently read an article from Heimdal Security about online safety.  In this article Heimdal had asked 18 experts in the field of cybersecurity for their top 3 ideas about how to stay secure.  The contributors included top cybersecurity professionals from several anti-malware companies, security bloggers, and cybersecurity industry professionals.  The original article is here.

What I found interesting were the ...

Continue Reading →
0

Crypto-Mining Exploits On The Rise

Fighting cyber-crime is a lot like whack-a-mole.  By the time cyber-defenders come up with countermeasures that work against one exploit, the cyber-criminals have moved on to another different and more profitable exploit.  Old malware is updated with new versions, and the new versions often slide right by the same defenses that stopped the old version.

Cyber-crime has moved from spamming, fake anti-virus, credit card fraud, and “Canadian” pharmaceuticals, to password cracking, phishing, ...

Continue Reading →
0

New Exploit Uses Disk Images to Deliver Malware

There is a new email attachment exploit making the rounds, that uses a file type called a disk image.  The file extension for this kind of file is ISO.  ISO files are not inherently dangerous, and in the exploit work much the same way that a ZIP attachment works.  This file type can sneak past email security filters because it is generally seen as benign, ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Famous cryptographer’s tombstone cryptogram decrypted

A paper at Schmoocon DC over the weekend revealed a delightful cryptogram on William and Elizebeth Friedmans’ tombstone.  This is a fun story and will introduce you to the Bacon cypher.


Cryptocurrency as the lure, an ISO as the attachment – why not open it?

Phishers are using the hot topic ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Malware Displaying Porn Ads Discovered in Game Apps on Google Play

Google removed 60 games that contained code to display porn pop-ups and other malicious activities.  Click through to see list of bad apps.  If you installed any of them, you will need to remove these yourself.


Visa joins other major credit ...

Continue Reading →
0

What the Heck is a Watering Hole Attack?

We’ve all seen this on National Geographic.  A lion, tiger, or other top predator hides near a water hole and waits for some sort of four-legged lunch to stop by for a drink.  Cyber-criminals and other attackers are using a similar technique to download and install malware from niche or industry specific websites to computer systems at targeted businesses.  Here’s how ...

Continue Reading →
0

Fileless Malware Poses New Threat

There is a new threat appearing on corporate and personal networks called “fileless malware.”  It can sneak by traditional signature recognition endpoint security programs.  It is able to hide and stay resident by using trusted operating system and software application files to run the exploit.

Fileless malware exploits are estimated to comprise almost 30% of new exploits, and that percentage is rising as cyber-crime group move to this newer technology.  Fileless malware exploits are being target at financial institutions and other ...

Continue Reading →
0

Details on New Email Exploit – No Attachment Required

People often ask me if it is dangerous to simply open an email, if it is possible to get a malware inflection just by reading an email.  My answer has been a qualified “not at this time.”  Unfortunately, this is no longer true.  It is possible to get a malware installation from the new DDE (Dynamic Data Exchange) exploits reveal by Sophos Labs on October 13 2017.  This can be accomplished without an attachment or link if the email is ...

Continue Reading →
0
Page 1 of 8 12345...»