New PowerPoint Exploit Launches on Hover

A new exploit that uses a PowerPoint feature that enables “mouse-over actions.”  This feature allows a PowerPoint slide show to initiate activity without having to actually click on a link.  Just hovering on a link is enough to advance to the next step.  Since we have been teaching people for years to reveal a link destination by hovering over a link to show the top tip box, this exploit would take ...

Continue Reading →
0

Another Lottery Scammer Nabbed by the Feds

We have reported previously about Operation Hard Copy.  This is from the US Department of Justice: The US Marshall’s Service arrested another member of the North Dakota lottery scam in Jamaica recently.

“United States Attorney Chris Myers announced today, that the U.S. Marshals Service, working with Jamaican law enforcement, has located and apprehended another man charged with participating in an international organized crime advance fee “lottery scam” which defrauded at least 90 mostly ...

Continue Reading →
0

Compliance is not Security

I am often asked to explain the difference between a security compliance audit, a vulnerability assessment, and a penetration test.  These exercises do many of the same things, but to a different degree.  A security compliance audit is like a 5K fun run, where a vulnerabilty assessment is more like a marathon.  A penetration test is an iron man competition.

In the course of ...

Continue Reading →
0

Tax Dollars At Work: FTC and US-CERT Resources for SMBs

US-CERT sent an announcement on May 9th about new resources for small and medium size business owners and managers.  Protecting Small Businesses can be found on the FTC website.  It includes information about:

  • Protecting your business from scams
  • Cybersecurity
  • Data breach response
  • Protecting personal information

There are also helpful videos about:

  • Building security into software development
  • Controlling access to data
  • Defending against ransomware
  • Fraud
  • Data ...
Continue Reading →
0

Should Facebook Manage Password Recovery?

Back on February 22nd, we discussed Facebook’s new Delegated Account Recovery feature.  Basically, if you should for some reason forget your password to any account, or lose your two-factor authentication device (smartphone), and can no longer get into your account, Facebook will help you recover the account, as long as it is one that is enrolled with Facebook.

This is not the same thing as password managers like DashLane or LastPass, although ...

Continue Reading →
0

Hacker Tools for Pen Testing

On Wednesday we took a look at a collection of mostly web-based reconnaissance tools.  Today we are taking it to the next level and actually attempting to find and exploit vulnerabilties.

Kali Linux – This is a pen-testers version of Linux that comes fully loaded with over a hundred testing applications.  Kali can be installed in any  old laptop you have laying around, installed as a virtual machine ...

Continue Reading →
0

Hacker Tools for Information Gathering

When starting an security assessment or penetration test with a new client, often the first step is information gathering or reconnaissance. Sure, you could just ask the client for the information you want, but where’s the fun in that?  Here is a list of tools to use to find information that they may not know is publicly available.

Google hacking or Google “dorks” – Johnny Long literally wrote the book about Google ...

Continue Reading →
0

What Are You Letting OUT of Your Network?

I had an interesting question from a client last month.  They were looking for guidance on “egress filtering.”  Egress filtering is the concept of tuning your perimeter defenses (firewalls, routers, IDS*, and UTM* devices) to review and restrict the flow of information that is leaving your network.

Historically, most perimeter defenses are are designed to keep bad ...

Continue Reading →
0

Report and Recover from Identity Theft with New FTC Service

Identity theft is a crime that can take years to recover from.  One of the early problems for an identity theft victim has been the requirement to file a police report.  Many police departments do not devote much effort to identity theft, so sometimes getting the police to actually create a report and provide you with a report number can difficult.  If the ...

Continue Reading →
0
Page 2 of 11 12345...»