New Exploit Uses Office Documents

A new exploit is using Microsoft Office documents to deliver malware.  This is different from the reanimated macro exploits.  If this exploit, the target will receive an Office document, such as a Word file, as an email attachment.  Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server.  This is executed as an .hta file, disguised as an RTF file.  The result is the attacker ...

Continue Reading →
0

Security Standards for the Internet of (Insecure) Things?

Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT).  Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point.  If only the people who are designing these devices, ...

Continue Reading →
0

The Top Cybersecurity Strategies That Prevent Targeted Attacks

According to the Department of Homeland Security (DHS), there are seven strategies that will prevent 85% of targeted attacks.  To this list I have added a few of my favorites.

  • Password Manager Programs – If you are truly going to have dozens or hundreds of unique and long passwords, you will need the help of a password manager program to keep them all straight, and enter ...
Continue Reading →
0

Netgear Routers Will Need Firmware Update.

If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection.  This is a security bug that could allow a remote attacker to access your router.  This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.

Vulnerabilities such as this one ...

Continue Reading →
1

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

Zero Days – Documentary About Cyber War

zero-daysWe have written about Stuxnet a couple of times.  (Here and here)  My fascination with this incredible piece of malware writing is that it represents the first documented case of cyber war between nation-states.  As we now know, Iran, specifically the nuclear facility at Natanz, was attacked by the United States, and our ally Israel.  I recently watched a documentary ...

Continue Reading →
0

HTTPoxy Poses New Threats For Web Site Owners

A recent article in Naked Security caught my eye the other day about a new web site vulnerability called HTTPoxy.  This stands for HTTP requests and poisoned proxy settings.  Most web site use a technology called Common Gateway Interface (CGI) to run applications such as site search, collect information submitted on web forms, display comments, run a forum, or to display database queries such as pricing in a usable form on a web page.

HTTPoxy Continue Reading →

0

Your Smartphone and Tablet Need Security Too

phone-thiefMobile smart devices have all the capabilities of a laptop or computer.  What this means from a cybersecurity perspective is that they are every bit as vulnerable as a laptop or desktop computer.  The fact that they are small makes them easy for a thief to slip in a pocket or backpack and carry away, along with your personal information, contacts, pictures, geo-location history, and a raft of critical and revealing information.

In ...

Continue Reading →
0

Does Windows 10 Violate HIPAA, GLBA, and SOX?

Win10-securityMicrosoft has made Windows 10 one of the most highly personalized and cloud integrated operating systems ever, and this may introduce new security risks into using your computer.  They do this by keeping track of what you do, where you go an the Internet, and what you are typing.  This is how features such as Cortana get to know your preferences, and begin to make suggestions.  Microsoft says this information is scrubbed ...

Continue Reading →
0

Does Your Computer Have A Malware Infection?

malwareToday we are going to look at the symptoms that your computer may be displaying that are indications of a malware infection.

Visual Symptoms

These are signs that you will see on your computer display, and are the most obvious symptoms.

  • Ransomware  – The last stage of a ransomware or cryptoware infection is the prominent display of instructions on how to pay the attackers to get your decryption key
  • Fake Security Pop-Up – I haven’t ...
Continue Reading →
0
Page 1 of 3 123