Is Phone Phreaking Still A Thing? Recent FBI Arrest Says Yes

Phone phreaking refers to the exploration of phone systems and networks to discover how they work.  It also refers to the exploitation of telephone lines and systems in order to make free long distance calls.   Like the term “hacking,” it can refer to both the curious and the criminal.

Time to climb into Mr Peabody’s WABAC Machine for our history lesson.  Phone phreaking got its start in the ...

Continue Reading →
0

The Google Docs Hoax: What Have We Learned?

It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire.  What have we learned about this exploit?

Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas.  These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know.  This made the exploit difficult to detect, ...

Continue Reading →
0

This Will Make You Wanna Cry

A post about an alert I received first from AlienVault, and then from everybody.  There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14.  If your computers have not been updated with MS17-010, then those computers are vulnerable.  Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over two ...

Continue Reading →
0

Linksys Wireless Routers Have Security Vulnerabilities

Research firm IOActive recently released a an article that revealed some serious security deficiencies on popular Linksys Smart Wi-Fi products.  They have notified Linksys, and Linksys is working on the firmware upgrades that will be necessary to fix these issue, and they have issued a security advisory.

Among the vulnerabilities discovered:

  • Unauthenticated attacker can create a denial-of-service ...
Continue Reading →
0

New Exploit Uses Office Documents

A new exploit is using Microsoft Office documents to deliver malware.  This is different from the reanimated macro exploits.  If this exploit, the target will receive an Office document, such as a Word file, as an email attachment.  Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server.  This is executed as an .hta file, disguised as an RTF file.  The result is the attacker ...

Continue Reading →
0

Security Standards for the Internet of (Insecure) Things?

Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT).  Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point.  If only the people who are designing these devices, ...

Continue Reading →
0

The Top Cybersecurity Strategies That Prevent Targeted Attacks

According to the Department of Homeland Security (DHS), there are seven strategies that will prevent 85% of targeted attacks.  To this list I have added a few of my favorites.

  • Password Manager Programs – If you are truly going to have dozens or hundreds of unique and long passwords, you will need the help of a password manager program to keep them all straight, and enter ...
Continue Reading →
0

Netgear Routers Will Need Firmware Update.

If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection.  This is a security bug that could allow a remote attacker to access your router.  This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.

Vulnerabilities such as this one ...

Continue Reading →
1

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

Zero Days – Documentary About Cyber War

zero-daysWe have written about Stuxnet a couple of times.  (Here and here)  My fascination with this incredible piece of malware writing is that it represents the first documented case of cyber war between nation-states.  As we now know, Iran, specifically the nuclear facility at Natanz, was attacked by the United States, and our ally Israel.  I recently watched a documentary ...

Continue Reading →
0
Page 2 of 5 12345