Scary Kaspersky Stories – Ghost in the Machine

Happy Halloween!  Nothing like a scary story to end the holiday.  The scary story in cybersecurity is that Kaspersky anti-malware and security products are in league with the Putin government and the FSB in Russia.  The FBI is advising government agencies to drop Kaspersky and find a new endpoint security solution.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated through a holding company in the United Kingdom. Kaspersky was founded by Eugene ...

Continue Reading →
0

Security Issue With CCleaner

Piriform’s CCleaner is a popular computer cleaning and optimizing product that many people use.  I have my doubts about the real effectiveness of these utilities, but many of my clients swear by it.  I have used CCleaner myself several times as one of the tools I used to clean up a malware infection.

Recently, the CCleaner software code was modified  to include a malicious backdoor.  This warning was published earlier in one ...

Continue Reading →
0

BlueBorne Bluetooth Hijacker – What Do We Know?

Cybersecurity researchers at Armis Labs have released information about a new attack vector called BlueBorne.  This exploit has the potential to put millions of devices running Windows, Linux, Android or iOS operating systems at risk.

This exploit allows attackers to connect over the Bluetooth radio system with having to first pair the two Bluetooth enabled devices.  Once installed, the attacker has full control of ...

Continue Reading →
0

An Interesting New Twist on WordPress Site Hijacking

This story reads like fiction.  OK, not great fiction, but this story illustrates another way that WordPress websites can be hijacked and used to promote a cyber scam.

WordPress websites are often hijacked so a phisher can host their landing page on a site that does not lead back to them.  And WordPress sites can be interesting targets for other cyber-criminals who export the ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Talk Like A Pirate Day Coming on September 19

We will start with the good stuff for a change.  Talk Like A Pirate Day is my second favorite unofficial Holiday.  Check out the official website.  Check out the cool pirate swag and order yourself a pirate hoodie or tee shirt.

Arrrgh!


BlueBorne Bluetooth ...

Continue Reading →
0

Will Artificial Intelligence Beat Real Intelligence?

One of the persistent memes that interest me is the impending event sometimes known as “the singularity.”  This is a probable future where our electronic devices become self-aware and fully autonomous.  We see the beginnings of this happening all around us in devices like Amazon’s Alexa and Echo, The Nest and Google communities of smart devices, self-driving vehicles, and all the Internet of Things (IoT) devices that listen to ...

Continue Reading →
0

Malicious Android Apps Steal Text Messages

Sophos Naked Security alerted us to two Android apps that are included in the Google Play Store as legitimate apps.  This makes these apps particularly dangerous, if you are following our advice to only install apps from legitimate sources.  Once installed, they download a plug-in that harvests your text messages and sends them to a web server.  Since the plug-in is downloaded after ...

Continue Reading →
0

Is Phone Phreaking Still A Thing? Recent FBI Arrest Says Yes

Phone phreaking refers to the exploration of phone systems and networks to discover how they work.  It also refers to the exploitation of telephone lines and systems in order to make free long distance calls.   Like the term “hacking,” it can refer to both the curious and the criminal.

Time to climb into Mr Peabody’s WABAC Machine for our history lesson.  Phone phreaking got its start in the ...

Continue Reading →
0

The Google Docs Hoax: What Have We Learned?

It has been a couple of weeks since the Google Docs hoax spread across the Internet like wildfire.  What have we learned about this exploit?

Originally this appeared to be a phishing campaign, but phishing emails are spoofed clever replicas.  These emails were the genuine article, and were sent from Google mail servers, from the hijacked Google accounts of people you were likely to know.  This made the exploit difficult to detect, ...

Continue Reading →
0

This Will Make You Wanna Cry

A post about an alert I received first from AlienVault, and then from everybody.  There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14.  If your computers have not been updated with MS17-010, then those computers are vulnerable.  Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over two ...

Continue Reading →
0
Page 4 of 7 «...23456...»