Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Today is Veterans Day – Thanks for Your Service

Veteran’s day is a remembrance of all U.S. military veterans – past and present. It is celebrated every November 11th, and has been a federal holiday since 1926.


Protecting Critical Infrastructure from Cyber Threats

10/31/2017 08:14 AM EDT  Original release date: October 31, 2017

Building resilience in critical infrastructure ...

Continue Reading →
0

Scary Kaspersky Stories – Ghost in the Machine

Happy Halloween!  Nothing like a scary story to end the holiday.  The scary story in cybersecurity is that Kaspersky anti-malware and security products are in league with the Putin government and the FSB in Russia.  The FBI is advising government agencies to drop Kaspersky and find a new endpoint security solution.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated through a holding company in the United Kingdom. Kaspersky was founded by Eugene ...

Continue Reading →
0

Email Account Hijacking – Part 3 Extending the Exploit

On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker.  Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.

They have already proven that you are susceptible to phishing and other social engineering exploits.  So sending the victim other phishing emails that allow more access ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 2

On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password.  Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.

I consider email account compromise to be one of the most personally harmful cyber-exploits.  When another person has access to your email ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 1

Let’s say I just hijacked your email account.  What can I do with it?

First thing, a hijacker would not announce his or her presence in your account.  Staying undetected is important so you do not change your password.  Depending on what the attacker is doing with your email account, there is a significant probability that you would not know your account was compromised for several days, weeks, or even years!

In order ...

Continue Reading →
0

Hacker Tools for Information Gathering

When starting an security assessment or penetration test with a new client, often the first step is information gathering or reconnaissance. Sure, you could just ask the client for the information you want, but where’s the fun in that?  Here is a list of tools to use to find information that they may not know is publicly available.

Google hacking or Google “dorks” – Johnny Long literally wrote the book about Google ...

Continue Reading →
0

Anti-Drone Tactics

Drones have become the must-have item for many people this year.  Some of them are your neighbors, and they may be annoying you or intruding on your privacy.  On the other hand, it may be a member of our military hunting a terrorist.  Or, increasingly, it may be a terrorist using a drone to provide surveillance, or worse yet, deliver something deadly like a ...

Continue Reading →
0

US-CERT Warns About Airline Phishing Scams

What if there was a new phishing scam that had an open rate of 90%.  That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.

These attacks begin with the scammer researching the target victim.  These targets usually work at companies where there is a lot of air travel. ...

Continue Reading →
0
Page 1 of 4 1234