Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Microsoft disrupts Fancy Bear election meddlers

In a new skirmish, Microsoft took control of six internet domains that were about to be used by the group to spoof US political organizations.


SamSam: The (almost) $6 million ransomware

New research reveals that SamSam ransomware has affected far more victims, and raised far more ransom, than previously thought.


Continue Reading →
0

Inside Iran’s Operation Cleaver

While the US Cyber Command has been focusing on the Chinese, North Koreans, and the Russians, and their respective intrusions into the networks of US companies, energy utilities, our military, and government agencies, Iran has been creating a world-class cyber-ops unit of their own.  Details about what is being called “Operation Cleaver” has been released by security company Cylance.

The Iranian ...

Continue Reading →
0

Safe and Legal Places to Exercise Your Pen-Testing Foo

In our last post we looked at a great way to set up a pen-testing lab.  Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites.  Several have been provided by OWASP, and there are other contributors out there with multiple sites.  Here are a bunch of good options.

Continue Reading →
0

Tools for Pentration Testing

I have been fortunate to have had time to pursue a couple of information technology certifications recently.  I have added CompTIA’s Network+ and CASP (Certified Advanced Security Professional), and I am working on the brand new CompTIA Pentest+.  The certification is so new there are no text books yet, and the exam was just released on July 31.  I have been taking the ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.


Malicious Cyber Activity Targeting ERP Applications

07/25/2018 07:55 AM EDT  Original release date: July 25, 2018

Digital Shadows ...

Continue Reading →
0

Replacing Passwords and Pins with Icons

We have discussed the sorry state of passwords in many recent articles.  There is an alternative to passwords and pins that may be coming to a smartphone near you.  It is called SemanticLock and it uses emoji-like icons to unlock your smartphone.

Most smartphones go unsecured mainly because most people find it difficult to enter a password using the on-screen keyboard.  4 to 6 digit numeric PINs are slightly ...

Continue Reading →
0

Two Easy Ways To Breach Company Networks

Bad news – your small business network is easy for an attacker to access, and for most of you there are two or more exploitable attacker vectors.  A recent report from Positive Technologies analyzed the results of 22 penetration tests on companies from finance, transportation, retail, and even information technology.  All of the companies were breached with little difficulty.  The two easiest methods of unauthorized network access were not terribly surprising:  Wi-Fi networks, and company employees.

Continue Reading →
0

Multi-Platform Malware

This comes under the heading of “it was inevitable.”  There is a new malware product that runs effectively on both Windows and Linux systems.  Since OSx looks a lot like Linux under the hood, can a Win/Lin/Mac triple-threat be far away?  Called “WellMess,” this malware takes advantage of the dual platform capabilities of Google’s Golang programming language to work.

WellMess malware operates on ...

Continue Reading →
0
Page 5 of 141 «...34567...»