A Timeline of Russian Cyber-Exploits

We have been investigating Russian cyber-attacks this week.  Today we publish a timeline of Russian cyber-activities.  In the interest of space, I am publishing just the timeline with little descriptive content.  I have included a download link to a PDF and spreadsheet of the timeline with more detail, and links to sources.

Notice how these cyber attacks started out in 2004 as small, unsophisticated ...

Continue Reading →
1

Are The Russians Really Attacking Us?

It seems that hardly a week goes by without some new cyber-attack being attributed to Fancy Bear, Cozy Bear, Grizzly Steppe, or some other cute-sounding Russian hacker collective.  One the one hand, we have the DHS, FBI, and US-CERT attributing these attacks to the Russians.  There are others, including those working in the cybersecurity profession, that are suggesting that the attackers are not agents of the Russian government, but merely opportunistic ...

Continue Reading →
1

What the Heck is Zero-Trust Security?

Have you ever wondered why the state of cybersecurity is so screwed up?  Why is it so easy for bad actors and cyber-criminals to hijack systems and steal information?  Would you be surprised to learn the answer is because we designed it that way?  Computers, networks, operating systems and software were designed to work together as easily as possible, and were inherently  “trusted” by each other.  In the beginning, most systems ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Botnet of Infected WordPress Sites Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on December 5, 2018

The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which ...

Continue Reading →
0

Failures in Encryption – IronPhone

Netherlands security company Black Box Security was raided by the Dutch Police and shuttered on suspicion of money laundering and operating a criminal enterprise.  Black Box was the inventor of the Iron Phone and the Iron Chat app.  Together, they were supposed to provide an unbreakable encrypted chat service.  This service became a popular favorite among cyber and other criminals.

According to ...

Continue Reading →
0

Another Problem with MFA – Slow Adoption

Do the web sites your frequently visit offer two-factor authentication?  Have you enabled 2FA where it is available to you?  Is the particular implementation of 2FA or MFA security really adding any extra protection for you?   Not sure?  Please read on.

Password management company Dashlane recently ranked 34 of the top websites for their implementation of two-factor or multi-factor authentication options for their ...

Continue Reading →
0

Google Blazes New Trails in Authentication

Two-factor and multi-factor authentication historically have been based on using two or more of three criteria:  something you know (passwords), something you have (security token) or something you are (biometrics such as fingerprints).  There have been two new additions to MFA criteria: something you do (keyboard cadence or mouse movement), and somewhere you are (geo-location through GPS or public IP address).

Google has been busy heightening the security for it’s account holders ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Passcodes are protected by Fifth Amendment, says court

You do not have to give your passcode to the police.  The courts say it amounts to self-incrimination.  The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.


ST15-003: Before You Connect a New Computer to the Internet

12/15/2015 ...

Continue Reading →
0

Better Two-Factor Security from Google Titan

This article is an amusing collision between our last two topics – the problems with two-factor and multi-factor authentication and our four-part story on Google’s data mining habits.  Google has developed and released their Titan MFA security key as a more secure way to implement multi-factor authentication that can’t be attacked through phishing and man-in-the-middle exploits.  So if you can stand ...

Continue Reading →
0
Page 5 of 66 «...34567...»