Botnet Targets Banks With Phishing Emails

Cyber-criminals are using a botnet to send phishing emails with the apparent purpose to test a new email attachment type.  Over the course of three weeks starting August 10th, this cyber-gang released seven different types of phishing emails to over 3,000 banks around the world.  They appear to be testing which of these several approaches is most successful at tricking recipients into opening the email attachment.

The attachment itself is also something different – Microsoft Excel Web Query files that use ...

Continue Reading →
29
AUG
0

botnet, cybersecurity, Phishing

Malware Remediation Comparison – Malwarebytes vs. Hitman Pro

Often, when I am dealing with a malware-infected computer, I find that the malware has compromised the currently installed anti-malware product, and simply scanning the computer with the installed software does not work.  When that happens, my go-to choice for malware remediation has been to download and install a copy of Malwarebytes, and run scans until the Malwarebytes reports the system is clean.

In the course of research for another article, ...

Continue Reading →
27
AUG
0

cybersecurity, malware

,

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Microsoft disrupts Fancy Bear election meddlers

In a new skirmish, Microsoft took control of six internet domains that were about to be used by the group to spoof US political organizations.

SamSam: The (almost) $6 million ransomware

New research reveals that SamSam ransomware has affected far more victims, and raised far more ransom, than previously ...

Continue Reading →
25
AUG
0

crypto-currency, law and policy, ransomware, Software vulnerability, Weekend Update, Windows 10

, ,

Inside Iran’s Operation Cleaver

While the US Cyber Command has been focusing on the Chinese, North Koreans, and the Russians, and their respective intrusions into the networks of US companies, energy utilities, our military, and government agencies, Iran has been creating a world-class cyber-ops unit of their own.  Details about what is being called “Operation Cleaver” has been released by security company Cylance.

The ...

Continue Reading →
24
AUG
1

Computers and Internet, cybersecurity, News and politics, Software vulnerability

, , ,

Safe and Legal Places to Exercise Your Pen-Testing Foo

In our last post we looked at a great way to set up a pen-testing lab.  Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites.  Several have been provided by OWASP, and there are other contributors out there with multiple sites.  Here are a bunch of good ...

Continue Reading →
22
AUG
0

certification, cybersecurity, education, Software vulnerability, training

Tools for Pentration Testing

I have been fortunate to have had time to pursue a couple of information technology certifications recently.  I have added CompTIA’s Network+ and CASP (Certified Advanced Security Professional), and I am working on the brand new CompTIA Pentest+.  The certification is so new there are no text books yet, and the exam was just released on July 31.  I have been taking ...

Continue Reading →
20
AUG
1

certification, cybersecurity, education, training

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.

Malicious Cyber Activity Targeting ERP Applications

07/25/2018 07:55 AM EDT  Original release date: July 25, 2018

Digital ...

Continue Reading →
18
AUG
0

Computers and Internet, cybersecurity, Software vulnerability, Weekend Update

, , , , ,

Replacing Passwords and Pins with Icons

We have discussed the sorry state of passwords in many recent articles.  There is an alternative to passwords and pins that may be coming to a smartphone near you.  It is called SemanticLock and it uses emoji-like icons to unlock your smartphone.

Most smartphones go unsecured mainly because most people find it difficult to enter a password using the on-screen keyboard.  4 to 6 digit numeric PINs are ...

Continue Reading →
17
AUG
0

Android, Apple, authentication, cybersecurity, passwords, smartphones

Page 137 of 273 «...110120130135136137138139...»