While the US Cyber Command has been focusing on the Chinese, North Koreans, and the Russians, and their respective intrusions into the networks of US companies, energy utilities, our military, and government agencies, Iran has been creating a world-class cyber-ops unit of their own. Details about what is being called “Operation Cleaver” has been released by security company Cylance.
The Iranian ...
Continue Reading →
In our last post we looked at a great way to set up a pen-testing lab. Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites. Several have been provided by OWASP, and there are other contributors out there with multiple sites. Here are a bunch of good ...
I have been fortunate to have had time to pursue a couple of information technology certifications recently. I have added CompTIA’s Network+ and CASP (Certified Advanced Security Professional), and I am working on the brand new CompTIA Pentest+. The certification is so new there are no text books yet, and the exam was just released on July 31. I have been taking ...
A quick Saturday digest of cybersecurity news articles from other sources.
Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.
07/25/2018 07:55 AM EDT Original release date: July 25, 2018
Digital ...
Continue Reading →
We have discussed the sorry state of passwords in many recent articles. There is an alternative to passwords and pins that may be coming to a smartphone near you. It is called SemanticLock and it uses emoji-like icons to unlock your smartphone.
Most smartphones go unsecured mainly because most people find it difficult to enter a password using the on-screen keyboard. 4 to 6 digit numeric PINs are ...
Continue Reading →Bad news – your small business network is easy for an attacker to access, and for most of you there are two or more exploitable attacker vectors. A recent report from Positive Technologies analyzed the results of 22 penetration tests on companies from finance, transportation, retail, and even information technology. All of the companies were breached with little difficulty. The two easiest methods of unauthorized network access were not terribly surprising: Wi-Fi networks, and company employees.
This comes under the heading of “it was inevitable.” There is a new malware product that runs effectively on both Windows and Linux systems. Since OSx looks a lot like Linux under the hood, can a Win/Lin/Mac triple-threat be far away? Called “WellMess,” this malware takes advantage of the dual platform capabilities of Google’s Golang programming language to work.
WellMess malware ...
