DISC InfoSec blog

It’s tax season, and with it comes Tax Scams. Stay Cyber Aware and Cyber Safe.

“Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.

The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Recognize the telltale signs of a scam.” See also: How to know it’s really the IRS calling or knocking on your door

The World Wide Web turns 30 this year, and to celebrate three decades of utter chaos and brilliance, CERN developers and designers have created a version of the original WorldWideWeb browser that can run inside a modern browser. What, you wonder, is it like to surf the original web? Well, give it a try here. It’s kind of a pain!

Source: Travel Back to 1990 With the Original World Wide Web Browser

Microsoft announced on its support website that future Windows 7 and Windows Server 2008 updates will require SHA-2 code signing support to be installed starting with July 16, 2019.

Source: Windows 7 and Server 2008 Updates to Require SHA-2 Support Starting July

A researcher has discovered a serious vulnerability in Xiaomi electric scooters. Exploiting the flaw could allow remote attacks on it causing sudden breaks.

Source: Vulnerability In Xiaomi Electric Scooters Could Allow Remote Attacks

• IoT Security

↑ Grab this Headline Animator

Protecting your online privacy is important. There has been a lot of discussion in recent years about how to stay safe online, and an increasing number of people are turning to Virtual Private Netw…

Source: 3 data leaks that could be undermining your online privacy

DISC InfoSec 🔒 securing the business 🔒  Data Security

A new Emotet Trojan variant has been observed in the wild with the added ability to hide from anti-malware software by embedding malicious macros used to drop the main payload inside XML files disguised as Word documents.

Source: Emotet Uses Camouflaged Malicious Macros to Avoid Antivirus Detection

DDoS attacks may not be the quickest route to profitability for bad actors, but given the importance of this attack technique to nation-state cyberwar adversaries, we can expect continued innovation on the part of the hackers. Enterprises cannot afford to relax their efforts to combat such attacks.

Source: Are Hackers Winning The Denial Of Service Wars?

Dubsmash, Armor Games, 500px, Whitepages, ShareThis, and more said to be up for grabs for $$$s in BTC

Source: Blue Monday in infosec: 620 million accounts across 16 hacked websites now for sale on dark web, seller boasts

↑ Grab this Headline Animator

Combine with the ISO 9001:2015 QMS Documentation Toolkit and/or the ISO 14001:2015 EMS Documentation Toolkit to create an ISO 27001- compliant integrated management system (IMS).

↑ Grab this Headline Animator

SpeakUp backdoor trojan can run on six different Linux distributions, and even on macOS.

Source: Security researchers discover new Linux backdoor named SpeakUp | ZDNet

↑ Grab this Headline Animator

Metro Bank has become the first major bank to disclose SS7 attacks against its customers, but experts believe it isn’t an isolated case.

Source: Metro Bank is the first bank that disclosed SS7 attacks

↑ Grab this Headline Animator

Personal data is a precious commodity but sometimes we can share too much? Rob thinks we need to develop our human firewall in an age where some much of our lives is online. Rob May is chairman of IoD Surrey, an award-winning entrepreneur and Managing Director of ramsac limited.

Rob makes complex subjects straightforward by using real life examples, humor and pragmatism. He is passionate about his work, positive about life and committed to helping people understand and grow.

He lives with his wife and children in Horsell and is very much a part of the local community. This talk was given at a TEDx event using the TED conference format but independently organized by a local community.

Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged. Bolt crawls the target website

Source: Bolt : Cross-Site Request Forgery Scanner Tool 2019

↑ Grab this Headline Animator

If you are using a laptop, chances are you have a…

Source: Check now to see if your webcam is being hacked

↑ Grab this Headline Animator

Motherboard has identified a specific UK bank that has fallen victim to so-called SS7 attacks, and sources say the issue is wider than previously reported.

Source: Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts

• Mobile Phone Security

• DISC InfoSec Store

Thought Collection #1 was big? Collection #2-5 just dwarfed it

Source: The biggest ever data dump just hit a colossal 2.2 billion accounts

Remotely Spying via #FaceTime.

FaceTime any iOS 12.1 or later and you can remotely spy on them (audio and video) before they accept incoming call.

3D Electric powerlines over sunrise

• Hacking the Grid

Countries could launch damaging attacks against gas pipelines and electricity grid, says assessment.

Source: Cyber attacks: China and Russia can disrupt US power networks warns intelligence report | ZDNet

The Hawkeye Scanner CLI is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks

Source: Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool

A Chilean Senator has taken to Twitter with alarming news – the company running the country’s ATM network suffered a serious cyberattack.

Source: Attackers used a LinkedIn job ad and Skype call to breach bank’s defences