Archive for the ‘Information Security’ Category

WFH is here to stay: Five tactics to improve security for remote teams

Working from home comes with a slew of security concerns. Businesses planning to look at remote work as a long-term strategy should take the time to reassess any “band-aid” security solutions that may have been applied at the beginning of the pandemic and look at ways that security can be prioritized permanently. Here are the […]

Leave a Comment

U.S. Treasury Offers Crypto Guidance Amid Ransomware Surge

US Treasury says there was $590M in suspicious ransomware activity in H1 2021, exceeding the entire amount in 2020, when $416M was reported  —  Suspicious activity reports related to ransomware jumped significantly in 2021, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network. There was $590 million in suspicious activity related to ransomware in […]

Leave a Comment

How Coinbase Phishers Steal One-Time Passwords

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Coinbase […]

Leave a Comment

Cybersecurity awareness month: Fight the phish!

It’s the second week of Cybersecurity Awareness Month 2021, and this week’s theme is an alliterative reminder: Fight the Phish! Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it’s what computer scientists or mathematical analysts call a solved game. Tic-tac-toe (noughts and […]

Leave a Comment

PoC exploit for 2 flaws in Dahua cameras leaked online

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045.  A remote attacker can exploit both vulnerabilities by sending specially […]

Leave a Comment

Cybersecurity Awareness Month: #BeCyberSmart

As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means it’s a great opportunity to do three things: Stop. Think. Connect. Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness. Cybersecurity Awareness Month 2021 Toolkit: Key […]

Leave a Comment

New APT ChamelGang Targets Russian Energy, Aviation Orgs

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both […]

Leave a Comment

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed. An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The […]

Leave a Comment

Proper password security falling short despite increase in online presence

While 92 percent of people know that using the same password or a variation is a risk, 65 percent still re-use passwords across accounts, drastically increasing the risks to their sensitive information, a LastPass report revealed. While consumers have a solid understanding of proper password security and the actions necessary to minimize risk, they still pick and […]

Leave a Comment

“Back to basics” as courier scammers skip fake fees and missed deliveries

These scams can take many different forms, including: A fake gift sent by an online “friend” is delayed by customs charges. This is a common ruse used by romance scammers, who sucker you into an online friendship, for example by stealing other people’s profile data from online data sites, courting you online, and then “sending” you a […]

Leave a Comment

PenTest as a Service

Download Modern Pentesting for security and development team Find out how Cobalt service protect your Apps: Cobalt’s Pentest as a Service (PtaaS) platform coupled with an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely. Please email with the subject “Beginner’s Guide to Compliance-Driven Pentesting” if interested […]

Leave a Comment

The Pegasus project: key takeaways for the corporate world

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak.  The NSO Group has always maintained that the purpose of the Pegasus Project […]

Leave a Comment

Designing Contact-Tracing Apps

Also see her excellent book on the topic.

Leave a Comment

Digital Driver’s Licenses: Unintended Consequences

Maryland recently joined seven other U.S. states to permit users to carry “digital driver’s licenses.” Under the program—which initially will work with Apple devices like iPhones—users can download a digital credential—a digital driver’s license—to their phones. The digital ID would be carried in the Apple digital wallet in much the same way as a regular ID is carried in […]

Leave a Comment

Securing your WordPress website against ransomware attacks

There are analysts around the globe who are continually being jolted awake in the middle of the night to respond to ransomware attacks. Because WordPress is the market share leader (39.5% of all websites are powered by WordPress; that number jumps to 64.1% for content management systems), my team of SOC analysts aren’t strangers to responding […]

Leave a Comment

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. The issues […]

Leave a Comment

Feds Warn of Ransomware Attacks Ahead of Labor Day

Feds Warn of Ransomware Attacks Ahead of Labor Day Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA put out […]

Leave a Comment

Windows 11 Security Scare—MS Nixes Fixes on Older PCs

Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates—although Microsoft PR is doing its usual trick of ghosting reporters who ask. This sounds like a terrible idea: A fleet of unpatched Windows 11 PCs connected to the internet? That’s a recipe for disaster. Stand by for Redmond to walk this one back in an embarrassing climbdown. In […]

Leave a Comment

What is ISMS

Implementing an ISMS There are numerous ways of approaching the implementation of an ISMS.  The most common method to follow is a ‘Plan Do Check Act’ process. ISO 27001 is the international security standard that details the requirements of an ISMS. ISO 27001, along with the best-practice guidelines contained in ISO 27002, serve as two excellent guides […]

Leave a Comment

T-Mobile Hacker Who Stole Data on 50 Million Customers

Their Security Is Awful’ A 21-year-old American said he used an unprotected router to access millions of customer records in the mobile carrier’s latest breach The hacker who is taking responsibility for breaking into T-Mobile US Inc.’s TMUS -1.63% systems said the wireless company’s lax security eased his path into a cache of records with personal details on more than 50 […]

Leave a Comment