Obscuring malicious Facebook links using the Open Graph Protocol
Most users click on links popping up in their Facebook News Feed without thinking twice about it, but it’s good to keep in mind that they can lead to malicious sites. Here’s an example of one flagged by the SANS ISC (Internet Storm Center):
Black Hat 2017: Insightful, but too much hype
Like many others in the cybersecurity community, I attended Black Hat in Las Vegas last week. Here are a few of my thoughts on the show: 1. This was the 20th edition of Black Hat, and it was absolutely packed. I’ve heard that attendance was up from last year, and I know that 2016 attendance…
It’s time for security leaders to challenge dogma
What are the key elements of a good security program? Why did you answer that way? Seems a lot of security is ‘handed-down’ knowledge. We pride data and evidence-driven decisions while suggesting security is too hard to measure and pin down. Curious, no?
The 5 biggest ransomware attacks of the last 5 years
While the last few years have seen a remarkable uptick in this particularly nasty genre of attack software, ransomware isn’t new. Malware that holds data for ransom has been around for years. In 1991, a biologist spread PC Cyborg, the first ever ransomware, by sending floppy disks via surface mail to other AIDS researchers, for…
Five new threats to your mobile device security
A decade ago, mobile malware was considered a new and unlikely threat. Many mobile device users even considered themselves immune from such threats. Fast forward to 2017, and more than 1.5 million new incidents of mobile malware have been detected by McAfee Labs in the first quarter of the year alone – for a total…
Def Con hackers showed how easily voting machines can be hacked
At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.” And they did. Most of the voting machines…
Apple Removes Some VPN Services From Chinese App Store
Apple has removed software allowing internet users to skirt China’s “Great Firewall” from its app store in the country, the company confirmed Sunday, sparking criticism that it was bowing to Beijing’s tightening web censorship. Chinese internet users have for years sought to get around heavy internet restrictions, including blocks on Facebook and Twitter, by using…
Researchers Demo Physical Attack via Car Wash Hack
LAS VEGAS – BLACK HAT USA – Researchers have created proof-of-concept (PoC) exploits to demonstrate how hackers can cause physical damage to vehicles and injure their occupants by remotely hijacking a connected car wash. The attack was detailed in a presentation at the Black Hat security conference this week by WhiteScope founder Billy Rios, a…
WikiLeaks Details Mac OS X Hacking Tools Used by CIA
The latest round of documents published by WikiLeaks as part of a leak dubbed by the organization “Vault 7” describes several tools allegedly used by the U.S. Central Intelligence Agency (CIA) to target Mac OS X and other POSIX systems. The tools, said to be part of a CIA project named “Imperial,” are called Achilles,…
Phishers’ techniques and behaviours, and what to do if you’ve been phished
Once a user has been phished, how long does it takes for the phishers to misuse the stolen credentials? To discover the answer to that question and many others, Imperva researchers went undercover by creating 90 personal online accounts, including email and file sharing accounts with Google and Dropbox. Once the so-called honey pot accounts…