Enticing Clicks With Spam
Among the key findings from the upcoming IBM X-Force Threat Intelligence Index for 2017, available March 29, is the ongoing use of spam as an entry vector for attackers. While targeted attacks make headlines, the prevalence of spam traffic means that a variety of attackers are still finding success in this scattershot method to gain…
FBI Chief Calls for United Fight Against Cybercrime
Describing cyber threats as “too fast, too big and too widespread for any of us to address them alone,” FBI director James Comey has called on a united fight against them urging for strong private and public sector partnerships. He was speaking at the inaugural Boston Conference on Cyber Security hosted by the FBI and…
185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The flaw that allows this to happen is found in a custom version of GoAhead, a lightweight embedded web server that has been fitted into the devices.
What’s the security posture of the Fortune 1000?
BitSight analyzed the security posture of some of the world’s largest organizations, and identified the most common system compromises. For comparison, Fortune 1000 companies were studied alongside a random sample of 2,500 companies with a similar industry breakdown and with at least 2,500 employees.
Connected home solutions adoption remains limited
Adoption of newer connected home solutions is still at the early adopter phase, according to Gartner. The survey, of nearly 10,000 online respondents in the U.S., the U.K. and Australia during the second half of 2016, found that only about 10 percent of households currently have connected home solutions. Connected home solutions consist of a…
Fighting attackers in the era of data jacking
What we saw in the last few months is a rise in reports on database systems, new database technologies that are essentially being compromised; and where attackers will hack into a database, encrypt the data or sometimes delete or do something to the data, and essentially leave a message where they ask you for not…
Wikileaks, CIA documents and some sober thoughts
So, my less than favorite topic found itself at the top of my reading list today. Wikileaks released a treasure trove of documents today that purport to outline all manner of CIA related operations. After I got passed the “what the actual…” moment, I had to pause. On social media and various news outlets there…
The Role of the Security Intelligence Analyst and the Three Main Elements of Cybersecurity
In the modern security operations center (SOC) model, the security intelligence analyst (SIA) represents a core role. In my opinion, it is one of the most important roles in the field of the cybersecurity. Customers often ask me what the role of the SIA actually is. The SIA is responsible for protecting the organization against…
Fileless Powershell malware uses DNS as covert communication channel
Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored. The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through…
Rockstar Games Launches Public Bug Bounty Program
Rockstar Games this week launched a public bug bounty program through HackerOne, after running it in private mode for more than nine months. On the program’s page, the company reveals that the minimum bounty for successful vulnerability submissions is $150, but that researchers can get higher rewards, depending on the severity and complexity of the…