Author Archives: Chris Brook

Keys for Dharma Ransomware Released

Posted on March 2, 2017 by Chris Brook

Decryption keys for the Dharma strain of ransomware have been released. Continue reading Keys for Dharma Ransomware Released→

Slack Fixes Cross-Origin Token Theft Bug

Posted on March 1, 2017 by Chris Brook

The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token. Continue reading Slack Fixes Cross-Origin Token Theft Bug→

Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS

Posted on February 28, 2017 by Chris Brook

Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions. Continue reading Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS→

Unpatched SMB Zero Day Easily Exploitable

Posted on February 28, 2017 by Chris Brook

Researchers claim the unpatched SMB zero day that affects Windows can be exploited a number of ways. Continue reading Unpatched SMB Zero Day Easily Exploitable→

Boeing Notifies 36,000 Employees Following Breach

Posted on February 27, 2017 by Chris Brook

A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. Continue reading Boeing Notifies 36,000 Employees Following Breach→

Katie Moussouris on Bug Bounty Programs, Hack the Army, and Wassenaar

Posted on February 27, 2017 by Chris Brook

Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement. Continue reading Katie Moussouris on Bug Bounty Programs, Hack the Army, and Wassenaar→

Threatpost News Wrap, February 24, 2017

Posted on February 24, 2017 by Chris Brook

Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare’s “Cloudbleed” bug, Google breaking SHA-1, and more. Continue reading Threatpost News Wrap, February 24, 2017→

First Practical SHA-1 Collision Attack Arrives

Posted on February 23, 2017 by Chris Brook

Researchers unveiled the first-ever practical collision attack the cryptographic hash function SHA-1.

Continue reading First Practical SHA-1 Collision Attack Arrives→

Intermediate CA Caching Could Be Used to Fingerprint Firefox Users

Posted on February 22, 2017 by Chris Brook

The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns. Continue reading Intermediate CA Caching Could Be Used to Fingerprint Firefox Users→

Data Stealing Malware TeamSpy Resurfaces in Spam Campaign

Posted on February 21, 2017 by Chris Brook

After a nearly four-year respite, the data-stealing TeamSpy malware has resurfaced in a spam campaign.
Continue reading Data Stealing Malware TeamSpy Resurfaces in Spam Campaign→