Collaborate Disseminate
Like thousands or even millions of other British Gas users, I received my usual monthly email asking me to submit my meter reading . Nothing unusual in that, until I followed the link ( as usual ) and got an invalid certificate warning. I do this every month and have … Continue reading → Continue reading British Gas invalid certificate warnings.
We have recently been seeing a newer method of infecting you by embedding macro enabled word docs into pdf files. To all intents and purposes these PDF files look quite innocent and will normally be an almost blank page with 1 line of text These recent posts illustrate the attack … Continue reading → Continue reading Embedded documents in PDF files that can easily infect you
The internet is buzzing with yet another 0 day exploit for Microsoft Word. Yes this one is serious and can infect you with no action on your part., if you open one of these malicious Word Documents. But lets just step back, take a deep breath and in the immortal words … Continue reading → Continue reading new Microsoft word 0 day exploit.
Following on from THIS post earlier today which has created some discussion on Twitter amongst various InfoSec professionals, I want to expand slightly. Whether this is actually an APT ( Advanced Persistent Threat) or not is open to discussion. I … Continue reading →
Continue reading Is it an APT or just another everyday malware attack
Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle’s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices. Visa also published a list of Internet addresses that may have been involved in the Oracle breach and are thought to be closely tied to an Eastern European organized cybercrime gang. Continue reading Visa Alert and Update on the Oracle Breach
A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping.
Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine hijacks the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos. Continue reading Road Warriors: Beware of ‘Video Jacking’
The U.S. Social Security Administration announced Friday that it will now require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves. Continue reading Social Security Administration Now Requires Two-Factor Authentication
There is a lot of chat and buzz on Twitter, Facebook, private forums and mailing lists amongst security researchers and Anti-malware companies this last week. It has been extremely quiet, malware wise, with a vastly reduced, in fact almost non … Continue reading →
How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000. Continue reading Got $90,000? A Windows 0-Day Could Be Yours
Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet’s largest collections of compromised credentials. Continue reading How the Pwnedlist Got Pwned