Collaborate Disseminate
Chances are that you’ve never heard of Washington-based data firm LocalBlox. But that doesn’t mean that they haven’t heard of you. And it doesn’t mean that your personal information hasn’t been recklessly exposed through t… Continue reading 48 million people put at risk after firm that scraped info from social networks left it exposed for anyone to download
A former employee of Alaskan regional airline PenAir has pleaded guilty to felony fraud associated with hacking attacks against the company’s ticketing and reservation system in the spring of 2017, announced the US Department of Justice. Suzette … Continue reading Alaskan airline hacker sentenced to 5 years’ probation
A while ago, I had the crazy idea that I needed to read more technical books, so I purchased a pair of books that appealed to me: Attacking Network Protocols and Serious Cryptography, both published by No Starch Press. I was interested in reading along… Continue reading #TripwireBookClub – Attacking Network Protocols
IT organizations that have been using Apple® macOS® Server are wondering what’s in store for them in the future. Apple has been quietly shifting away from macOS Server and deprecating various components on a regular basis. For those IT … Continue reading Replace macOS® Open Directory
Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages.
It didn’t last long. Soon after the publication of that article, the bad actors changed the li… Continue reading From Baidu to Google’s Open Redirects
Recently, during a client engagement, Gotham Digital Science found a couple of zero-day vulnerabilities in the Jolokia service. Jolokia is an open source product that provides an HTTP API interface for JMX (Java Management Extensions) technology. It co… Continue reading Jolokia Vulnerabilities – RCE & XSS
This week’s edition of Data is Plural had two really fun data sets. One is serious fun (the first comprehensive data set on U.S. evictions, and the other I knew about but had forgotten: The Federal Register Executive Order (EO) data set(s). The E… Continue reading Examining POTUS Executive Orders
RSAC 2018 Wednesday Recap & Thursday Preview: Session Highlights, College Day, and the 2018 Bash Are you worn out yet or do you still have an appetite for inspiring, informative, relevant and timely information security content? Well, you’ve … Continue reading Day 3 Recap: Keynote Highlights, Giving it the “Old College Try”…Don’t Forget The 2018 Bash
Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot: a Python-based adware.
Categories:
Malware
Th… Continue reading PBot: a Python-based adware
On April 12, 2018, Radware’s threat research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails … Continue reading Stresspaint Malware Campaign Targeting Facebook Credentials