Category Archives: week in review

Here’s an overview of some of last week’s most interesting news and articles: Stealthy in-browser cryptomining continues even after you close window Hackers are testing new ways for keeping browsers open and mining even if the users leave t… Continue reading Week in review: DevOps security, macOS root password bug, and the evil of vanity metrics→

Here’s an overview of some of last week’s most interesting news and articles: Chris Eng: An infosec journey from offense to defense “Come to my lab, I promise you’ll learn something cool,” a friend told Chris Eng. Within a couple of hours, he had walked him through writing an exploit for an obscure Linux bug, and Eng was hooked on the idea that one could leverage a programming error to gain root privileges on the … More → Continue reading Week in review: Estonia blocks certificates on ID cards, Chrome extension steals all data→

Here’s an overview of some of last week’s most interesting news and articles: NotPetya successor Bad Rabbit hits orgs in Russia, Ukraine Bad Rabbit ransomware, apparently modeled on NotPetya, has hit a number of organizations across Russia, Ukraine, and Eastern Europe on Tuesday. Is the Windows 10 controlled folder access anti-ransomware feature any good? With the release of Windows 10 Fall Creators Update, users get a new feature aimed at stopping ransomware from encrypting their … More → Continue reading Week in review: Windows 10 anti-ransomware, secure remote browsing, infosec and media→

Here’s an overview of some of last week’s most interesting news and articles: Vulnerability in code library allows attackers to work out private RSA keys Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. This private key could be then misused to impersonate its legitimate owner, decrypt sensitive messages, forge signatures … More → Continue reading Week in review: Vulnerable encryption, Mac backdoor, Flash Player 0day exploited in the wild→

Here’s an overview of some of last week’s most interesting news and articles: Leaving employees to manage their own password security is a mistake Despite the clear and present danger that weak passwords pose to organizations, many remain focused on implementing technology based on policy, not the user, to address the problem. In wake of recent attacks, it’s time to revisit your patch policy If you are running a quarterly patch cycle, are you willing … More → Continue reading Week in review: Email tracking, DNS exfiltration, and secure coding in Java→

Here’s an overview of some of last week’s most interesting news and articles: XPCTRA financial malware leaves no stone unturned A Trojan that has previously been only stealing users’ banking credentials has been modified to do much more than that. Is this the year SIEM goes over the cliff? Initially, SIEM solutions sought to solve the collection, monitoring, analyzing, and identification of threats in the cybersecurity environment. Bogged by time intensive needs and requiring large … More → Continue reading Week in review: Deloitte hack, insecure Mac firmware, new issue of (IN)SECURE→

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Equifax breach happened because of a missed patch The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability in question was Apache Struts CVE-2017-5638. Organizations struggle to maximize the value of threat intelligence Amidst growing concerns of large-scale cyber attacks, 84 percent of organizations participating in a … More → Continue reading Week in review: Dangerous Bluetooth, EU cybersecurity certification, how Equifax hackers got in→

Here’s an overview of some of last week’s most interesting news and articles: Patch your Android device to foil Toast Overlay attacks Overlay attacks are nothing new for Android users, and Palo Alto Networks Unit 42 researchers have found yet another way for attackers to perpetrate them. Review: Cato Cloud Cato Cloud is a custom-built, SLA-backed backbone that provides global organizations a one-stop solution for interconnectivity, security and policy enforcement. Navigating GDPR in the mobile … More → Continue reading Week in review: Equifax breach, Instagram hack, Android Toast Overlay attack→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: New, custom ransomware delivered to orgs via extremely targeted emails Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more targeted campaigns are also becoming a trend. Getting a start on cyber threat hunting We live in a world where the adversaries will persist … More → Continue reading Week in review: Cyber threat hunting, Android DDoS botnet, drone bug bounty→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Judge limits DOJ’s search of anti-Trump website data On Thursday, District of Columbia Superior Court Judge Robert Morin ruled that DreamHost must comply with the narrowed warrant, but has further limited the government’s access to the asked-for data, in order to limit exposure of sensitive user information. Review: Securing the Internet of Things The authors do a good job explaining the … More → Continue reading Week in review: Android Oreo security, hacking robots, DDoS attacks on the rise→