Resources

Blog

A Boeing 757 was hacked remotely while it sat on the runway

If you thought it was scary when security researchers remotely hijacked a Jeep as it was driven down the freeway, consider this - now airplanes are getting hacked. The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19,...
Blog

Microsoft Fixes 17-Year-Old Arbitrary Code Execution Bug in Office Suite

Microsoft has patched a 17-year-old bug hidden in its Office suite that attackers can use to execute arbitrary code on vulnerable machines. The vulnerability resides in Microsoft Equation Editor (EQNEDT32.EXE). It's a component that allows users to insert and edit equations into Microsoft Word documents as an Object Linking and Embedding (OLE) item....
Blog

Phishing Testing: Building Your Human Firewall

Phishing is becoming a major threat vector for organizations all around the world. Phishing is the exercise of sending illegitimate emails designed to elicit a response from the end user, whether that’s clicking on a link that infects them with malware or tricking the user into volunteering information that they normally would not provide like a...
Blog

Blockchain 101: How This Emerging Technology Works

Unless you’ve been living in Slab City or off the grid for a while, you’ve probably heard this year’s omnipresent buzzword ‘blockchain.’ But perhaps you're a bit clueless as to what this newer technology entails. In a recent HSBC survey of 12,000 respondents in 11 countries, 80 percent of people could not explain how blockchain works. Don’t worry,...
Blog

VERT Threat Alert: November 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft November 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-752 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2017-8700 A Cross Origin Resource Sharing bypass could allow information disclosure in ASP.NET Core. Microsoft has...
Blog

Cryptocurrency Miner among October's 10 Most Wanted Malware

A cryptocurrency miner has earned its place on a list of the top 10 most wanted malware for the month of October 2017. The browser-mining service in question goes by the name "CoinHive." It's a piece of JavaScript that site owners can embed into their websites. Whenever a user visits their domain thereafter, CoinHive will activate and begin mining...
Blog

The Case of The Dark Web DDoS – Part 2

In part one of this two-part series, I described what we know about the September 14 attack against the drug sites on the Tor network. To review: The attack simultaneously took down 11 drug sites on the dark web, yet traffic patterns were unaffected. The site administrators indicated a problem on a public forum; and There was no discernible...
Blog

Women in Information Security: Victoria Walberg

Last time, I spoke with Nitha Suresh. She's written IEEE papers and knows her stuff when it comes to pentesting and aircraft data networks. This time, I had the pleasure of interviewing Victoria Walberg. She has a lot of ideas when it comes to IoT and the cloud. Kimberly Crawley: Please tell me about what you do, Victoria. Victoria Walberg: I'm a...
Blog

The Case of The Dark Web DDoS – Part 1

Think of all the recent DDoS attacks. They all seem to share the common trait of bad guys disrupting the normal flow of data against a legitimate business. Sometimes, these attacks are used for revenge, and other times, they are used for ransom. Sometimes, however, the bad guys become the targets. This is the story of an odd caper that played out on...
Blog

Cyber Security and the Human Factor – An Opinion Piece

Born and bred in IT – and first influenced by global Oil & Gas, the Japanese and the German manufacturing industry – I never experienced excessive levels of management before entering the more anglophile international workspace outside my home country. At best, between me and the board were only two clear structured formal management levels. Ranks and titles did not mean much; the assignment you...
Blog

Advanced Soft Skills for Information Security: Efficacy

Soft skills are a hot topic in information security. You’ll see a lot of articles, blogs and talks on the subject. I’d like to go a little deeper – beyond the basics of soft skills and talk about a concept from communication theory that can be used to achieve behavior change – efficacy. Efficacy is the ability to achieve a desired effect. In risk...
Blog

Microsoft issues advisory to users after macro-less malware attacks

Hackers have been found exploiting a freshly-uncovered vulnerability in Microsoft's software to install malware on business computers. According to security researchers, since last month a Russia-linked hacking group known as APT28 have been using a Microsoft protocol called Dynamic Data Exchange (DDE) to run malicious code through a poisoned Word...
Blog

Unthinkable! Hackers Loot Charity's Funds Right Before Christmas Season

Hackers have done the unthinkable by making off with a charity's funds right before the start of the 2017 Christmas season. The Utah Association for Intellectual Disabilities (UAID) first noticed something was wrong when it had not received any new email applications for help since 22 October. Typically, the charity gets numerous applications in...
Blog

Supercharging Cybercrime Detection with MITRE’s ATT&CK Framework

The majority of attacks that result in successful data breaches are simply not that complex. Many rely on well-known, tried-and-true methods. Indeed, the Verizon DBIR has for many years reported that upwards of 90 percent of attacks were successfully executed because of unpatched and known vulnerabiltiies or misconfigured systems. If we can only learn a few lessons from the latest attacks: ...
Blog

DEF CON 25: A First-time Speaker Experience

I’ve been involved in information technology and infosec since the mid-1990s. Until recently, I had not been actively attending infosec or hacker conferences. I started attending DEF CON in 2013 when the conference was held at the Rio Hotel. DEF CON was the first hacker conference I ever attended. I did not know many in the community and certainly...