Blog

Blog

Static Code Analysis and You

I have been involved in several efforts to integrate static code analysis into software projects—none have been terribly successful. Most have resulted in hours of time spent identifying and removing false positives. So, when I read Travis Smith's recent post about Fallible static code analysis, I was immediately struck with the need to add my two...
Blog

Small Companies Overconfident about Their Security Posture, Finds Survey

Today, there are many factors that prevent businesses from effectively assessing and mitigating digital security risk. One contributor to The State of Security kicked off 2017 by discussing four of these causes. I won't spoil the article for you. I will say, however, that data access and asset control feature heavily in the post. That's only to be...
Blog

Inception and the Road from Security Serendipity

You spin the top and wait to see if it continues in kinetic motion or if it falls to the pull of gravitational force. You trust that the road chosen to walk the path of serendipity toward an anticipated culmination of the correct state of scientific innovation – which, in this case, has been forged to deliver a true state of cyber security is...
Blog

Netflix Membership Piracy Scam Tricks Users into Installing Ransomware

Computer criminals are luring in users with a Netflix membership account piracy scam and tricking them into installing ransomware. The scam starts when a Windows/PC user downloads what they believe is a Netflix login generator. These types of tools are usually available on websites that host cracked applications and offer access to premium web...
Blog

Authoritative Asset Repository: What’s That?!

A Configuration Management Database (CMDB) is a repository that is an authoritative source of information of what assets are on the corporate network. At least, that’s what it’s supposed to be. However, in many of my recent discussions, the more common definition given for CMDB is “a struggle.” Does that sound familiar? If so, keep reading. If not,...
Blog

Dozens of Android VPN Apps Fail to Protect Users' Privacy, Study Reveals

One of the best friends a user can have in today's digital age is a virtual private network (VPN). This tool masks a user's IP address and tunnels their data through a network of servers. In so doing, a VPN helps a user anonymously and more securely browse the web. Unfortunately, not all VPNs fulfill that purpose. A group of researchers from Queen...
Blog

U.S. Top-Ranked Globally in 2016 Data Breaches, Finds Report

The United States takes the number one spot worldwide in data breaches disclosed last year, revealed a new report analyzing breach activity in 2016. Risk Based Security’s annual report released on Wednesday found that the U.S. accounted for nearly half – 47.5 percent – of all incidents, and a whopping 68.2 percent of all exposed records. Close to 2...
Blog

Hacker Sentenced to Nine Months in Jail for 'Celebgate' Scandal

A hacker has received nine months in prison for compromising hundreds of people's accounts as part of the 'Celebgate' scandal. From 23 November 2013 through August 2014, Edward Majerczyk, 29, of Orland Park, Illinois orchestrated a phishing scheme that targeted 30 celebrities and 270 others. He sent each victim an email that directed them to a...
Blog

Proactive vs. Reactive Compliance Management

Much of my time spent working is focused on performing technology assessments against some kind of baseline. Most of the time, these are specific government or industry standards like HIPAA, NIST, ISO and PCI. But when some of my clients reach out to me about evaluating their environment in light of these standards, it’s often done out of a feeling...
Blog

VERT Threat Alert: Cisco WebEx Browser Extension Remote Code Execution

Vulnerability Description A vulnerability in the Cisco WebEx Browser extension for Chrome, Firefox, and Internet Explorer could be used to execute code on a victim system. It is trivial to exploit the vulnerability and sample exploit code has been released publicly. The vulnerability leverages command execution in the launch_meeting message via a...
Blog

SpyNote RAT Masquerades as Netflix App to Infect Android Devices

A new variant of the SpyNote remote access trojan (RAT) is infecting Android devices by masquerading as a mobile Netflix app. The malware, which is based off the SpyNote RAT builder leaked in 2016, displays the same icon used by the official Netflix app that's found on Google Play. But it's a fake. Clicking on the app causes the icon to disappear...
Blog

Charger Android Ransomware Spread via the Official Google Play App Store

We all know that ransomware is a growing problem for businesses and home users alike, and that most of it is targeted against Windows users. And we're also familiar with warnings to avoid downloading Android apps from third-party marketplaces rather than officially-sanctioned ones such as the Google Play marketplace. But infosecurity is not a world...
Blog

Digging for Security Bugs in Python Code

Python is a great development language for so many reasons. Its developers enjoy huge library support. Do you want to deploy a simple web server or implement a RESTful API? There are modules for that. Capture, analyze, and visualize network traffic flow? There are simple and free modules for all of that, too. Developers using Python can create a...
Blog

Breaking Out of the Checkbox with PCI 3.2 Compliance

Since 2004, merchant companies that handle branded credit cards have worked to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). These regulations, which consist of six fundamental control objectives and 12 core requirements, aim to protect payment card data for customers. They also help card issuers and banks...
Blog

DNS Evil Lurking Around Every Corner

Today, I came across a blog post that once again showcases the importance of properly managing DNS through its entire lifecycle. The article entitled “Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target” (sic) was written by Matthew Bryant (@IAmMandatory). It can be found here. It’s a bit of long read but serves as a great...
Blog

Heartbleed Still a Heartache 1,000 Days In

A recent report released by Shodan found that as of January 22, 2017, nearly 200,000 publicly accessible internet devices were vulnerable to Heartbleed. The detailed report gives some insight into those who continue to be exposed to this vulnerability. It's no surprise that the majority of these systems are HTTPS pages hosted by Apache and running...