Blog

Blog

Security breach at ICANN. Email addresses and password hashes stolen

ICANN, the organisation which oversees the internet's domain name system, regulating web addresses and working with registrars around the world, has revealed that it has fallen victim to a hacker attack during which the details of users who had created profiles on the organisation's public website were exposed. Email addresses (which act as...
Blog

Here’s What You Missed at BSides LV – Day 2

Today was another successful day at BSides Las Vegas, with more intriguing presentations and an amped up crowd ready to hear from security researchers, engineers, analysts and catalysts alike. Although there were numerous interesting topics to choose from, my time only permitted for about a half-day of sessions. Luckily, many of the presenters noted...
Blog

Attackers Using RATs to "Slave" Victims' Computers, Sextort Children

Malware is one of the most dangerous classes of computer threats facing users today, and as a risk category, it is growing in sophistication. First, malware is now more difficult to detect. In an effort to stay one step ahead of security researchers, authors of malicious software are integrating evasion techniques, including environmental awareness...
Blog

DEF CON 23 “How To Train Your RFID Hacking Tools” Preview

RFID is one of those ubiquitous technologies showing up everywhere from contactless payment cards to the neighborhood swimming pool. Some of these technologies offer appropriate security controls but many applications still use legacy technology that is easily subverted by an attacker. Back in 2013, data from HID Global indicated that 70-80% of...
Blog

Here’s What You Missed at BSides Las Vegas – Day 1

This year’s BSides in sunny Las Vegas, Nevada, is off to an amazing start, with an overwhelming crowd and a great lineup of presentations from some of the industry’s brightest – and most inspiring – professionals. In the biggest BSides LV event yet, hundreds of attendees gathered at the Tuscany bright and early – eagerly waiting to hear from experts...
Blog

Why Do We Care About Zero Days?

A true zero day, such as the recent vulnerability affecting Apple’s DYLD_PRINT_TO_FILE variable that an adware installer is said to be exploiting in the wild, is called that because it comes without warning, because by the time you know about it, you have already been compromised. They're expensive; they are the domain of nation states and the most...
Blog

Aligning Cyber Strategy to the Business

To quote Lewis Carrol, from Alice's Adventures in Wonderland: 'Would you tell me, please, which way I ought to go from here?' 'That depends a good deal on where you want to get to,' said the Cat. 'I don't much care where —' said Alice. 'Then it doesn't matter which way you go,' said the Cat It might sound like a relaxing way to go through life,...
Blog

SWAT Not Thyself

There is a horrible prank that has been in circulation for the last few years whereby a person calls a local police department and reports a terrible crime in progress at a remote address, usually the address of an enemy. Using telephone number spoofing techniques, the call appears to originate from the home of the pranking victim. The police often...
Blog

Black Hat USA '15: What's In Store

Black Hat USA – one of the most anticipated security events of the year, and recently ranked among our top information security conferences – returns to Las Vegas this August for its 18th year. With an expected 9,000 attendees, this year's conference will offer over 100 briefings on the latest and most innovative security research from industry...
Blog

Back Doors: Are You Prepared?

"Honey... Did you make sure you locked the basement door and activated the security system? I can't wait to get to the Big Rock Campground, the kids are going to love the waterslide..." Sound familiar? The majority of new homes today have some sort of physical security system protecting the property while the family is away, but are these security...
Blog

Yahoo Bug Bounty Program Awards $1 Million to Security Researchers

Yahoo announced that it has paid security researchers one million dollars as part of its bug bounty program. According to a post written by Ramses Martinez, Senior Director and Interim CISO at Yahoo, the company's bug bounty program, which The State of Security named one of our 11 Essential Bug Bounty Programs in 2015, has shown significant growth...
Blog

Sweet Security: Deploying a Defensive Raspberry Pi

The hardware used in both the Internet of Things (IoT) and Industrial Control Systems (ICS) have many similarities; both often involve older systems incapable of running detection tools or monitoring agents due to outdated operating systems, resource limitations, proprietary systems and odd protocols such as Modbus and DNP3, amongst other...
Blog

Phishing Up 74% in Q2 2015, Reveals Infoblox DNS Threat Index

The Domain Name System (DNS) is a hierarchical system that assigns names to computers, resources and services connected to the web. It is responsible for relating information associated with each Internet-based entity to a domain name. As such, DNS is an essential tool for organizing the web. In the wrong hands, however, it can be used to create...
Blog

Apple Patches 'High' Input Validation Vulnerability in iTunes, App Store

Apple has patched an application-side input validation web vulnerability in iTunes and the App Store that allowed attackers to inject malicious code into user invoices. The vulnerability received a 'High' severity level and a CVSS rating of 5.8. It allows for session hijacking, persistent phishing attacks, and other malicious activities. Benjamin...
Blog

Landing a Hands-On Security Gig – Part 2

In Part 1, I discussed several important elements to landing a hands-on security gig, including passion and having the skills to pay the bills. Now, I’ll continue to guide you through various other essentials that could impact your career. Tools vs. Knowledge A good security analyst understands how various tools work, along with how to run the...
Blog

How to bust keyboard biometrics, and why you might want to

We all know that there's a problem with passwords. Most internet users are careless when choosing passwords - either re-using the same passwords they've used elsewhere or making them too easy to crack. And if they're not guilty of that mistake, there's always the chance that their computers are infected with spyware watching their keystrokes and...