<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=694598870919452&amp;ev=PageView&amp;noscript=1">
Jan 07

Threat Intelligence: Yokagawa Severe Vulnerability

Photo Credit: www.yokogawa.com

read more →
Dec 27

Threat Intelligence: Customer Information Exposed in Caribou Coffee Data Breach

Image by Getty Images

read more →
Dec 14

Threat Intelligence: New LamePyre Mac Malware

The third malware strain targeting MacOS this month has been discovered and dubbed LamePyre. Although it appears to still be under development, the malware is able to perform a few functions. LamePyre traps its victims by showing up as a duplicate of the Discord app utilized by gamers. In actuality, it is only a shell which appears as the run of the mill Automator symbol in the menu bar on MacOS when kept running by the user.

read more →
Nov 15

Threat Intelligence: Bitcoin Giveaway Scam Targets Google

The Google Twitter account for its G Suite cloud subsidiary, which has more than 800,000 followers, has been the most recent target of a growing Bitcoin scam. Many have been asking Twitter to intervene due to the increasing success of these attacks and the growing ability for hackers to compromise verified Twitter accounts. When these accounts are accessed, attackers tweet out a falsified 10,000 Bitcoin giveaway, which equates to around $62,000 dollars.

read more →
Nov 14

Threat Intelligence: Microsoft Zero-day Patched

Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.

read more →
Nov 09

Threat Intelligence: Cisco Mistakenly Adds Dirty Cow Exploit Code to its Own Software

 

During a security brief on Wednesday, read more →
Jun 26

Social Engineering Attacks and Mitigations Part III: Dumpster Diving

Considering various types of Social Engineering attacks, realize that all of them can be dangerous and have detrimental effects on the entire organization. Many people believe they know the different kinds of Social Engineering and how to avoid them, but they really only know a few different methods, mostly on the cyber side. While many of these attacks are cyber, there are also plenty that are physical. This week, we will look into the dirty job of dumpster diving and how to prevent it.

read more →
Jun 22

Social Engineering Attacks and Mitigations Part II: Shoulder Surfing

Shoulder surfing is something that most people do every day in one way or another. Most of the time, this simple practice is done without the intention of stealing information. This practice can be used for malicious purposes however, so it is important to prevent unwanted parties from viewing confidential information or trade secrets displayed on your screen.

read more →
May 31

Social Engineering Attacks and Mitigations Part I

Social Engineering is a security term that may be thrown around in corporate offices numerous times a week, month, or quarter, but does everyone at your company know what it really means?

read more →
Mar 08

Not all Threats are Cyber Part Two

Last week, I mentioned the assassination of a Chinese shipping executive who was killed in his car while parked near an upscale market in Karachi, Pakistan.

read more →