Nov 15

Threat Intelligence: Bitcoin Giveaway Scam Targets Google

The Google Twitter account for its G Suite cloud subsidiary, which has more than 800,000 followers, has been the most recent target of a growing Bitcoin scam. Many have been asking Twitter to intervene due to the increasing success of these attacks and the growing ability for hackers to compromise verified Twitter accounts. When these accounts are accessed, attackers tweet out a falsified 10,000 Bitcoin giveaway, which equates to around $62,000 dollars.

read more →
Nov 14

Threat Intelligence: Microsoft Zero-day Patched

Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.

read more →
Nov 09

Threat Intelligence: Cisco Mistakenly Adds Dirty Cow Exploit Code to its Own Software

 

During a security brief on Wednesday, read more →
Jun 26

Social Engineering Attacks and Mitigations Part III: Dumpster Diving

Considering various types of Social Engineering attacks, realize that all of them can be dangerous and have detrimental effects on the entire organization. Many people believe they know the different kinds of Social Engineering and how to avoid them, but they really only know a few different methods, mostly on the cyber side. While many of these attacks are cyber, there are also plenty that are physical. This week, we will look into the dirty job of dumpster diving and how to prevent it.

read more →
Jun 22

Social Engineering Attacks and Mitigations Part II: Shoulder Surfing

Shoulder surfing is something that most people do every day in one way or another. Most of the time, this simple practice is done without the intention of stealing information. This practice can be used for malicious purposes however, so it is important to prevent unwanted parties from viewing confidential information or trade secrets displayed on your screen.

read more →
May 31

Social Engineering Attacks and Mitigations Part I

Social Engineering is a security term that may be thrown around in corporate offices numerous times a week, month, or quarter, but does everyone at your company know what it really means?

read more →
Mar 08

Not all Threats are Cyber Part Two

Last week, I mentioned the assassination of a Chinese shipping executive who was killed in his car while parked near an upscale market in Karachi, Pakistan.

read more →
Mar 05

EvilOSX

On February 14th, 2018, a new variant of an OS X RAT called “EvilOSX” has appeared on Github.

read more →
Feb 28

Not all Threats are Cyber

On the 7th of February, I read a news article with great interest. The article was about a Chinese shipping executive who was gunned down and murdered in Karachi, Pakistan. His car was “riddled with bullets,” yet a passenger was unharmed.

read more →
Feb 26

The Skiddies are Playing Dress-up

Script kiddies (Skiddies) are often the butt of many jokes from both security professionals and seasoned hackers alike, but they may have finally found a way to become a real threat.  Not necessarily an information security risk, like traditional hackers, but a financial risk. 

read more →