//
archives

Security News

This category contains 25 posts

Longlining – Mass Customization Spear Phishing

I came across an interesting variation on spear-phishing known as longlining.  Longlining, which is named after the industrial fishing practice of deploying miles-long fishing lines with thousands of individual hooks, combines successful spear phishing tactics with mass customization. Using these techniques, attackers can deploy thousands of unique, malware laden messages that are largely undetectable to traditional … Continue reading

Flaw leading to denial of service found in the latest WordPress

A Polish security researcher has found a flaw in the latest version of WordPress, version 3.5.1. He reported it to WordPress, but with no response after 7 days he went public The flaw probably won’t affect too many users. It requires a password-protected page within a self-hosted WordPress site; and almost by definition, bloggers and … Continue reading

Windows 8 Developer Preview available for download

Microsoft have released .iso files for download from the Developer Center for the new Windows 8 operating system. It seems it is geared up for Tablets and from a very brief scan of the screenshots that are available over the net it looks a bit like Windows 7 Phone. Here is the link. http://msdn.microsoft.com/en-us/windows/apps/br229516

Advanced Persistent Threats – Article coming soon

The latest hack attacks on Sony (again!?) and most recently last week with Lockheed in the US demonstrates the need for Security Professionals and Management to understand that all networks are essentially vulnerable to these new “go low and slow” Advanced Persistent Threats which are targetting their networks. The types of attacks that have succeeded in … Continue reading

Creepy – Geolocation Information Aggregator

Creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to … Continue reading

RSA recent hack places doubt on the security of RSA SecurID product

Huge news recently when RSA announced that information relating to their RSA SecurID Two-Factor authentication was stolen by hackers in what they are calling an Advanced Persistent Threat (APT).  The highly sophisticated attack has now put the use of their patented two-factor authentication techology in doubt. RSA are not releasing the specific type of information … Continue reading

Article – Securing Smartphones in the Enterprise

I wrote this article for Magazcitum in Mexico City. That version will be in Spanish but here is the full article in English. We are consumers of information and we live and share our lives online. We live in a world where the demand for access to information on a mobile platform is increasing at … Continue reading

Securing Smartphones in the Enterprise

It’s just struck midnight and the official deadline for the next article in Magazcitum is now closed.  The next article is a description of the risks corporations must face when implementing Smartphones in ther business. More smartphones are lost each year than laptops and for that reason post a significant threat of data loss when … Continue reading

Sneaky Russian h4X0R5 – Russian hacker avoids jail over WorldPay heist

Got to watch out for those sneaky Russians. Seems like they are always hitting the front page hacker news feeds. Another interesting article on Russian Hackers admitting guilt in the RBS Worldpay robbery of 2008   A Russian hacker received a five-year suspended sentence on Tuesday after pleading guilty to playing a key part in … Continue reading

Hacker admits stealing $12m worth of chips from Zynga

Seems like you can´t trust anyone these days. Even “IT Experts” are tempted to walk the dark path and go postal on systems these days. This article comes from TheRegister.co.uk — defo a great site for IT news. ———————————— A UK-based IT expert has admitted hacking into the servers of game developer Zynga and stealing … Continue reading