-
Talking cyber on the ManageEngine Insights podcast
PRIVACY PRIVACY I was delighted to appear on the “ManageEngine Insights” podcast this week, hosted by enterprise analyst John Donegan. Give it a listen. Read More
-
Thousands of enterprise servers are running vulnerable BMCs, researchers find
PRIVACY PRIVACY Having the ability to remotely manage and monitor servers even when their main operating system becomes unresponsive is vital to enterprise IT administrators. All server manufacturers provide this functionality in firmware through a set of chips that run independent of the rest of the server and OS. These are known as baseboard management…
-
Using EM Waves to Detect Malware
PRIVACY PRIVACY I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract: The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware…
-
CIS Controls v8 Introductory Course Available on Salesforce’s Trailhead
PRIVACY PRIVACY Version 8 of the CIS Critical Security Controls (CIS Controls) helps organizations keep up with modern systems and software, and can ultimately help improve your cybersecurity posture. The CIS Controls team recently worked with Trailhead – Salesforce’s online training platform – to create an introductory course on CIS Controls v8 Implementation Group 1…
-
Using Foreign Nationals to Bypass US Surveillance Restrictions
PRIVACY PRIVACY Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed. What’s most…
-
Hackers are posting out malicious USB drives to businesses
PRIVACY PRIVACY A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. Read more in my article on the Tripwire State of Security blog. Read More
-
FBI arrests social engineer who allegedly stole unpublished manuscripts from authors
PRIVACY PRIVACY On January 5, 2022, the Department of Justice (DoJ) announced the FBI’s arrest of Italian citizen Filippo Bernardini at JFK International Airport in New York for wire fraud and aggravated identity theft. With the arrest of Bernardini, the DoJ unsealed a grand jury indictment dated July 14, 2021, of Bernardini that revealed a…
-
4 ways cybercriminals hide credential stuffing attacks
PRIVACY PRIVACY Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. High account usage, password reuse, and vast volumes of breached credentials on the dark web create the perfect storm for cybercriminals to carry out credential stuffing campaigns, while…
-
Smashing Security podcast #257: Pokemon-hunting cops and the Spine Collector scammer
PRIVACY PRIVACY Who has been playing video games rather than hunting down criminals? How is a man alleged to have stolen manuscripts of unpublished books from celebrity authors? Which pot contains an elephant? And why has Graham been listening to podcasts about pest control marketing? All this and much more is discussed in the latest…
-
Hackers raided Panasonic server for months, stealing personal data of job seekers
PRIVACY PRIVACY Technology giant Panasonic has confirmed that one of its servers suffered a data breach which saw the personal information of job applicants accessed by an unauthorised party. Read more in my article on the Hot for Security blog. Read More