Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Those who are familiar with Bluetooth BR/EDR technology (aka Bluetooth Classic, from 1.0 to 5.1) can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of Technology, the CISPA Helmholtz Center for Information Security, and University of Oxford released … [Read more...]

Latest phishing attack targets Amazon Seller accounts

Criminal hackers are pushing boat out with the latest phishing scam targeting unsuspecting German victims.  The email scam sends recipients what appears to be a tax invoice from Amazon, instructing the recipient to enter their Amazon Seller account login details to access it.    Image of translated phishing email via Bleeping computer   However, the login … [Read more...]

OneDrive for Business Security Tips and Tricks

The rate of cloud technology adoption has increased dramatically over the last few years, with file storage generally being the go-to cloud service. That’s because cloud storage enables organizations to keep costs down and made data more accessible, helping to drive collaborations. Microsoft are responsible for very popular cloud file storage services. Microsoft OneDrive is a non-business product … [Read more...]

Physical Server vs. Virtual Server

<p>As a managed services provider (MSP), you’ll need to help your customers navigate profound technological change. Businesses are investing more than ever in the digital infrastructure necessary to stay competitive in an increasingly dynamic, fast-paced economic landscape. Read More … [Read more...]

Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)

Previously disclosed and patched flaw was reintroduced in iOS 12.4, which could be used in combination with a separate vulnerability to hack into Apple mobile devices Background On August 18, unc0ver, a popular jailbreaking software, was updated to version 3.5.0 which includes a public jailbreak on a signed version of Apple’s firmware for the first time in years due to the reintroduction of a … [Read more...]

DEF CON 27 retrospective: badge life redux

Kickstarter or DEF CON attendee? Be forewarned, this light overview contains some mild spoilers. If you want the purest “Da Bomb” experience with no web-based OSINT hints, read no further. I’m not revealing any earth-shattering secrets here, but figured it was worth mentioning. Also DEF CON is over so… Defcon is what you make it Two years ago at DEF CON 25, I acquired the Ides of DEF CON … [Read more...]

Magecart criminals caught stealing with their poker face on

Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren’t actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket. Ever since then, we’ve monitored other places where we believe a skimmer might be found next. However, we were … [Read more...]

Service Account Governance: Reduce your attack surface with Account Lifecycle Manager

Service accounts abound in every organization. Failure to manage them leads to significant risk. This has been a critical issue for organizations that use Active Directory and have grown to a level that accounts can no longer be managed by hand. Almost all medium to large organizations suffer from extreme service account sprawl, perpetuating the unmanaged, uncontrolled expansion of their … [Read more...]

Thycotic Launches Industry’s First Privileged Service Account Governance Solution

WASHINGTON, D.C., August 20, 2019 – Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 20 percent of the Fortune 1000, today expanded its industry-leading PAM solution to address the risks associated with service account sprawl. Service accounts are specialized non-human accounts used by applications or other services to access data and … [Read more...]

DPC concludes Public Services Card investigation

This week, Ireland’s DPC (Data Protection Commission) released the findings of its investigation into the controversial PSC (Public Services Card).  What is the PSC? The PSC was introduced as part of a social welfare pilot scheme in 2011. It displays the holder’s full name, PPS (Personal Public Service) number, signature and photograph.   The card was initially required for social welfare … [Read more...]