dcsimg

Luas data ransom: the hacker who cried wolf?

In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button. You must pay one bitcoin in five days. Otherwise I will publish all data and send emails to … [Read more...]

Assessing the security of a portable router: a look inside its hardware, part deux

In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess the full firmware. Sometimes, the manufacturer has an updated firmware that is available on their website. It could be just that—an update—and therefore incomplete. We want to be able to compare the updated and … [Read more...]

All the reasons why cybercriminals want to hack your phone

When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone. 1. To infect it with malware Many smartphone users assume they can stay safe from malware and other threats by installing … [Read more...]

Compromising vital infrastructure: transport and logistics

Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam. Rotterdam is one of the major ports in the world and consequently, there is a lot of traffic coming in and out. The roads around the city can handle normal traffic, but … [Read more...]

Tomorrowland festival goers affected by data breach

Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn’t recent. In fact, it dates back four years to an event long since come and gone. According to a Tomorrowland spokesperson, the managers of the Paylogic ticketing system noticed … [Read more...]

Compromising vital infrastructure: how voting machines and elections are vulnerable

In our first post in a series about vital infrastructure, we aim to explore how secure our voting machines—and our votes in general—are ahead of the upcoming midterm elections. Here, we ask ourselves: How can our infrastructure be compromised? What are the consequences, and how can we prevent attacks or limit the damage? The outcome of elections has an enormous impact on the political and cultural … [Read more...]

Bloomberg blunder highlights supply chain risks

Ooh boy! Talk about a back-and-forth, he said, she said story! No, we’re not talking about that Supreme Court nomination. Rather, we’re talking about Supermicro. Supermicro manufacturers the type of computer hardware that is used by technology behemoths like Amazon and Apple, as well as government operations such as the Department of Defense and CIA facilities. And it was recently reported by … [Read more...]

LoJack for computers used to attack European government bodies

Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate, but often questioned, software called Computrace that comes by default on many computer systems. This … [Read more...]

How to protect your data from Magecart and other e-commerce attacks

In today’s golden age of online shopping, consumers take to the Internet, punch in a few credit card details, and happily receive products at their doorstep, safe in the knowledge that their online vendor is well-known, vetted, and therefore their website has to be secure, right? Dut did you know that hackers can steal your credit card details with only a few lines of JavaScript? Attacks on … [Read more...]

The Dark Web: Is it a threat to your organization?

As a corporate network admin or security professional, you probably think of yourself as one of the good guys in the cyber world. And that means you probably rarely venture over to the wrong side of the virtual tracks, where the bad guys hang out. Sure, you’re aware of and understand the old adage that […] … [Read more...]