Penetration testing is often conducted by security researchers to help organizations identify holes in their security and fix them, before cybercriminals have the chance. While there’s no malicious intent for the researcher, part of his job is to think and act like a cybercriminal would when hacking, or attempting to breach, an enterprise network. Therefore, in this article, I will review … [Read more...]
September 13, 2019
September 2, 2019
Cyber attacks and data breaches in review: August 2019
A glance at the numbers this month suggests that cyber criminals, like the rest of us, enjoy their summer holidays. The 114,686,290 breached records is infinitesimal compared to last month’s total and about 10% of the monthly average. However, the figure comes from 95 incidents, which is the biggest total we’ve tracked this year. Plenty of those breaches occurred in Europe, so let’s delve into a … [Read more...]
July 12, 2019
Cellular networks under fire from Soft Cell attacks
We place a lot of trust in our mobile experience, given they’re one of the most constant companions we have. Huge reams of data, tied to a device we always carry with us, with said device frequently offering additional built-in app functionality. An astonishing wealth of information, for anyone bold enough to try and take it. Security firm Cybereason uncovered an astonishing attack dubbed … [Read more...]
June 7, 2019
Video game portrayals of hacking: NITE Team 4
Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content. A little while ago, an online acquaintance of mine asked if a new video game based on hacking called NITE Team 4 was in any way realistic, or “doable” in terms of the types of hacking it portrayed (accounting for the necessary divergences from how things would work outside of a scripted, plot-goes-here … [Read more...]
May 21, 2019
Skimmer acts as payment service provider via rogue iframe
Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a payment service provider (PSP) for various reasons, including peace of mind that transactions will be … [Read more...]
May 20, 2019
A week in security (May 13 – 19)
Last week, Malwarebytes Labs reviewed active and unique exploit kits targeting consumers and businesses alike, reported about a flaw in WhatsApp used to target a human rights lawyer, and wrote about an important Microsoft patch that aimed to prevent a “WannaCry level” attack. We also profiled the Dharma ransomware—aka CrySIS—and imparted four lessons from the DDoS attack against the US … [Read more...]
April 16, 2019
Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise
Long-time users of certain Microsoft products, such as Hotmail, MSN, and Outlook found they may be wrapped up in a hack grabbing snippets of email information, and in some cases, a little bit more. Microsoft email services have been around forever in Internet time. Yet, many users still have a few Hotmail accounts rattling around. While most have long since moved on from MSN and Hotmail to Live … [Read more...]
April 1, 2019
A week in security (March 25 – 31)
Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS (Source: The Register) Britain’s Huawei oversight board releases its findings (Source: UK.GOV) Trojanised terror … [Read more...]
March 21, 2019
March 1, 2019
Spectre, Google, and the Universal Read Gadget
Spectre, a seemingly never ending menace to processors, is back in the limelight once again thanks to the Universal Read Gadget. First seen at the start of 2018, Spectre emerged alongside Meltdown as a major potential threat to people’s system security. Meltdown and Spectre Meltdown targeted Intel processors and required a malicious process running on the system to interact with it. Spectre could … [Read more...]
