In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button. You must pay one bitcoin in five days. Otherwise I will publish all data and send emails to … [Read more...]
January 11, 2019
December 26, 2018
Assessing the security of a portable router: a look inside its hardware, part deux
In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess the full firmware. Sometimes, the manufacturer has an updated firmware that is available on their website. It could be just that—an update—and therefore incomplete. We want to be able to compare the updated and … [Read more...]
December 18, 2018
All the reasons why cybercriminals want to hack your phone
When people think of hacking, most imagine desktop computers, laptops, or perhaps even security cameras. However, in recent years, cybercriminals have expanded their repertoire to include smartphones, too. Here are 10 reasons why they may be looking to hack your phone. 1. To infect it with malware Many smartphone users assume they can stay safe from malware and other threats by installing … [Read more...]
November 6, 2018
Compromising vital infrastructure: transport and logistics
Back when I was a dispatcher for a courier and trucking company, we used to joke that it only took a few strategically-placed accidents to cause a traffic jam that could completely stop circulation around the city of Rotterdam. Rotterdam is one of the major ports in the world and consequently, there is a lot of traffic coming in and out. The roads around the city can handle normal traffic, but … [Read more...]
October 31, 2018
Tomorrowland festival goers affected by data breach
Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn’t recent. In fact, it dates back four years to an event long since come and gone. According to a Tomorrowland spokesperson, the managers of the Paylogic ticketing system noticed … [Read more...]
October 23, 2018
Compromising vital infrastructure: how voting machines and elections are vulnerable
In our first post in a series about vital infrastructure, we aim to explore how secure our voting machines—and our votes in general—are ahead of the upcoming midterm elections. Here, we ask ourselves: How can our infrastructure be compromised? What are the consequences, and how can we prevent attacks or limit the damage? The outcome of elections has an enormous impact on the political and cultural … [Read more...]
October 10, 2018
Bloomberg blunder highlights supply chain risks
Ooh boy! Talk about a back-and-forth, he said, she said story! No, we’re not talking about that Supreme Court nomination. Rather, we’re talking about Supermicro. Supermicro manufacturers the type of computer hardware that is used by technology behemoths like Amazon and Apple, as well as government operations such as the Department of Defense and CIA facilities. And it was recently reported by … [Read more...]
October 4, 2018
LoJack for computers used to attack European government bodies
Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate, but often questioned, software called Computrace that comes by default on many computer systems. This … [Read more...]
September 28, 2018
How to protect your data from Magecart and other e-commerce attacks
In today’s golden age of online shopping, consumers take to the Internet, punch in a few credit card details, and happily receive products at their doorstep, safe in the knowledge that their online vendor is well-known, vetted, and therefore their website has to be secure, right? Dut did you know that hackers can steal your credit card details with only a few lines of JavaScript? Attacks on … [Read more...]
September 11, 2018
The Dark Web: Is it a threat to your organization?
As a corporate network admin or security professional, you probably think of yourself as one of the good guys in the cyber world. And that means you probably rarely venture over to the wrong side of the virtual tracks, where the bad guys hang out. Sure, you’re aware of and understand the old adage that […] … [Read more...]
