You are browsing archives for
Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these […]
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection […]
The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter’s internal employee tools, and were not responsible for the actual […]
Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay […]
An accustomed internet user with a keen eye might spot the fakery in the above picture, mainly because of the suspicious-looking email address. But its look and feel are very similar to that of an actual, legitimate message. This design task (worthy of a craftsman web designer) used to be a time-consuming endeavor that could […]
Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So […]
Security professionals often need to quickly look up and correlate data during OSINT, reconnaissance, discovering vulnerabilities, finding security breaches in networks, and more. Fortunately, there are search engines in their arsenal of tools that are designed to be used by hackers and professionals. These can provide valuable data for their security operations. Search engines used […]
Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches […]
Let’s answer these questions today, by running DMitry along with our own SurfaceBrowser™️ enterprise tool. We’ll find out what happens when information is extracted from different sources so they can complement each other. What is DMitry? While this small tool called DMitry is considered old code, it does have a few useful information gathering tricks […]
SecurityTrails got a big gut check at the beginning of last week. One of our Elasticsearch servers was unintentionally left open when an engineer was trying to fix an outage. This caused a series of self inflicted drama. We notified clients and wrote a comprehensive technical blog post almost immediately. The response from clients and […]
One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is […]
We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind […]
After exploring our red team tools and phishing tools collections, it’s time to spend some time in the blue shoes. We have searched, tested and aggregated a list of the best blue team tools that will aid in many different blue team operations. There are a few categories of tools we haven’t included in this […]
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest […]
A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most […]
The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment […]
This picture shows someone’s intentions in broad daylight, but it’s also easy to get information related to an office’s WiFi access points from a stealthier position, let’s say from inside a car in the parking lot, or from somewhere off the premises. While this may sound like a usual approach for conducting an attack against […]
Considering their growing attack surface along with the increased sophistication of threat actors, organizations are now turning to different cyber security companies and vendors for help, with cybersecurity remaining the real “it” area of IT spending. Security companies and vendors aid organizations and their security teams by providing them with solutions for network security, cloud […]
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 […]
Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will […]
