You are browsing archives for
Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook […]
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here […]
Secure socket layers (SSL) and its evolutionary descendant, Transport Level Security (TLS), are the most widely used protocols for ensuring confidentiality among service information exchanges. Despite this fact, their implementation is one of the most misunderstood, misconfigured, and prone-to-human-error options available. Codebreaker and government intelligence pioneer Elizabeth Friedman. Source: Jason Fagone’s book “The Woman Who […]
U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and […]
Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here’s the story of how companies searching for investors to believe in their ideas can run into trouble. Nick […]
Guglielmo Marconi’s trials on the Bristol Channel – Credit: BT archive Yet despite the technological approach applied to every stage of telecommunications, there have always been specific designs regarding the information exchanging protocols used to set up a standardized language that allows devices to speak to each other. As history has repeatedly taught us, this […]
Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. […]
Installing Kali Linux or any other pentesting distro reveals the massive amount of tools in today’s infosec landscape that make the work of researchers, analysts and other security professionals easier, faster and more accurate. This certainly wasn’t the case 14 years ago, when dnsmap was released. Tools like dnsmap marked the beginning of the ever-growing […]
When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable […]
One of our newest SurfaceBrowser™ features is SQL Explorer. This cool new feature allows you to combine the power of structured query language with our huge records database, allowing you to extract the most information possible. Today we’ll share some easy-to-follow examples that can help you find interesting, and even unusual, data on SSL certificates […]
With this in mind it’s safe to assume that organizations are highly interested in protecting their data; after all, it’s at constant risk. If it’s valuable to the organization, it will surely be valuable to malicious actors, whether to be sold on the black market, used for market advantage, leveraged to ruin reputations, or just […]
Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may […]
Yesterday’s piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. […]
Since September of 2007, it’s been maintained and upgraded by Lyon and a number of developers, many from Google’s Summer of Code program. And on top of its long history, it continues to offer many cool features that are still extremely helpful when conducting mapping of network-facing services, for all sorts of assessments that can […]
At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, […]
While yes, there are adrenaline-seekers among us who would gladly take the plunge, let’s look at it from a non-thrill-seekers’ perspective: you would only jump if you knew you had the skills to do it safely, consider all the circumstances, assess the terrain, enlist someone to help out if necessary; essentially, prepare yourself for everything […]
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “vishing” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that […]
The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of […]
Let’s also consider the current shift taking place in many organizations: working remotely is all the rage right now. And with more and more team members working from home, more devices are accessing your network, along with new technologies and tools being utilized to make at-home-offices function properly. This blurs the lines between the personal […]
A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464, a problem with the […]
