Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) — an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves. Continue reading
Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.
For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading
Verizon security researchers along with calibration from more than 50 other organizations have released the Verizon 2014 Data Breach Report (download HERE). My colleague Aamir Lakhani (www.DrChaos.com) and I would like to share our opinion of the trends we saw after analyzing the findings. We encourage you to download the report, along with other sources we reference in this post.
In 2012, the Verizon Data Breach report along with Mandiant (now FireEye) APT1 report (download HERE) found that geopolitical and foreign nation attacks were on the rise. These reports demonstrated a real threat to businesses and organization causing financial loss, intellectual property compromise, and destabilization in business and brand worthiness. Continue reading
My buddy Aamir Lakhani wrote a post on the reaction to Heartbleed. He points out the media attention on Heartbleed is opening new opportunities for phishing attacks. The original post can be found HERE.
Everyone is in frenzy due to the OpenSSL Heartbleed bug. The mainstream media has been reporting on it for a few days. Unfortunately, with this much publicity, there is also opportunity for attackers to take advantage of the hype. In the last 24 hours I am seeing a major rise in phishing emails and other scams.
As people understand and hear about the bug, I expect scams and malicious phishing emails to exponentially increase. Continue reading
My buddy Aamir Lakhani wrote a great post covering the recently exposed security vulnerability that impacts more than half of the websites on the Internet. Its something everybody needs to be aware of. The original article can be found HERE.
Heartbleed is a serious vulnerability affecting OpenSSL cryptographic libraries. The Heartbleed vulnerability allows an attacker to steal information protected under normal SSL TLS conditions.
Here is what you need to know:
- This is a very serious vulnerability.
- It harms personal computers and everyday users. Attackers could possibly steal user information.
- Many popular websites, including social media, search, email, banking, and health sites are vulnerable.
- The bug is found on most systems and has been present since 2012.
- Most likely, attackers knew about the vulnerability, and may have been exploiting it for a long time.
- Patching and updating systems will not protect owners from attackers who have already captured data.
Aamir Lakhani wrote a fantastic overview on Bitcoins. You can find the original HERE via www.drchaos.com.
Bitcoin started as a transparent open source currency that provided anonymity. It also provided advantages over traditional currency. Bitcoin is not bound to any organization or country. It is a peer-to-peer trading currency, so it is not subject to financial institutions such as banks, merchants, or payment gateways. A Bitcoin, in almost every way, is like real currency coins that you can use, spend, and save. However, like real currency, it can also be destroyed, lost, and stolen.
My buddy Aamir wrote a summary of the open source announcement by Cisco at RSA last week (original post can be found HERE). Cisco also announced integrating FireAMP with Cisco email, web and cloud security products. FireAMP gives Cisco products the ability to detect infected files by searching for known hashes, sandboxing unknown files and other detection means. More on the FireAMP capabilities can be found HERE. Another source for these announcements is on the Network World blog found HERE. Continue reading
My buddy Aamir Lakhani wrote about how traditional security products such as Stateful firewalls and older IPS/IDS solutions are not cutting it for today’s level of threats. This post covers why the “Next-Generation” of security technology matters. The original post can be found HERE.
Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS). Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?