Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication

PayPal Hacking Software Free Download 300x221 Duo Security Researchers Uncover Bypass of PayPal’s Two Factor Authentication

Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) — an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Interview with Aamir Lakhani Co-Author of Web Penetration Testing with Kali Linux

SecurityOrb2 Interview with Aamir Lakhani Co Author of Web Penetration Testing with Kali Linux

Here is the other SecurityOrb Interview with my good buddy Aamir Lakhani. Kellep Charles interviewed both of us regarding our book and other general security topics. You can find the Aamir Lakhani interview HERE or on the Security ORB website. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

First look at trends from the 2014 Verizon Data Breach Report

VR6 First look at trends from the 2014 Verizon Data Breach Report

Verizon security researchers along with calibration from more than 50 other organizations have released the Verizon 2014 Data Breach Report (download HERE). My colleague Aamir Lakhani (www.DrChaos.com) and I would like to share our opinion of the trends we saw after analyzing the findings. We encourage you to download the report, along with other sources we reference in this post.

In 2012, the Verizon Data Breach report along with Mandiant (now FireEye) APT1 report (download HERE) found that geopolitical and foreign nation attacks were on the rise. These reports demonstrated a real threat to businesses and organization causing financial loss, intellectual property compromise, and destabilization in business and brand worthiness. Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (1 vote cast)

Heartbleed bug causes Phishing and Scams to rise

My buddy Aamir Lakhani wrote a post on the reaction to Heartbleed. He points out the media attention on Heartbleed is opening new opportunities for phishing attacks. The original post can be found HERE

Everyone is in frenzy due to the OpenSSL Heartbleed bug. The mainstream media has been reporting on it for a few days. Unfortunately, with this much publicity, there is also opportunity for attackers to take advantage of the hype. In the last 24 hours I am seeing a major rise in phishing emails and other scams.

As people understand and hear about the bug, I expect scams and malicious phishing emails to exponentially increase.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

My buddy Aamir Lakhani wrote a great post covering the recently exposed security vulnerability that impacts more than half of the websites on the Internet. Its something everybody needs to be aware of. The original article can be found HEREheartbleed OpenSSL Heartbleed Bug Impacting More Than Half Of The Internet

Heartbleed is a serious vulnerability affecting OpenSSL cryptographic libraries. The Heartbleed vulnerability allows an attacker to steal information protected under normal SSL TLS conditions.

Here is what you need to know:

  • This is a very serious vulnerability.
  • It harms personal computers and everyday users. Attackers could possibly steal user information. 
  • Many popular websites, including social media, search, email, banking, and health sites are vulnerable.
  • The bug is found on most systems and has been present since 2012.
  • Most likely, attackers knew about the vulnerability, and may have been exploiting it for a long time.
  • Patching and updating systems will not protect owners from attackers who have already captured data.

Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

The Imminent Demise of Bitcoin

Aamir Lakhani wrote a fantastic overview on Bitcoins. You can find the original HERE via www.drchaos.com.

Bitcoin started as a transparent open source currency that provided anonymity. It also provided advantages over traditional currency. Bitcoin is not bound to any organization or country. It is a peer-to-peer trading currency, so it is not subject to financial institutions such as banks, merchants, or payment gateways. A Bitcoin, in almost every way, is like real currency coins that you can use, spend, and save. However, like real currency, it can also be destroyed, lost, and stolen.

Bitcoin 1024x1024 The Imminent Demise of Bitcoin Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Open App ID: Cisco commits to open source and application identification

bart os Open App ID: Cisco commits to open source and application identification

My buddy Aamir wrote a summary of the open source announcement by Cisco at RSA last week (original post can be found HERE). Cisco also announced integrating FireAMP with Cisco email, web and cloud security products. FireAMP gives Cisco products the ability to detect infected files by searching for known hashes, sandboxing unknown files and other detection means. More on the FireAMP capabilities can be found HERE. Another source for these announcements is on the Network World blog found HERE Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Next-Generation Intrusion Prevention Systems changing the game for Cyber

My buddy Aamir Lakhani wrote about how traditional security products such as Stateful firewalls and older IPS/IDS solutions are not cutting it for today’s level of threats. This post covers why the “Next-Generation” of security technology matters. The original post can be found HERE

Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS).  Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?

Motivation 1024x634 Next Generation Intrusion Prevention Systems changing the game for Cyber Continue reading

VN:F [1.9.22_1171]
Rating: 4.5/5 (2 votes cast)