A South African bank became a victim of a bank heist 10,000 miles away, after a group of criminals stole $13 million out of cash machines on another continent using fake South African credit cards. The original post can be found HERE. Check out the associated video. ATM hacking isn’t new as we saw this years ago at Blackhat / Defcon thanks to Barnaby Jack. This takes it to another level. Continue reading
When administrators think about identifying cyber breaches, many become hyper focused on analyzing files for malware (IE scanning hard drives with signature based technologies). What has been a more current trend, which has been linked to large scale attacks such as the Angler Exploit Kit is using fileless malware meaning not hitting the hard drive by staying in memory. An example is kovter malware covered in a blogpost by airbuscybersecurity HERE. Sean Metcalf did a fantastic presentation at the recent Bsides Baltimore event covered HERE. In the post below, I’m taking a post on journeyintoir that covers investigating fileless malware. The original post can be found HERE. All of these are good reads. Continue reading
For those have been following the various forms of Ransomware in the wild (more on exploit kits and ransomware HERE), TelsaCrypt was one that came out a while back. Cisco’s security team Talos created a decryption tool for a few variants of TelsaCrypt (found here) however later versions used a form of asymmetric encryption preventing decryption. Well it seems the people behind TelsaCrypt have moved on to bigger and worst things closing shop and posting the master decryption key. They even said SORRY! Bleepingcomputing posted about this. The original post can be found HERE. Funny thing is somebody asked for the master key and they said yes! Many of us found this shocking.
Thehackernews posted about Facebook’s capture the flag platform HERE.
Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.
Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks. Continue reading
The Verizon Data Breach Investigations Report (DBIR) is one of the most popular referenced security research documents. I feel like every other presentation I see contains quotes and references however have you ever wondered how accurate the data is? The people at Trail of bits took a look at the DBIR’s data quality and found a ton of areas that need improvement. They opened the post with the statement “If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less”. Their original post can be found HERE. Continue reading
Motherboard posted a very interesting article on the person behind the breach of Hacking Team. Many people heard about Hacking Team being hacked however until now, there wasn’t any explanation of who, how or why it was done. The original post can be found HERE.
Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it. Continue reading
Cisco’s research group Talos posted a detailed article on the history and current state of Ransomware HERE. They provided some best practices to protect your organization from being compromised. It is a bit of a long read but worth spending the time to check out.
The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this we’re seeing ransomware evolve at an alarming rate. Continue reading
The Kernel posted a fantastic article on how to create a new digital identity. The original post can be found HERE. You may think it is as simple as creating a new email or social media account however there are many ways to be tracked. This post goes into those details. Continue reading