Spear Phishing and Cryptocurrency Hacking
Apparently CryptoCore has raked in about $200 million USD from practicing low tech techniques like Spear Phishing and Whaling. The executives running the cryptocurrency exchanges were targeted in order to steal the wallet credentials. Worse yet, is that they have been very effective in covering their trail. Its likely to be based in eastern Europe,… Continue reading Spear Phishing and Cryptocurrency Hacking
Turn off Your Bluetooth ASAP
There are a bunch of new exploits out that use bluetooth to do a whole list of dirty deeds. It covers everything from simple data harvesting.. collecting your emails, your text messages, and your whole phone book to actually being able to send things as you to other people. These are basically replay attacks where… Continue reading Turn off Your Bluetooth ASAP
DevSecOps is Critical
In talking to one of my colleagues and explaining the difference between DevOps and DevSecOps to a colleague, I came across an interesting set of Google search results. When I google for ‘misconfigured AWS S3 bucket data breach’, I get 81,000+ results. 7 million Indian financial records exposed, 128 million US household records exposed, UK… Continue reading DevSecOps is Critical
Service Accounts Now More Numerous than Human Accounts
More on the IoT “Revolution” we have going on. Your IoT devices and other service accounts probably account for the bulk of the entries in your Active Directory or LDAP. When was the last time any of them had their credentials updated? What do those accounts access? When did you last audit them to be… Continue reading Service Accounts Now More Numerous than Human Accounts
GDPR Changes Coming Soon
The EU is revisiting GDPR and the only certainty is that there will be changes made to legislation. As things sit currently, not all the member states agree on a lot of pretty basic things like what age a child can consent to have data collected and under what circumstances or what constitutes a public… Continue reading GDPR Changes Coming Soon
Shadow IT – The New Backdoor
A new IBM XFORCE Analysis of hacking attempts shows that Shadow IT is becoming a far more serious issue than was previously thought. 45% of of the incidents that they investigated were due either to improperly configuring cloud environments or or issues with applications being launched into the cloud outside of approved channels (aka Shadow… Continue reading Shadow IT – The New Backdoor
Twitter Hack of Obama, Musk, Others Started on Slack
The New York Times is reporting that the recent hack of high profile Twitter accounts started by unauthorized users gaining access to a Slack channel where the credentials to log in to the back end Twitter systems were posted. So Twitter employees are sharing credentials. Its not clear, at that moment anyway, how the malicious… Continue reading Twitter Hack of Obama, Musk, Others Started on Slack
Voter Fraud and Election Manipulation in the Digital Age
“General Motors, General Mills, General Foods, general ignorance, general apathy, and general cussedness elect presidents and Congressmen and maintain them in power.” ― Herbert M Shelton While electronic voting seems like a good idea, please allow me to explain why it is extremely dangerous. I come from Texas and Duval County (in Texas) is quite… Continue reading Voter Fraud and Election Manipulation in the Digital Age
Open Door Via Your Printers
Shadowserver Foundation just released a report of all the printers that they were able to connect to via Internet Printing Protocol (IPP). IPP exists to allow users to print to office printers over the internet. However, that only works correctly if you actually turn on the security for it. What Shadowserver discovered is that many… Continue reading Open Door Via Your Printers