Hot Topics
Third-Party Code: Fertile Ground For Malware -

How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable. 

1 week ago | 0
The Fappening: A Wake-Up Call for Cloud Users -

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data. 

2 weeks ago | 1
Cyber Risk – 12 Steps to Protect Your Cell Phone from Fraudsters -

Author: Sarah Grano The increased popularity of mobile banking has caught the attention of fraudsters. According. 

2 weeks ago | Comments Off

Third-Party Code: Fertile Ground For Malware

By Blog | On Wed, Oct 15th, 2014 - No Comments »
riskiq_logo_2colors

How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.  Modern websites rely on many moving parts operating behind the scenes, which often include a mashup of Javascript, content, files, applications, and digital ads. Some of this code may be written by website owners, while the rest of the content can be any combination. 

The Fappening: A Wake-Up Call for Cloud Users

By Blog | On Fri, Oct 10th, 2014 - 1 Comment
The Fappening

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT. But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security,. 

Cyber Risk – 12 Steps to Protect Your Cell Phone from Fraudsters

By Blog | On Thu, Oct 9th, 2014 - Comments Off
byod

Author: Sarah Grano The increased popularity of mobile banking has caught the attention of fraudsters. According to a 2014 survey by the American Bankers Association, mobile is the preferred method of banking by 10 percent of consumers, up from 1 percent in 2011. In recognition of National Cybersecurity Awareness Month, ABA recommends that consumers take extra precaution to protect the. 

Raspberry Pi As A Hacking Arsenal

By Aamir Lakhani | On Tue, Oct 7th, 2014 - Comments Off
Raspberry_Pi_logo

Last year my colleague and I wrote a book on Web Penetration Testing with Kali Linux. This year, my colleague and I are putting the finishing touches of a new book that will centered around how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. We wanted to use the Raspberry Pi as a cost-effective platform to be able to use to find vulnerabilities and. 

AT&T Confirms Insider Breach

By Aamir Lakhani | On Mon, Oct 6th, 2014 - Comments Off
Breach_graphics

Insider threats have breached AT&T customer information according to Help Net Security. One of the company’s employees used unauthorized access to the systems to gain information around customer account info, which included social security and driver’s license numbers. “Additionally, while accessing your account, the employee would also have been able to view your Customer. 

Archie: Just another Exploit kit

By Blog | On Mon, Oct 6th, 2014 - Comments Off
archie_exploit_kit-680x400

AlienVault, creators of the very cool tool product Unified Security Management (USM) product suite wrote and excellent blog post on the Archie Exploit Kit. We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims’ systems. The number of Exploit Kits available has experienced exponential growth. 

Top 10 List of Cyber Security Health Checklist

By Blog | On Thu, Oct 2nd, 2014 - Comments Off
iStock_000018892265XSmall

The recent news of high profile breaches such as CHS, eBay, Home Depot, and JPMC we wanted to type out a personal note just to share some basic checklists organizations should consider when designing and deploying security solutions. Datacenter infrastructure and purpose-built devices (such as point of-sale machines) are common themes within these major breaches and there are some basic. 

Space Invaders and Website Security

By Aamir Lakhani | On Tue, Sep 30th, 2014 - Comments Off
space_invader

A couple of months ago I got invited to speak at ShowMeCon I based my talk how to relate building an IT security awareness program using the same tricks and mindset you would in in team strategy video games in a talk titled, Power-Ups and Princesses.  My friend, Peter Zavlaris wrote an excellent piece on the RiskIQ blog. I recommend you check it out. Traditionally, the most formidable approach. 

TorrentLocker Unlocked … For Now

By Joey Muniz | On Mon, Sep 29th, 2014 - Comments Off
ransom1

There has been a lot of publicity on Ransomware campaigns compromising various targets (I posted on CryptoLocker HERE and Ransomware spreading in the wild HERE). For those that don’t know what Ransomware is, its malware that encrypts your data and holds it ransom for a fee to unlock it. The cost to get your data back can be anything from hundreds to thousands of dollars. Plus you. 

How to configure an ASA with built-in Sourcefire Firepower home lab

By Joey Muniz | On Fri, Sep 26th, 2014 - Comments Off
sourcefire-logo

For those following Cisco security, you probably know Cisco acquired Sourcefire last year (more found HERE). The most anticipated release has been adding Sourcefire’s flagship Firepower offering inside Cisco’s most popular firewall offering the Adaptive Security Appliance (ASA). As of September 16th, this offering is officially available. You can find data sheets, configuration guides.