Hot Topics
It Takes a New Kind of Weapon to Defend a New Kind of Threat -

When it comes to the black market, credit and debit card information shared with retailers is highly coveted plunder.. 

13 hours ago | 0
Drupal 7 Compromises Leading to RIG Exploit Kit -

My friends at RiskIQ have a great blog around Drupal 7 vulnerability released today. Over the last several days,. 

1 day ago | 0
Sweet Orange Web Exploit Kit -

Sweet Orange is a popular exploit kit making it rounds as one of the latest and most popular exploit kits. It can. 

1 day ago | 0

It Takes a New Kind of Weapon to Defend a New Kind of Threat

By Blog | On Fri, Oct 31st, 2014 - No Comments »
new_threat

When it comes to the black market, credit and debit card information shared with retailers is highly coveted plunder. It turns out firewalls, IDS/IPS and antivirus are no longer effective ways to keep black hat hackers and other types of cyber thieves out. The adversary is well funded, highly motivated, and they’re not going to go away anytime soon. In an October 1st blog on Vasco.com,. 

Drupal 7 Compromises Leading to RIG Exploit Kit

By Aamir Lakhani | On Thu, Oct 30th, 2014 - No Comments »
Drupal

My friends at RiskIQ have a great blog around Drupal 7 vulnerability released today. Over the last several days, RiskIQ has observed numerous incidents involving visits to sites running on the Drupal content management system. Several installations of Drupal 7 have been observed serving an injected script tag that directs site users to sites hosting the RIG exploit kit. Observed instances. 

Sweet Orange Web Exploit Kit

By Aamir Lakhani | On Thu, Oct 30th, 2014 - No Comments »
bloodoranges

Sweet Orange is a popular exploit kit making it rounds as one of the latest and most popular exploit kits. It can affect the latest Windows operating systems, including Windows 8.1 and Windows 7. It can also exploit newer versions of Internet Explorer, Firefox, and Google Chrome. According to Webroot, “What’s particularly interesting about the Sweet Orange web malware exploitation kit. 

Third-Party Code: Fertile Ground For Malware

By Blog | On Wed, Oct 15th, 2014 - Comments Off
riskiq_logo_2colors

How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.  Modern websites rely on many moving parts operating behind the scenes, which often include a mashup of Javascript, content, files, applications, and digital ads. Some of this code may be written by website owners, while the rest of the content can be any combination. 

The Fappening: A Wake-Up Call for Cloud Users

By Blog | On Fri, Oct 10th, 2014 - 2 Comments
The Fappening

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT. But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security,. 

Cyber Risk – 12 Steps to Protect Your Cell Phone from Fraudsters

By Blog | On Thu, Oct 9th, 2014 - Comments Off
byod

Author: Sarah Grano The increased popularity of mobile banking has caught the attention of fraudsters. According to a 2014 survey by the American Bankers Association, mobile is the preferred method of banking by 10 percent of consumers, up from 1 percent in 2011. In recognition of National Cybersecurity Awareness Month, ABA recommends that consumers take extra precaution to protect the. 

Raspberry Pi As A Hacking Arsenal

By Aamir Lakhani | On Tue, Oct 7th, 2014 - 2 Comments
Raspberry_Pi_logo

Last year my colleague and I wrote a book on Web Penetration Testing with Kali Linux. This year, my colleague and I are putting the finishing touches of a new book that will centered around how to run Kali Linux on a Raspberry Pi to perform various penetration testing scenarios. We wanted to use the Raspberry Pi as a cost-effective platform to be able to use to find vulnerabilities and. 

AT&T Confirms Insider Breach

By Aamir Lakhani | On Mon, Oct 6th, 2014 - Comments Off
Breach_graphics

Insider threats have breached AT&T customer information according to Help Net Security. One of the company’s employees used unauthorized access to the systems to gain information around customer account info, which included social security and driver’s license numbers. “Additionally, while accessing your account, the employee would also have been able to view your Customer. 

Archie: Just another Exploit kit

By Blog | On Mon, Oct 6th, 2014 - Comments Off
archie_exploit_kit-680x400

AlienVault, creators of the very cool tool product Unified Security Management (USM) product suite wrote and excellent blog post on the Archie Exploit Kit. We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims’ systems. The number of Exploit Kits available has experienced exponential growth. 

Top 10 List of Cyber Security Health Checklist

By Blog | On Thu, Oct 2nd, 2014 - Comments Off
iStock_000018892265XSmall

The recent news of high profile breaches such as CHS, eBay, Home Depot, and JPMC we wanted to type out a personal note just to share some basic checklists organizations should consider when designing and deploying security solutions. Datacenter infrastructure and purpose-built devices (such as point of-sale machines) are common themes within these major breaches and there are some basic.