Although not new news Microsoft’s recent Zero Day event which could have had mind numbingly bad consequences. That being said, Microsoft’s response is a great illustration of how the system should work. One must tip one’s hat to the response which has historically, and not just by Microsoft, been po
Last week Cisco’s research arm Talos confirmed that it had detected a Remote Access Trojan (RAT), which they have termed KONNI, that has attacked organizations associated with the Hermit Kingdom. It has also been confirmed that by Talos that the earliest of these attacks using the above-mentioned ma
As of the first of May 2017 a new version of the CryptoMix, or CryptFile2, ransomware has been detected. This new version uses the Wallet extension for encrypted files. Previously, the Wallet extension was used on Dharma/Crysis and Sanctions ransomware. This new version of CryptoMix is currently usi
Last year hackers were caught on camera using their smartphones to empty ATMs. The thieves stole $2.2 million USD before they fled the country. Nixdorf, the ATM maker, said three different strains of malware were found on the devices. Software on the smartphone enabled the malware. Security researc
Cross-Site Request Forgery (CSRF) is a hacking technique of getting a user who is logged into an application to execute certain commands while authenticated and logged in. The Magento shopping cart (version 2.1.6 and below) has a security issue that allows that. Magento has known about this for some
Threat Intelligence feeds are designed to provide real time updates on hostile domains, IP addresses, and active malware on the internet. These are two kinds of data feeds: free and paid. The idea with data feeds is you use those to block IP addresses and IP address ranges, domains with certain reg
Heimdal Security says the Rig Exploit Kit has been used to plant Cerber ransomware on domains ending with the .news suffix, including the shortened list shown below. (Cerber has the unique feature of talking to its victims.) An exploit kit is a set of tools developed by criminal gangs. They keep a
Wikileaks still has not published all of the source code of the CIA zero-day defects that they mentioned a few weeks ago. This is while Julian Assange negotiates with affected hardware and software vendors when to give them this code so they can fix these security weaknesses before Wikileaks publish
A watering hole attack is one way that hackers can go after an individual organization or type of organization. Unlike a phishing attack it is designed to infect websites that people are known to frequent based upon where they work. For example, they could infect the website of a delivery pizza serv
In Outside the Closed World: On Using Machine Learning for Network Intrusion Detection the authors write: "In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from