Metasploit is a tool that white hat hackers use to do penetration testing. No doubt criminals use it too. What Metasploit does is take exploits gathered by thousands of contributors and package them into scripts and a command line and web interface so that security admins and analysts can test if a
Microsoft publishes security bulletins and advisories here. Those warn of vulnerabilities in Microsoft products. You can sign up for updates via RSS or email here. They say: “To improve security protections for customers, Microsoft provides vulnerability information to major security software
A group of hackers known as Carbank, who in 2015 stole an incredible $1 billion USD from banks, have been again using RTF documents with embedded OLE objects to plant malware on computers. They send these documents in emails using phishing attacks. Then they use Google services on the machine to pla
The Tor browser is a tool used by Edward Snowden, journalists, US government workers traveling overseas, terrorists, criminals, pedophiles, and people downloading movies and doing chat to protect their IP address from discovery. But recently there was a zero day defect that unmasked the identity of
The drama, some might say circus, keeps unfolding around the Russian spying on the US election. What is remarkable is that President-elect Trump is at odds with the security apparatus he will soon inherit. He is saying he does not agree that the Russian government did the hacking. The US intelligenc
The Department of Homeland Security and FBI Have released technical details of the hacking of the Democrat Party and Clinton Campaign that they first described in this document in October. As President Obama promised, the government has released proof that this hacking came from Russian intelligence
It seems hackers also go after people who are supposed to be educated about the dangers of phishing: tech professionals. Last week I updated the DNS records for my personal email domain. So I was easily tricked when a few hours later I got this email that looks very much like it came from Google su
In what one could characterize as the worst banking hacker attack this year - and the only one to have ever caused a bank to shut down its site - Tesco Bank shut off online banking for all of its accounts after 40,000 of them were attacked. Hackers stole £2.5 million from 9,000 accounts. The bank st
The The New York Times, under the scary headline “Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say,” reported that Kryptowire security researchers reported that a Chinese firm Shanghai Adups Technology Co. Ltd has planted software on hundreds of thousands of Android devices and i
SHA-1 (Secure Hashing Algorithm 1) is an encryption algorithm used to encrypt traffic to and from SSL/HTTPS websites. It has some known security weaknesses. So it is being phased out and replaced with SHA-2 and SHA-3. Certificate authorities will quit issuing SHA-1 certificates in January 2017. Micr