BackSwap is new banking malware recently discovered by Eset1 and later analyzed by CERT Polska.2 Unlike previous banking trojans, which typically either intercept requests and redirect users to fake banking websites or inject malicious code from command and control (C&C) servers to manipulate browser processes, BackSwap keeps its campaign locally. The JavaScript is hardcoded and…
Read MoreIn August 2018 when we presented our research on the extreme vulnerability of many emergency services vehicles due to their use of onboard cellular gateways, we hoped to get the attention of people who could help change things. After all, when you tell the world you’ve been able to easily track police cruisers, in real-time,…
Read MoreEvery CISO dreams of the unhackable computer. A common method of bullet-proofing a system is to disconnect it from the outside world.1 No Internet. No wireless. No modem. Then you surround the computer with guards and gates. This is called an air-gapped system and it is supposedly hack-proof. In reality, it’s not. In 2010, the…
Read MoreOne of the missteps I found was that, by default, the Tor node would accept and relay BitTorrent traffic. My American ISP detected the BitTorrent traffic exiting my node and started sending me emails, and, I suspect, interfering with my network traffic (though I didn’t prove that beyond a suspicion). Fortunately, the Tor Project…
Read More
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. The crackdown has begun with 13 individuals and their close families (i.e., spouses and children) linked to commercial spyware operations. Taken pursuant to Section 212 (a)(3)(C) of the…
Read MoreCertificate revocation is an important, if ill understood, part of enterprise security. In this three-part blog series, I’ll explore why we need it, how you do it, and strategies for maximizing the benefits you get for it. Certificates Everywhere The use of digital certificates is growing exponentially. In particular, the move to a fully encrypted…
Read More
Becky Holmes loves DMing with scammers. When it comes to romance scammers, she will do whatever it takes, pursuing them to the great delight of her fans on social media. From flings with A-listers to the lantern-jawed soldier with a heart of gold, Becky’s on a mission to unravel the weird world of online swindler…
Read MoreAny CISO who’s been around the block understands Erik’s words. So, let’s roll up our sleeves and get started by understanding the scope of the problem. Understand Needs The first step in any security project is to be sure you have a clear inventory of your asset and applications. Everything flows from them. For most,…
Read MoreMost blogs are written in the first person, and this one is for a particular reason. I myself am half Filipino, have had transactions with Filipino government systems, and I am also a security expert. So, my personal insight may be more useful and impactful than a corporate statement. The 2018 Philippine Identification System Act,…
Read MoreThreat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations. Source link lol
Read More