Just ONE day after the announcement of the NINETEEN YEAR OLD bug in the very popular WinRAR utility, Checkpoint Software found examples of it being exploited in the wild. Given that the vast majority of the 500 million copies will likely NEVER be patched and the fact that the bug allows the hacker to take […]
Continue reading → [DISPLAY_ACURAX_ICONS]Many employees are at least curious about their next job. That is the basis for this attack. The attacker sends Linkedin direct messages from a legitimate Linkedin account. If that doesn’t appeal to the target, the attacker sends emails to the targets business email address suggesting a job offer. The links in the email points […]
Continue reading → [DISPLAY_ACURAX_ICONS]Over 5 Billion Records Exposed in 2018 Risk Based Security is reporting that there were 6,515 publicly reported breaches in 2018 exposing over 5 billion records. This is a couple hundred breaches less than 2017, but the final numbers are not in yet as breaches continue to be reported. The number of days between discovery […]
Continue reading → [DISPLAY_ACURAX_ICONS]Last week I wrote about 4 different cases where courts are moving in the direction of making it easier for plaintiffs to sue companies in case of a breach. Now we have another situation. In the past, judges have approved settlements that only made the lawyers rich. The plaintiffs sometimes got, literally, nothing. That is […]
Continue reading → [DISPLAY_ACURAX_ICONS]Text Messaging for Two Factor Authentication is Under Attack We have talked on occasion about a basically theoretical attack against text messages as the second factor for authentication. It is likely that the feds know more than they are telling us about that since the National Institute of Standards and Technology has deprecated the use […]
Continue reading → [DISPLAY_ACURAX_ICONS]GoDaddy has an interesting feature. If a hacker creates a FREE GoDaddy account they can and have created a whole bushel of mischief. If you have a free account, you can use GoDaddy’s managed DNS service for free for a limited amount of time. Only problem is that GoDaddy didn’t validate that you owned the domain […]
Continue reading → [DISPLAY_ACURAX_ICONS]