An unnamed but well speculated bank in Brazil (likely Banrisul) had its DNS servers taken over by hackers for a period of about 6 hours one Saturday afternoon last October. Before I explain the impact, let me spend a minute on what DNS is and why it is important. The Internet works on numbers; humans […]
Continue reading → [DISPLAY_ACURAX_ICONS]While this is not unusual it is still worth reiterating. A web server at the Paul F. Glenn Center for the Biology of Aging at Stanford hosted malware for months, undetected. The malware started by installing a web shell onto the web server. This shell was able to do a number of things including upload […]
Continue reading → [DISPLAY_ACURAX_ICONS]As if Yahoo didn’t have enough trouble, it apparently was using a third party software library called ImageMagick which had a serious security bug in it. The library which is used to manipulate images is very widely used. Or at least, it was. Some people say that it has not aged well. Security researcher Chris […]
Continue reading → [DISPLAY_ACURAX_ICONS]In 2013 Booz employee and NSA contractor Edward Snowden flew to Hong Kong after leaking huge quantities of highly classified NSA documents, proving that even the NSA is challenged to keep secrets under wraps. Those documents are still being dribbled out today. Earlier this year, when the FBI was trying to track down the Shadow […]
Continue reading → [DISPLAY_ACURAX_ICONS]For years we have been worrying about whether the apps (or applications) that we use are secure. Now we have to worry about whether the back end servers that our apps talk to are secure. You may remember that recently hackers discovered thousands of Mongo database servers that had no Admin password and created a […]
Continue reading → [DISPLAY_ACURAX_ICONS]For a long time I have said that there are multiple forms of ransomware such as: The hacker encrypts your computer and gives you the decryption key if you pay the ransom. The hacker encrypts your computer and DOES NOT give you the decryption key when you pay the ransom. The hacker PRETENDS to encrypt […]
Continue reading → [DISPLAY_ACURAX_ICONS]