Category: hacks

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Continue Reading

LinkedIn and LOLBINs

Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…

Continue Reading

It could happen to anyone…

The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…

Continue Reading

The elusive USB drive attack

Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…

Continue Reading

Living off the land – EFS Ransomware

Attackers have responded to improved security against malware in Windows environments by “living off the land” (LOTL) – using the tools already present in the…

Continue Reading

Aging reports – new ammo for attackers

Another reminder that attackers are getting more sophisticated and taking the time to learn about their victims and their business processes before launching their phishing…

Continue Reading

Juice Jacking – meh!

Lately, I have been seeing a number of posts and articles warning us all not to use publicly available USB charging points due to the…

Continue Reading

Snail mail hacking

Some of the most effective hacks don’t require the attacker to touch your computer. This article from Flashpoint provides some insight into how criminals are…

Continue Reading

The NYPD (and the rest of us) need some new barricades

Not all security barricades are made of wood. Some are made of bits. According to the New York Post, the New York Police Department ran…

Continue Reading

Deepfakes – Welcome to the post truth society

I recently watched the New York Times’ Weekly episode “Deepfakes – Believe at Your Own Risk” and while I have been concerned about the implications…

Continue Reading