110,000 People are Looking For Love in all the Wrong Places

Posted on February 1, 2015 by Carmelo

and getting a nasty infection too. A click-bait trick where a picture is made to look like a video that ‘requires’ Flash is circulating Facebook. The malware installs a Trojan to the computer, allowing the mouse and keyboard to be hijacked as well as labels the person who clicked on it a pervert who shared and tagged up to 20 of his or her friends onto the original picture.

Facebook is trying to eliminate these campaigns, Google also has been moving all of Youtube to HTML5 so Flash isn’t required and videos can be natively seen through modern day browsers (everything but old versions of Internet Explorer).

Sometimes bad guys use other types of shocking news aside from pornography, using famous celebrities as as a motivator.
Miley-Cyrus-Is-Dead-Drug-Overdose-Suggested-Facebook-Scam

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on 110,000 People are Looking For Love in all the Wrong Places

Stupidest Movie Hacks

Posted on January 31, 2015 by Carmelo

Dorkly had this posted, it’s worth a good chuckle!

Posted in Security Blog | Tagged , , | Comments Off on Stupidest Movie Hacks

BMW Vulnerable to Remote Unlock

Posted on January 30, 2015 by Carmelo

Update your BMW’s internal software and your smartphone app as soon as possible, the patch should deploy automatically by January 31st, but there is a chance your vehicle didn’t get the patch if you parked underground.

The affected version of ConnectedDrive, a vehicle application that can be controlled via smartphone apps, has the ability to sound the horn, adjust the climate control, and unlock the doors. Update your smartphone apps as well.

ConnectedDrive

The ConnectedDrive application also exists in Rolls Royce and Mini Coopers.

Read more on Tom’s Guide

Posted in Security Blog | Tagged , , , , | Comments Off on BMW Vulnerable to Remote Unlock

Spear Phishing

Posted on January 30, 2015 by Carmelo

Cyber thieves stole nearly $215 million from businesses in the last 14 months using email scams. Once a high level exec has his or her email compromised, the bad guys lurk, learn the schedules, learn the business, learn the business trips, and take advantage of scenarios where it is most opportune to email a trusted colleague or financial personnel to move money via wire-transfer.

The CSO website has some scenarios of the attack to raise awareness for employees. Also the full Krebs article is here in regards to the Business Spear Phishing.

value of hacked email brian krebs

I love this graphic that Brian Krebs put together. Some things that the graphic doesn’t cover, is home stability. If your email is compromised, there can be disruption of home conveniences such as cancelling trash pickup, turning the water, Internet/Phone/Cable, and electricity off, or many other malicious problems.

Some new PCs, preloaded with Windows 8.1, try to have you set up and have a login with your live.com account, with admin access to your own computer. For some, there is a direct correlation between the above graphic and this one:

HackedPC2012

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Spear Phishing

Data Privacy Day: 2015

Posted on January 28, 2015 by Carmelo

Every January 28th, is Data Privacy Day. A good reminder to police yourself and clean up your digital footprint you left on the Internet.

The 2nd Annual Report on How Personal Technology is Changing Our Lives, reports that Privacy is very negatively impacted, worldwide.

Did you know that Facebook, Twitter, and Google track your visits to any website with a displayed “Like,” “Tweet” or “+1” icon, whether or not you even click one of those buttons?

privacyfrommscorpreport

We’ve all done something embarrassing at one point or another, probably there is evidence online. Go sweep out the digital dirt before you get doxed and have to try to save face in the real world.

Posted in Security Blog | Tagged , , , , , | Comments Off on Data Privacy Day: 2015

DOE Grants $25 Million for Cybersecurity Education

Posted on January 27, 2015 by Carmelo

The Department of Energy announced it will provide $25 million in funding over the next five years to support cybersecurity education at more than a dozen Historically Black Colleges and Universities.

As highlighted by the President earlier a couple weeks ago, the rapid growth of cybercrime is creating a growing need for cybersecurity professionals across a range of industries, from financial services, health care, and retail to the US government itself. By some estimates, the demand for cybersecurity workers is growing 12 times faster than the U.S. job market, and is creating well-paying jobs.

cybersecurityschool

Posted in Security Blog | Tagged , , , | Comments Off on DOE Grants $25 Million for Cybersecurity Education

Doxing

Posted on January 27, 2015 by Carmelo

What-Is-Doxing-and-How-Can-You-Avoid-It-V3

Here are some doxing tutorials.

Posted in Security Blog | Tagged , , , , | Comments Off on Doxing

Under 11 Minutes to Crack WiFi for 7 Year Old

Posted on January 27, 2015 by Carmelo

Seven-year-old Betsy Davis, using only youtube videos for knowledge, was able to find out how to hack the controlled environment’s public WiFi.

She set up a rogue access point for a Man-in-the-Middle (MitM) attack, which allowed her to steal data from other computers accessing the network.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Under 11 Minutes to Crack WiFi for 7 Year Old

Cisco’s 2015 Security Report

Posted on January 27, 2015 by Carmelo

Cisco said Java represented a whopping 91 percent of all indicators of compromise, the best way to combat it? With some good old fashioned Security Awareness. Cisco’s 2015 annual security report,  was released last week.

As part of its report, Cisco suggested companies should follow five security principles:

Security must:

  • Support the business
  • Work with existing architecture – and be usable
  • Be transparent and informative
  • Enable visibility and appropriate action
  • Be viewed as a “people problem”

These five principles should help get boards of directors, company execs, and front-line employees more involved in security.

Posted in Security Blog | Tagged , , , | Comments Off on Cisco’s 2015 Security Report

Ghost to the Shell

Posted on January 27, 2015 by Carmelo

During a code audit, researchers at Qualys discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc which can get access to the shell.

The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

During their testing, they developed a proof-of-concept in which they sent a specially created e-mail to a mail server and got a remote shell to the Linux machine.

It’s called GHOST because it can be triggered by the GetHOST functions. There are exploits in the wild, there are also patches.

Posted in Security Blog | Tagged , , , , , | Comments Off on Ghost to the Shell