60 Minutes has a video on cyberthieves stealing your credit card information. This is a must watch for everybody who has a debit/credit card; a must watch for every merchant and service provider. The 15 minute video talks of the rise in sophistication of attacks, how thieves imprint and sell cards, and what acquirers and brands are trying to do about it.
Visit the 60 minute site for the transcript.
A couple of weeks ago, I took the training and test. I just got news yesterday.
Yaay, Go me! I’ll get my PCIP as well, because, why not?
Now onto my next certification.
Be sure to stop and think about where you are when you are out and about, don’t use public wifi hotspots. It’s cyber hunting time and your data is the target and it is very easy for malicious evil doers to create fake public wifi spots that they can get your data from.
An “extremely complex” and “stealthy” Stuxnet Equivalent spying program has been stealing data from ISPs, energy companies, airlines and research-and-development labs.
Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.
Regin is a highly-complex threat which has been used in systematic data collection or intelligence gathering campaigns. The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long term surveillance operations against targets.
The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering. Symantec believes that many components of Regin remain undiscovered and additional functionality and versions may exist. Additional analysis continues and Symantec will post any updates on future discoveries.
Read the Symantec paper on it here.
My sweet little wife had her birthday and we went to Zoolights with the family to celebrate! Jaime, Pat, Courtney, and Beau have never been before. So it was nice bringing everybody to check out the awesome ZooLights at the Phoenix Zoo. We even walked around with hot chocolate and sweet kettle corn!
Passweird is a fun and interesting way to generate a password that meets most regulatory compliance password requirements.
In other news, Cyber thieves have started targeting the password managers, like KeePass.
If you haven’t seen #FeministHackerBarbie, you must!
![CarmeloWalsh[.]com](https://www.carmelowalsh.com/wp-content/uploads/2025/03/cropped-20250226_105950000_iOS.jpg)
#FeministHackerBarbie is great!
— Carmelo Walsh, CISSP (@CaRMCyberSec) November 22, 2014
It was found that some Chinese made eCigarettes and their USB charging cables, have been made with malware built right in. When plugged into a computer, it phoned home. Is this a true story or a hoax? Hard to tell as the story broke on Reddit.
Since the proof of concept code for BadUSB came out, this story is believable.
How you can protect yourself:
Get an external USB charger, it doesn’t plug into your computer, like this USB charger
They have a great article here for more information.
Google Firing Range is an automated Web Application Security Scanner.
Version 0.42, which was released Tuesday checks for
It is available here on GitHub
