Entries by admin

Vulnerability disclosure leads to stock price manipulation

Late last week a hedge fund by the name of Muddy Waters and information security company MedSec made a surprising maneuver. They shorted the stock of St Jude Medical after telling them of two vulnerabilities which St. Jude Medical said were non issues. After being told this, they shorted the stock and published their findings. […]

60 million accounts from dropbox hack has been dumped on the internet

On the 31st of august 60 million account details for online cloud storage provider Dropbox has now surfaced on the internet. The accounts were stolen during a previously disclosed breach in 2012, and Dropbox has already forced password resets earlier this week, previously it was not known how many users had been affected, and only […]

Credential stuffing and resold accounts on the dark web

This month several databases including databases claiming to be from targeted attacks of companies like o2 and other providers has surfaced on the dark web. o2 is denying that there has been any data breach and are citing the cause as a likely incident of Credential stuffing. Credential stuffing is an attack where the attacker take previously known leaked credentials and cross […]

National Democratic party hacked and emails released to the public

This months Wikileaks have published internally sensitive documents that come from a hack that targeted the Democratic National Committee (DNC). This lead to the eventual resignation of the Chair Debbie Wasserman Schultz. CrowdStrike broke news that the Russians had hacked the Democratic National Convention email but not details of how the attribution was performed have been shared with the public. […]

SMS-based Two-Factor Authentication (2FA) has been declared insecure

Two-Factor Authentication or 2FA adds an extra layer of security by entering a random passcode sent to you via an SMS or call when you log on to your account. Two factor authentication via telephone text messages has up until today been one of the most common forms of 2FA. While 2FA tokens are used to deter attackers due […]

Malware in syndicated adverts

Over the last month we have seen a great increase in adversaries buying access to existing ad providers that are accepted by the large advertising syndicates and has been using these domains to serve targeted malware through main stream and well known media sites. This targeted malware seems to be originating from Russia and Eastern […]

JPEG image exploits found on most popular adult sites

There have been increased reports of JPEG malware, where malicious code can be inserted into what appears to be an innocuous file, with real jpeg files containing an image and designed to execute the code upon the opening of the file. The viewing of porn may not be allowed in your business, nor is it […]

Continuous Increase of Hacked Databases Offered On The Dark Web

The adversary called ‘thedarkoverlord’ operating on ‘TheRealDeal’ market is offering to sell copies of hacked US and UK health services. The database dumps contain between 41,000 and 220,000 unique personal records and medical records. The purchase price ranges from 150BTC to 607BTC (BitCoin) ($395,000). This is a continuation of a trend that medical systems are […]

LinkedIn Data Leak

Everyone has most likely already heard about the recent leak of the 6.5 million LinkedIn passwords. Although the information dates back to 2012, Intelliagg has found the leaked source files and has determined that 30% of the leaked passwords are still valid. LinkedIn is a professional social networking platform, which links people to their past […]