FBI Warns of Keystroke Loggers Disguised as USB Phone Chargers

The FBI has warned private industry partners of highly stealthy keystroke loggers that find passwords and other input typed into wireless keyboards. Lane Thames, Software Development Engineer and Security Researcher at Tripwire commented on this news. Lane Thames, Software Development Engineer and Security Researcher at Tripwire: “The Internet of Things (IoT) is exploding with many types of devices. Unfortunately, […]

Nothing to Fear but a Data Incident

incident response

For decades, it seems, public speaking was America’s biggest phobia. However, a recent study from Chapman University found that’s changed: Cyber-terrorism, corporate tracking of personal information, government tracking of personal information, identity theft and credit card fraud are now five of the top 10 fears held by Americans. Even a few of the other five […]

Security Expert Comments on 100 thieves in Japan take $13M in 3 hours

The Guardian is reporting:  Members of an international crime syndicate are suspected of stealing more than 1.4bn yen (US$12.7m) from cash machines in Japan in the space of less than three hours, in an audacious heist that involved thousands of coordinated withdrawals.  Police believe that as many as 100 people, none of whom have been apprehended, worked together […]

Instagram Holes Leave Accounts Open to Hijack

Following reports that Instagram holes have left accounts open to hijack, Tod Beardsley, Security Research Manager at Rapid7 commented below. Tod Beardsley, Security Research Manager at Rapid7: “The authentication issues found and reported by Arne Swinnen highlight the success of Facebook’s bug bounty program for its Instagram property. Given the combination of easy user enumeration — guessing valid user IDs […]

Implement Oracle Database Firewall using Valid Node Checking

Introduction One of the Oracle Database Listener features for protecting your Oracle databases from malicious attacks from unauthorized locations is by implementing the Valid Node Checking (VNC) feature. Through this feature, access to the database can be restricted based on the IP address (or host name) of the client machine attempting to connect to the […]