


The report of malicious actors having their stolen user IDs and passwords revealed by a simple Google search is Karma in action. It shows that attackers are susceptible to the same sort of simple configuration errors that many of them leverage against their targets. But this case also shows that attackers can operate phishing schemes successfully for many months before they're exposed.
Sadly, users often remain the weakest link in the security chain. While user education can help,
.....Read More
The revelation that advanced attackers, apparently based in China, have been targeting airline travel sites to track specific individuals is not a surprise. Tracking the travel patterns of individuals involved in certain industries or areas of research is information of great value to a State level intelligence agency. While it is the kind of specific information that might be useful to a cybercriminal going after a specific target, is guaranteed to be useful to a rival state agency.
Victi
.....Read More
While the revelation of details on almost two million Pixlr user accounts did not include financial information, it did include password hashes and enough information to be valuable for an attacker to launch carefully crafted spear phishing attacks, or a cast-netting attack against the Pixlr user base.

Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run on those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems. Fortunately, the botnet is still quite small and relies on Internet Relay Chat
.....Read More
The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached Solarwinds and multiple government agencies. This shows the skill and tenacity State and State sponsored actors can bring to bear when they are pursuing their agenda. Against this sort of opponent, civilian organizations will need to up their game if they don't want to become the next headline. Basic cybersecurity is not
.....Read More
Ethical Hacking group Sakura Samurai's exposure of the United Nations Environment Program's git repositories is another classic example of the consequences of an unintentional misconfiguration. Fortunately, the UN's IT team reacted quickly to close the hole, but it is likely that threat actors had already discovered the vulnerable data and acquired it themselves.
This shows that even multinationals with mature cybersecurity practices are not immune to this kind of misconfiguration, and
.....Read More
The cold war isn't over. It just moved to the internet. And the SolarWinds attack is a perfect example of a State or State Sponsored actor turning their resources to cyberattack. Unlike typical cybercriminals, these threats at this level have almost unlimited resources and will target virtually anything that may forward their agenda.
It is likely the damage from this attack will run much deeper than is revealed to the public, but it may serve as a wakeup call that organizations and vendors
.....Read More
The Juspay breach shows that 2021 is starting off Business as Usual for malicious actors, with long dwell times between intrusion and discovery. While some of the data in this breach were obfuscated, there is a very real possibility that the attackers could overcome the obfuscation. Even if they don't, the stolen information could be used for sophisticated social engineering or spear-phishing attacks.
Perhaps the biggest concern is the dwell time. The breach happening mid-August 2020 and
.....Read More
User credential theft is nothing new. Phishing and Social Engineering schemes have been targeting user accounts almost since they've existed, and Kela's revelation of the scope of employee credential loss is, unfortunately, not a surprise. Companies need to step up their AAA (Authentication, Authorization, Accounting) game to include multi-factor authentication and add security analytics to enable risk-based authentication as well. Attackers will continue to find ways to gather user ID
.....Read More
Sansec's revelation of a Magecart style skimmer that can infect multiple platforms is another indication of how sophisticated the attackers have become, while their attack tools evolve to become more versatile and effective. It is telling that this new strain appears to have gone undetected for several months. However, the revealed details also point to ways we can defend against this recent generation of attack tools. While home users can't be expected to have a full security stack,
.....Read More