In case you missed it, a USB exploit called BadUSB was announced at BlackHat this year. It unveils a method of re-writing the firmware of a USB device in such a way as to create undetectable, malware capable of anything, on Windows machines, MACs and Linux devices, and you don’t have any tools to stop […]
InfoSec
SuperValu Inc. has announced that the discovery of malware in it’s Point Of Sale (POS) systems for the second time. The first occurred during June and July of this year. SuperValu said in a news release on it’s web site that a new, different malware has been detected in the payment processing network which services […]
Bash bug. We’re not talking about what to do when we find a cockroach – we’re talking about CVE-2014-6271/CVE-2014-7169, a remote vulnerability in what is arguably the most popular Unix/Linux command interpreter, and all versions of it since 1994 through…oh…now. This potentially allows virtually any hacker to get any (full) access to almost any non-Windows […]
I would like to think I didn’t have to tell folks this, but my instincts say otherwise, so here: If you get an email, or a Tweet, or a Skype message, or a Facebook post offering you a link to stolen celebrity nude photos, just move on. Don’t stop and think about it. Don’t hover […]
Computer security folks use a tool known as VirusTotal to check suspicious files against a whole slew of antivirus programs at once. It’s a great way to see which, if any, antivirus programs may detect an exploit. Turns out that the bad guys are using it, too, so that they can alter their malware code […]
Security journalist Brian Krebs reports that FireEye and Fox-IT have put together a decryption tool for victims of the Cryptolocker trojan. Uploading an encrypted file (choose one with non-sensitive data) will generate the decryption key with which you can recover your files from the encryption ransom-ware. Note that this only works with the original Cryptolocker, […]
InfoSec firm Hold Security reports that Russian gangs are sitting on what is probably the largest cache of pilfered login credentials to date, over a billion unique logins with passwords. How many is that, actually? ALL OF THEM!! Yours included. Probably. Source: Hold Security – YOU HAVE BEEN HACKED
According to G Data Software, a persistent malware hides itself in a registry entry, which cannot be displayed by regedit, and runs as a Powershell script, even on systems where script processing is disabled. This malware does not use any actual files, thus there is nothing for an AV scanner to scan. Fortunately, SysInternals tools […]
Recent Comments