The Cleaver group is once again in the headlines managing a well-developed network of fake LinkedIn profiles for cyber espionage purpose. Do you remember the Iran-based APT Cleaver? In December the security firm Cylance released a detailed report on the hacking Operation Cleaver that was run by state-sponsored hackers linked to the Iran. The Iranian hackers targeted critical infrastructure worldwide, ten of which […]
Microsoft web applications, such as Outlook or OneDrive and account pages, expose visitorsâ Microsoft Identifier (CID) in plain text. A Chinese developer, which uses the pseudonym of ramen-hero, discovered that Outlook.com, OneDrive, and Microsoft’s account pages use a unique user identifier known, also known as CID, in their web applications. The Microsoft CID is a 64-bit integer used […]
A group of researchers from the iTrust has demonstrated how to use a Drone to intercept wireless printer transmissions from outside an office building. Recently I wrote a blog post on the Infosec Institute titled “Modern Physical Security Awareness Is More Than Dumpster Diving” where I explain how the concept of physical security is evolving […]
Donât throw away your old Boarding Pass, it may contain personal information that could allow attackers to run targeted attacks on you! Donât throw away your old Boarding Pass, it may contain personal information. After finishing your trip, the boarding pass becomes useless, but does that mean that you should throw it in the garbage? […]
The Cisco Talos Group has performed in-depth research on the threat actors behind the Angler Exploit Kit, and even had behind-the-scenes access. The Cisco Talos Group has performed in-depth research on the threat actors behind the Angler Exploit Kit, and even had behind-the-scenes access, allowing statistical information as well as Anglerâs inner-workings to be examined. Note that […]
Experts at Kaspersky have discovered that Winnti Group has enhanced its attack platform infecting organizations in South Korea, UK and Russia. In 2013, security experts at Kaspersky Lab uncovered a cyber espionage that targeted the gaming industry with a malware signed with a valid digital certificate. The threat actor behind the campaign was dubbed the Winnti group, […]
Snowden told the BBC’s Panorama that the GCHQ has developed a hacking suite dubbed Smurf Suite, it can hack any mobile by sending an encrypted text message. There is no way to stop secret services spying on users’ Smartphones, this is the last revelation of the US whistleblower Edward Snowden. Snowden told the BBC’s Panorama that the […]
The nuclear industry is still unprepared to respond cyberattacks exposing civil nuclear facilities worldwide at risk of cyber attacks. Civil nuclear facilities worldwide are privileged targets for cyber attacks, according to a new report published this week by the Chatham House. The Stuxnet attack that targeted Iranian nuclear facilities demonstrated the risks for cyberattacks, for the first […]
Researchers have discovered an advanced malware that can breach organizations by infecting their Outlook Web Application (OWA) mail server. According to the experts at the Cybereason security firm threat actors breached an unnamed organization network and maintained persistence for months via a webmail server. The victim was a midsize public services company based in the […]
According to the Government of Seoul, the North Korea is the main suspect for a cyber attack that last year hit the South Korean capital’s subway system. The attack, staged between March and August 2014, affected several servers of Seoul Metro, which runs four major subway lines, According to the ruling party legislator Ha Tae-Kyung […]