Ransomware Intelligence Briefing Media reporting on the WannaCry ransomware campaign has contained exaggeration, bad information, and fear tactics. This Bulletin seeks to provide Secure Ideas partners situational awareness about malware, ransomware, and phishing campaigns in the wild, and to provide a basic plan for businesses. The Secure Ideas Perspective Coverage of the WannaCry ransomware campaign has …
2014 has started out with a bang in terms of publicly disclosed compromised systems. We entered the year with a slew of privacy events starting with Target’s massive breach, followed by other retailers such as Neiman Marcus and Michael’s and a current investigation with lodging and food services giant White Lodging. The Syrian Electronic Army (SEA) has …
Have you seen glympse.com? It’s a location-sharing site designed to let users share their GPS data with others for a set period of time. The idea is that I can enable the service on my phone for 30 minutes and then send you a link to view my exact location. That way if you’re waiting …
As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security. I do this via a number of methods including consulting, penetration testing, training, and other services. But the foundation of what I do is explain the what, why, and how of information security. And …
Industry Issues: New Vulnerabilities and Marketing ProblemsRead More »
Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …
Secure Ideas spends a lot of time working with organizations both large and small. And during this work, we deal with and help people trying to figure out what the threats and risks are in the wild today. For larger companies, this exercise is something they deal with often, but smaller organizations may not …
Red Dawn: Protecting small organizations from attacksRead More »
If you have been glancing at many news stories this year, you have certainly seen the large number of data breaches that have occurred. Even just today, we are seeing reports that Drupal.org suffered from a breach (https://drupal.org/news/130529SecurityUpdate) that shows unauthorized access to hashed passwords, usernames, and email addresses. Note that this is not a …
How many times have you been told you have a vulnerability that you just don’t understand its relevancy? Cross-Site scripting comes to mind for many people. Sure, they get the fact that you can execute scripts in the user’s browser, but often times they really don’t fully understand the impact. Of course, we determine that …
So we are at it again! James Jardine, Jason Wood and I were at BSides Orlando this weekend and decided to take the opportunity to record the latest episode of the Professionally Evil Perspective (even if Jason doesn’t necessarily remember the title of the podcast completely!). As with the previous ones, we try to dig …
Professionally Evil Perspective Podcast:Misconfigurations and Default CredentialsRead More »
Previously, I wrote a post providing a brief introduction to Laudanum. If you haven’t read it, or don’t know what Laudanum is, I encourage you to read that post first (don’t worry, it is fairly short). In this post, I am going to take a look at how Laudanum can be used. Specifically, I am …