In terms of data security, 2016 is off to a pretty grim start, as we have already tracked 510 data breaches exposing over 175 million records. Just last month, we posted about the potential devastating risks when a hosting provider is compromised. Until a few days ago, many people had never heard of a hosting provider called Staminus that claims to specialize in Distributed Denial of Service[...]
On Tuesday March 1st, the IRS issued an alert to payroll and human resources professionals across the nation, warning of a fresh phishing scam angling for employee data. Like so many other targeted phishing campaigns that have come before it, the latest scheme starts with gathering basic staff information about the company such as the name of the CEO or CFO and who’s who in the HR department -[...]
If you have ever been up late at night, you might have seen an infomercial about a product called PC Matic and been intrigued by the exceptional claims being made about the capabilities of their security solutions.
WordPress is open source web software that allows users to create a website or blog.
It’s been just over a year since Sony experienced a significant breach that saw incredible amounts of executive’s emails spilled out on the Internet. By February, 2015, much of the excitement had passed, and seemingly all of the interesting or relevant analysis had been done. Accusations had been made against North Korea and others, but ultimately the person(s) responsible for the breach were[...]
Zhuhai RaySharp Technology is a Chinese manufacturer of CCTV systems including stand-alone DVRs. While based in China, the company’s products are available worldwide. Supposedly, “more than 60,000 DVR units are exported every month & delivered to all over the world”. Furthermore, the firmware used in the company’s own DVR product line is also sold to a large number of DVR OEM vendors located[...]
On February 5, the Cisco Talos research team published an advisory covering several vulnerabilities in the Graphite (a.k.a. libgraphite) project. According to the vendor page, it "is a 'smart font' system developed specifically to handle the complexities of lesser-known languages of the world." This prompted the media and some in our industry to comment that it is "2016 and a font file can own[...]
As of the evening of February 11, an update to our previous blog, cryptobin.org is still suffering issues that make it not easily reached. There have been a few other media outlets doing research to try to determine what is happening with the site, but we have yet to see any confirmation or new information beyond what we have previously posted. While we don't have any new technical details to[...]
RBS researchers discovered today that cryptobin.org was offline and not accessiable via the main domain name, but was still accessible via its dedicated IP (188.8.131.52) address and unsigned SSL.(https://184.108.40.206)
As we previously reported, this outage comes just days[...]