Kaspersky code review doesn’t solve the spying problem
Update

Kaspersky code review doesn’t solve the spying problem

Earlier this month, a report in The Wall Street Journal says that hackers working for the Russian government used Kaspersky's Anti-Virus software to steal documents from a contractor's computer. The company denies any involvement, and...

10/23/17

Social engineer bank robber arrested weeks after successful $142,000 heist

Social engineer bank robber arrested weeks after successful $142,000 heist

A Malaysian bank robber who used social engineering as his primary weapon in a string of thefts was recently arrested at his home in Batu Berendam, Malacca, three weeks after successfully walking away with $142,000 (RM600,000) by...

10/09/17

Scammers sent follow-up emails in Office 365 phishing campaign

Scammers sent follow-up emails in Office 365 phishing campaign

As previously reported on Salted Hash, a recent phishing email looking to harvest credentials was actually part of an ongoing phishing campaign targeting Office 365 customers. The campaign has been going on since late 2016, and is...

10/03/17

Whole Foods Market investigating payment card breach

Whole Foods Market investigating payment card breach

Whole Foods Market, a supermarket chain that specializes in items that don't contain artificial preservatives, colors, etc. said on Thursday they’re investigating a payment card breach at the venues of some stores where taprooms and...

09/28/17

Hackers create memorial for a cockroach named Trevor

Hackers create memorial for a cockroach named Trevor

On Sunday evening, hours after the closing ceremonies of DerbyCon, participants gathered across the street from the conference hotel at the local Smashburger in downtown Louisville, KY. But the hackers didn’t gather for food, they...

09/24/17

Surviving ransomware by keeping things simple

Surviving ransomware by keeping things simple

Ransomware is a topic everyone knows about, but unless you've experienced a ransomware attack, it's hard to really describe and understand the stress associated with these events.

09/23/17

Office 365 Phishing attacks create a sustained insider nightmare for IT

Office 365 Phishing attacks create a sustained insider nightmare for IT

Earlier this month, Salted Hash deconstructed a Phishing email that had bypassed company filters and made into the general inbox. The email focused on an outdated subdivision, and was easily spotted as a scam. However, we've since...

09/20/17

BlueBorne is Bluetooth's Stagefright moment

BlueBorne is Bluetooth's Stagefright moment

The scariest thing about BlueBorne, the attack vector that uses Bluetooth to spread across devices, isn't what it can do, but rather just how many similar vulnerabilities may be lurking that we don't yet know about.

09/12/17

Office 365 phishing – A quick look at a recent example

Office 365 phishing – A quick look at a recent example

On Thursday, an interesting email showed up in my inbox. The message says there are emails pending, because I've used 98-percent of my storage space. In order to fix this, I needed to download and save the attached configuration. The...

09/07/17

Security firms team up to neutralize WireX botnet after multiple DDoS attacks

Security firms team up to neutralize WireX botnet after multiple DDoS attacks

Researchers from Akamai, Cloudflare, Flashpoint, Google, Oracle (Dyn), RiskIQ, Team Cymru, and others worked together to take down an Android-based botnet responsible for several DDoS attacks earlier this month.

08/28/17

Show the proof, or cut it out with the Kaspersky Lab Russia rumors

Show the proof, or cut it out with the Kaspersky Lab Russia rumors

The United States intelligence agencies have Kaspersky Lab in their crosshairs, but this a case of smoke, but no fire.

08/25/17

Mimecast’s newly discovered email exploit isn’t a vulnerability, it’s a feature
Update

Mimecast’s newly discovered email exploit isn’t a vulnerability, it’s a feature

Mimecast, a Boston-based email security firm, claims to have discovered a new email exploit. The exploit itself centers on the fact that an attacker who sends an HTML-based email linking to an external CSS file can "edit any text in...

08/23/17

Here's why the scanners on VirusTotal flagged Hello World as harmful

Here's why the scanners on VirusTotal flagged Hello World as harmful

Last week, on August 10, a security researcher who goes by the handle "zerosum0x0" posted an interesting image to Twitter, it was the code behind a debug build of an executable. The code was 'Hello World' – the training example used...

08/16/17

Kaspersky discovers supply-chain attack at NetSarang

Kaspersky discovers supply-chain attack at NetSarang

While investigating suspicious DNS requests for a financial institution, researchers at Kaspersky discovered backdoor in recently updated copies of software released by NetSarang, a developer of management tools for servers and...

08/15/17

Attackers experimenting with CVE-2017-0199 in recent phishing attacks

Attackers experimenting with CVE-2017-0199 in recent phishing attacks

Researchers at Trend Micro and Cisco's Talos have identified a new wave of Phishing attacks leveraging CVE-2017-0199, a previously-patched remote code execution vulnerability in the OLE (Windows Object Linking and Embedding) interface...

08/15/17

Cylance blamed for DirectDefense’s ‘botnet’ disclosure

Cylance blamed for DirectDefense’s ‘botnet’ disclosure

Twenty-four hours after Carbon Black responded to a report from DirectDefense that their Cb Response product was leaking customer information (it doesn't), one company executive is pointing the finger at Cylance as the source of the...

08/10/17

Pentest firm calls Carbon Black
Update

Pentest firm calls Carbon Black "world’s largest pay-for-play data exfiltration botnet"

On Wednesday, DirectDefense, Inc. disclosed that they've discovered hundreds of thousands of files from Carbon Black customers. The discovery is said to pose a significant risk to Carbon Black's clients, because of the company's...

08/09/17

Engineering firm exposes SCIF plans and power vulnerability reports

Engineering firm exposes SCIF plans and power vulnerability reports

Chris Vickery, director of cyber risk research at UpGuard, Inc., says that a misconfigured Rsync server maintained by Power Quality Engineering, Inc. (PQE) exposed client information pertaining to critical infrastructure for the City...

08/07/17

Hackers claim credit for alleged hack at Mandiant, publish dox on analyst
Update

Hackers claim credit for alleged hack at Mandiant, publish dox on analyst

Late Sunday evening, someone posted details alleged to have come from a compromised system maintained by Adi Peretz, a Senior Threat Intelligence Analyst at Mandiant. The leaked records expose the analyst from both a personal and...

07/31/17

The congestion at DEF CON 25 is rough, don’t forget about DEF CON TV

The congestion at DEF CON 25 is rough, don’t forget about DEF CON TV

The lines at DEF CON 25 are clogging the hallways at Caesar’s in Las Vegas. However, it’s still possible to catch the talks, thanks to DEF CON TV.

07/28/17

Load More