Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40

Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40

Kit Hunter is a basic Python script that will run on Linux or Windows. When you run Kit Hunter it searches web directories for phishing kits based on common kit elements located in the tag file. If there is a match, it logs the...

08/06/18

Reddit discloses hack, says SMS intercept allowed attackers to skirt 2FA protections

Reddit discloses hack, says SMS intercept allowed attackers to skirt 2FA protections

Reddit, one of the largest websites on the internet, announced on Wednesday that someone was able to compromise staff accounts at their cloud and source code hosting providers, leaving backups, source code, and various logs exposed.

08/01/18

Samsam infected thousands of LabCorp systems via brute force RDP
Updated

Samsam infected thousands of LabCorp systems via brute force RDP

LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and...

07/19/18

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...

07/03/18

No data breach at Patreon, but proactive notice caused some concern

No data breach at Patreon, but proactive notice caused some concern

Patreon, the membership platform that helps creators get paid for their work, sent users a letter on Monday warning them about a data breach at Typeform. But the proactive letter caused some panic, as more than a few people took it to...

07/02/18

92 million MyHeritage email addresses found on private server

92 million MyHeritage email addresses found on private server

On Monday, MyHeritage, an online genealogy platform, announced that more than 90 million of their users had email addresses and hashed passwords compromised, after a researcher discovered a file being hosted on a private server.

06/05/18

Salted Hash – SC 02: What a TSB phishing attack looks like

Salted Hash – SC 02: What a TSB phishing attack looks like

In April, TSB (a retail and commercial bank in the UK) announced they would shutdown some systems for an IT upgrade. However, the upgrade was a disaster, and over a month later customers are still having problems. As a result,...

05/28/18

Salted Hash Ep 26: Deception technologies that camouflage the network

Salted Hash Ep 26: Deception technologies that camouflage the network

Sometimes, the best defense is awareness. At their core, deception technologies can assist in this process, but what's the difference between a deception vendor and a honey pot?

05/22/18

Salted Hash - SC 01: What an Apple phishing attack looks like

Salted Hash - SC 01: What an Apple phishing attack looks like

Today on Salted Hash, we’re going to look at a phishing attack from two sides. The first side will be what the victim sees. After that, we're going to see what the criminal sees. We'll also discuss some steps administrators can take...

05/16/18

Salted Hash Ep 25: A quick tour of the Dark Web

Salted Hash Ep 25: A quick tour of the Dark Web

The Dark Web has an interesting persona, and much of it is fueled by hype. This week on Salted Hash we speak to Alon Arvatz, co-founder at IntSights, who gives us a basic overview of some of the things people do in this somewhat...

05/15/18

Researchers warn PGP and S/MIME users of serious vulnerabilities
Updated

Researchers warn PGP and S/MIME users of serious vulnerabilities

A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which, if exploited, could reveal plain text communications. The issue also...

05/13/18

Salted Hash Ep 28: GDPR deadline fast approaches

Salted Hash Ep 28: GDPR deadline fast approaches

The deadline for the General Data Protection Regulation (GDPR) is almost here. During our trip to the RSA Conference last month, Salted Hash spoke to an expert on the subject, and learned some interesting things when it comes to...

05/08/18

North Korean anti-virus uses old Trend Micro components

North Korean anti-virus uses old Trend Micro components

Researchers at Checkpoint have published a report showing that North Korea's SiliVaccine, the country's anti-virus product, uses functional elements taken from a ten-year-old copy of Trend Micro's anti-virus.

05/01/18

Salted Hash Ep 24: Defending against mobile threats

Salted Hash Ep 24: Defending against mobile threats

Welcome back! After shooting several episodes during the RSA Conference in San Francisco, this week Salted Hash talks mobile threats with VASCO's Will LaSala. In addition to this week's episode, we've also got some additional footage...

05/01/18

Atlanta's recovery highlights the costly mistake of being unprepared

Atlanta's recovery highlights the costly mistake of being unprepared

The Samsam attack against the city of Atlanta in March was chaotic and crippling. The ransomware, named for the group responsible for development and deployment, left the city scrambling to deal with critical systems that were forced...

04/26/18

Two incident response phases most organizations get wrong

Two incident response phases most organizations get wrong

It's important to remember: Incident response isn't a thing, it's a process.

04/19/18

SamSam explained: Everything you need to know about this opportunistic group of threat actors

SamSam explained: Everything you need to know about this opportunistic group of threat actors

The group behind the SamSam family of ransomware is known for recent attacks on healthcare organizations, but that's not its only target.

04/18/18

Customers describe the impact of the Allscripts ransomware attack

Customers describe the impact of the Allscripts ransomware attack

A ransomware attack against a SaaS provider hurts customers, but when it's a healthcare company that’s hit, patients suffer. Such was the case with January's attack against Allscripts, one of the largest electronic health record and...

04/17/18

Ransomware, healthcare and incident response: Lessons from the Allscripts attack

Ransomware, healthcare and incident response: Lessons from the Allscripts attack

The actors behind SamSam launched a devastating attack against Allscripts in January, 2018. As Allscripts worked its incident response plan, things started to unravel. Here are the lessons learned.

04/16/18

Allscripts: Ransomware, recovery, and frustrated customers

Allscripts: Ransomware, recovery, and frustrated customers

The actors behind SamSam launched an attack against Allscripts in January 2018, leaving the company’s customers without access to the services needed to run their medical practices — some for more than a week.

04/15/18

Load More