Salted Hash Ep 14: Are mass transit systems the next big target?

Salted Hash Ep 14: Are mass transit systems the next big target?

This week Salted Hash talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems -- and what can be done.

01/15/18

Salted Hash Ep 13: Bug bounties and video surveillance programs

Salted Hash Ep 13: Bug bounties and video surveillance programs

Welcome to 2018! This week's episode is the first of the year, and we're joined by longtime regular Fahmida Rashid to talk about DJI's bug bounty problems and a pitch about video surveillance programs. We also talk about what we think...

01/08/18

Spectre and Meltdown: What you need to know going forward
Update

Spectre and Meltdown: What you need to know going forward

As you've likely heard by now, there are some problems with Intel, AMD, and ARM processors. Called Meltdown and Spectre, the discovered attack possibilities are rather severe, as they impact pretty much every technical device on the...

01/04/18

GPS tracking vulnerabilities leave millions of products at risk

GPS tracking vulnerabilities leave millions of products at risk

It's an IoT nightmare. One that is entirely preventable. Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues...

01/02/18

North Korea to blame for WannaCry, Trump administration says

North Korea to blame for WannaCry, Trump administration says

On Monday evening, the Trump administration blamed North Korea for the WannaCry ransomware attacks back in May. Homeland security advisor, Thomas P. Bossert, published the administration's conclusions in an Op-Ed for the Wall Street...

12/19/17

Salted Hash Ep 12: Zero trust networks and other things that caught our attention in 2017

Salted Hash Ep 12: Zero trust networks and other things that caught our attention in 2017

This week's episode of Salted Hash is the last one for 2017, so we're closing out the year by talking about security wins, and the incidents that held the attention of our panel. Steve is joined by Akamai's Dave Lewis, Andy Ellis and...

12/18/17

Salted Hash Ep 11: Dyn Inc. DDoS anniversary, and the truth about the Reaper botnet

Salted Hash Ep 11: Dyn Inc. DDoS anniversary, and the truth about the Reaper botnet

For this week's episode of Salted Hash, we're joined by Josh Shaul, the vice president of web security at Akamai. He shares his story about his experiences during the Dyn Inc. DDoS attacks, and offers some details about the Reaper...

12/11/17

Salted Hash Ep 10: Office 365 phishing examples, the bad and the ugly

Salted Hash Ep 10: Office 365 phishing examples, the bad and the ugly

This week's episode of Salted Hash is a personal one, as we're taking a look at some Office 365 phishing emails that have targeted staffers at CSO Online and CIO.com. The attempts themselves are really low quality, but they work....

12/04/17

Apple's High Sierra allows root with no password, there's a workaround to help

Apple's High Sierra allows root with no password, there's a workaround to help

Earlier this afternoon on Twitter, a developer posted a screenshot and reported it was possible to obtain root access on Apple's High Sierra without a password. Several users recreated this issue on their own systems, including a...

11/28/17

Salted Hash Ep 8: What keeps IT administrators up at night?

This week's episode of Salted Hash takes a quick look at things that frighten administrators. We're joined by CSO's Michael Nadeau, who shares his take on the matter. As expected, some of the topics include ransomware, insider...

11/27/17

Salted Hash Ep 7: Matrix Banker malware and insider threats

Salted Hash Ep 7: Matrix Banker malware and insider threats

This week's episode of Salted Hash takes a look at insider threats and the return of Matrix Banker, a family of malware that is targeting organizations in Mexico. Our guest is Justin Fier, the director for cyber intelligence and...

11/20/17

Salted Hash Ep 6: Ransomware marketplaces and the future of malware

Would you give up a customer's data or credentials if that was the demand in a ransomware attack? No financial payment, just a password, or a document. That's a nightmare scenario, and it's just one of the few that Steve Ragan and...

11/13/17

Malwarebytes is tracking missed detections in traditional antivirus

Malwarebytes is tracking missed detections in traditional antivirus

Tracking real-world scans on systems over the first six months of 2017, Malwarebytes says that typical desktop anti-virus solutions aren't cutting it. The company examined detection data from nearly 10 million endpoints, and...

11/07/17

BadRabbit ransomware attacks multiple media outlets
Update

BadRabbit ransomware attacks multiple media outlets

On Tuesday, Russian media outlet Interfax said in a statement their servers were offline, due to a virus attack. The news agency shifted their reporting efforts to Facebook while they work to recover. A short time later, Russian...

10/24/17

Kaspersky code review doesn’t solve the spying problem
Update

Kaspersky code review doesn’t solve the spying problem

Earlier this month, a report in The Wall Street Journal says that hackers working for the Russian government used Kaspersky's Anti-Virus software to steal documents from a contractor's computer. The company denies any involvement, and...

10/23/17

Social engineer bank robber arrested weeks after successful $142,000 heist

Social engineer bank robber arrested weeks after successful $142,000 heist

A Malaysian bank robber who used social engineering as his primary weapon in a string of thefts was recently arrested at his home in Batu Berendam, Malacca, three weeks after successfully walking away with $142,000 (RM600,000) by...

10/09/17

Scammers sent follow-up emails in Office 365 phishing campaign

Scammers sent follow-up emails in Office 365 phishing campaign

As previously reported on Salted Hash, a recent phishing email looking to harvest credentials was actually part of an ongoing phishing campaign targeting Office 365 customers. The campaign has been going on since late 2016, and is...

10/03/17

Whole Foods Market investigating payment card breach

Whole Foods Market investigating payment card breach

Whole Foods Market, a supermarket chain that specializes in items that don't contain artificial preservatives, colors, etc. said on Thursday they’re investigating a payment card breach at the venues of some stores where taprooms and...

09/28/17

Hackers create memorial for a cockroach named Trevor

Hackers create memorial for a cockroach named Trevor

On Sunday evening, hours after the closing ceremonies of DerbyCon, participants gathered across the street from the conference hotel at the local Smashburger in downtown Louisville, KY. But the hackers didn’t gather for food, they...

09/24/17

Surviving ransomware by keeping things simple

Surviving ransomware by keeping things simple

Ransomware is a topic everyone knows about, but unless you've experienced a ransomware attack, it's hard to really describe and understand the stress associated with these events.

09/23/17

Load More