What are Smishing Attacks and why are they Increasing?
Two things are inherently true when it comes to cyber criminals. The first is that they follow the money. This is why ransomware grew to a billion dollar business overnight. The second is that like water, their efforts flow towards the path of least resistance. Cyber criminals are like many (more…)
NEW BOTNET DISCOVERED CALLED JENX
Another day, another cyber threat discovered. Last week the world was introduced to yet another cyber menace referred to as Jen-X. No, not Generation-X, JenX, a new botnet that offers DDoS attacks for hire. Dubbed JenX, the new botnet is recruiting IoT devices and is marketing its ware (more…)
8 Things to Help Make This Year’s Penetration Testing a Success
8 Things to Help Make This Year’s Penetration Testing a Success – From a macro point of view, 2017 was a rough year when it comes to cyber security. As spring turned into summer last year, we watched the WannaCry and NotPetya malware viruses implement global infestation, creating lost productivity that negatively affected both quarterly earnings and stock prices, (more…)
VULNERABILITY N+1
As Americans, we love lists. That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).” The love of lists is rooted deeply in our culture. We loved the Top 40 countdown for generations when it came to the hottest songs on the radio. Every New Year’s Eve we (more…)
Evolution of Phishing Attacks and the Billions it is Now Costing Corporations
Evolution of Phishing Attacks and the Billions it is Now Costing Corporations
AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR
It was 23 years ago that the first Nigerian phishing attacks appeared in the inboxes of users across the world. Known today as the Nigerian 419 scams, these emails of deceit were (more…)
Simple Ways to Prevent Multi-Million Dollar Losses from BEC
In February of 2016, Fischer Advanced Composite Components (FACC), an Austrian aerospace parts maker servicing customers such as Airbus and Boeing, fired its CEO of 17 years. The driving factor in the dismissal was the company’s reported income loss of 23.4 million euros during the encompassing fiscal year. As a comparison, the company had reported a loss of 4.5 million euros (more…)
EMPLOYEE SOCIAL MEDIA ACCOUNTS MAKING YOUR NETWORK VULNERABLE?
Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your (more…)
WHAT KIND OF SECURITY ASSESSMENT DO I NEED?
What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose best. (more…)
9 QUICK TIPS TO IMPROVE WEAK AUTHENTICATION
Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration tests would be much less fruitful (and (more…)
PREPARING FOR YOUR DATA BREACH
PREPARING FOR YOUR DATA BREACH.
Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The latest breach is being reported as the largest data breach of (more…)
