Over the weekend, security researcher Mike Olsen published an article about his experience with a set of PoE security cameras that he ordered from Amazon.com. While troubleshooting a display issue, Mike found that the web portal for his cameras was using an HTML iframe element to silently load a malicious web site without his knowledge. This type of attack is a perfect example of a Cross Frame Scripting (CFS) attack. Read more “Watch Out For Malware In Your New IoT Devices”

US-CERT Alert on Ransomware

If you follow the blog, you probably saw Jonas Spieckermann’s post ?about the Locky Ransomware, which attackers are distributing on a massive scale via spam email attachments. Another Ransomware variant named Samas or SamSam is also making its rounds, and recently forced a Maryland-area healthcare provider to? partially bring down their network for several days . Read more “US-CERT Alert on Ransomware”

Early this month, I reported a new OpenSSL vulnerability in one of my Daily Security Byte videos . At a high-level, vulnerable OpenSSL servers configured to negotiate Diffie-Hellman keys in a particular way were vulnerable to a “key recovery” attack.?By sending many specially crafted connections to a vulnerable server, an attacker could exploit this flaw to recover the server’s private key, and decrypt its communications. Read more “Dimension™ 2.0.1 Update 1 Fixes OpenSSL Flaw”

Whether you’re talking about soccer in Europe, or U.S. football in the states, fantasy football leagues have become very popular lately, which is why criminal hackers have noticed and might start targeting them. Today’s video talks about how a popular UK fantasy football site has become infecting with evil malvertising Read more “Fantasy Football Malvertising – Daily Security Byte EP. 175”

The latest Wi-Fi standard to hit the market is 802.11ac and it’s been split up into two flavors; Wave 1 and Wave 2. Wave 1 has been out for awhile, but?Wave 2 consumer routers and business access points have?recently become available Read more “How to Save Yourself an 802.11ac Wave 2 Headache”

Pull up your bootstraps Microsoft administrators, because you’re in for a long patch slog this month. According to their? March?Patch Day summary , ?Microsoft released 14 security bulletins, many fixing critical issues Read more “Microsoft’s March Patch Day Madness”

From nation state espionage, to Internet rights, to router hijacking emails, each week is packed full on information security (infosec) news. Even if you don’t have time to follow it in depth, you can’t afford to miss the latest intelligence Read more “Snowden, PowerOffHijack, and Router Phishing – WSWiR Episode 141”

During the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually? covered GHOST ?already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Read more “Don’t Be ‘fraid of No GHOST; Glibc Vulnerability”

MS Patch Day, DarkHotel, and?iOS Masque Too much Information Security (InfoSec) news, too little time? I sometimes feel the same way. If you don’t have time to keep up yourself, why not watch our weekly InfoSec video to catch the highlights. Read more “DarkHotel & iOS Masque – WSWiR Episode 129”