March 1, 2017

Cloudflare Bug Exposed Passwords, Other Sensitive Website Data

Lucian Constantin,, February 24, 2017

For months, a bug in Cloudflare’s content optimization systems exposed sensitive information sent by users to websites that use the company’s content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.

Read More

Stop Using SHA1: It’s Now Completely Unsafe

Lucian Constantin,, February 24, 2017

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible.

Read More

Identifying Local Admin Misconfigurations for Domain Privilege Escalation

Paul Brandau,, February 23, 2017

In our previous blog, we discussed how insufficient network segmentation can be exploited by attackers and pen testers.
This week, we discuss a finding that we frequently abuse during the privilege escalation phase of our penetration testing assessments, particularly for those involving public sector clients. This phase occurs after our operators have gained a foothold and established persistence within a client’s internal network. At this point of the assessment, our foothold into the network is in the context of a domain user (or more often, several domain users)

Read More

How to Prevent Your System From Being Hacked, February 24, 2017

You may be concerned that keeping your company’s system safe from hacking could necessitate significant expenditure on various security products and services. However, there are actually various ways in which you can protect your system at a low cost. This is particularly appealing for small businesses who could lack abundant financial reserves.

Read More

5 Ways Employees Can Prevent Advanced Security Attacks, February 21, 2017

For better or worse, employees are the first (and sometime final) safeguard against digital incursion – and hackers know it. Cybercriminals are a sneaky bunch. More often than not, they will exploit your company’s weak spots rather than launch a full-scale assault against your security solutions. And what is your weakest link? Sadly, research shows that employee negligence is one of the leading causes of data breach.

Read More

Don’t Make Perfect Security the Enemy of Good Security

Tim Armstrong,, February 27, 2017

We’ve written before about what it means to meet compliance standards without going completely overboard. Today, we want to talk about how that applies to cloud security as well. Some teams mistakenly believe that their security posture needs to be absolutely perfect. That’s not only overwhelming — it’s impossible.

Read More

Report: 85% of Ransomware Victims Get Taken Offline for a Week or More

Maritza Santillan,, February 27, 2017

New research reveals that the majority of ransomware victims (85 percent) had their systems taken offline for at least a week, costing businesses thousands in financial damage each day.

Read More

How’s Your Online Bank Security Looking? The Dutch Studied Theirs And… Yeah, Not Great

Kieren McCarthy,, February 22, 2017

The Dutch banking industry is doing a terrible job of online security, according to the company that runs the country’s .nl internet domains. In a new report published Tuesday, the internet registry SIDN was surprised to find that just six per cent of banks using .nl internet addresses have the security protocol DNSSEC in place to protect their digital assets and their customers.

Read More

It’s Raining. It’s Pouring. This Fake Weather App Is Stealing Your Credentials

David Bisson,, February 24, 2017

A new Android banking trojan poses as a legitimate weather forecast app in an effort to steal users’ banking credentials.

Read More

Forrester: Healthcare Remains a Ripe Target for Cybercriminals

Bill Siwicki,, February 28, 2017

As most everyone in healthcare will remember, health insurer Anthem suffered a data breach in 2015 that affected as many as 80 million patients. While healthcare did not witness a breach of that scale in 2016, numerous hospitals fell victim to ransomware attacks, and healthcare security budgets continued to lag behind those of other industries, according to Forrester Research.

Read More

Securing Endpoint Devices From Healthcare Ransomware Threats, February 27, 2017

More healthcare organizations are implementing mobile devices and opting for BYOD strategies to help strengthen communication capabilities. However, the increase in endpoint devices has also opened entities up to more security issues, such as ransomware threats.

Read More
Infosecurity Newsletter Archive