Exploit Home Routers Then Pharm DNS servers

Yes another slightly new style of attack: http://www.networkworld.com/article/2889933/hackers-exploit-router-flaws-in-unusual-pharming-attack.html There are a couple of slightly new twists in this hacker style attack. Proofpoint found the attack (as a spam protection company they see all kinds of emails)  https://www.proofpoint.com/us/threat-insight/post/Phish-Pharm Here is definition of pharming: “Attackers use poisoned DNS servers to redirect address requests, usually for online banking … Read more

Command & Control Traffic From Inside Network

It seems everyone should be looking for Command and Control traffic  from inside the network (updated on 04/01/2016)   What does Command and Control mean? It is the last process in the hacking cycle: As we have pointed out: SVAPE & C   Scan, Vulnerability Analysis, Penetrate Exploit & Control from other posts  http://www.fixvirus.com/svapec/ Our … Read more

Improving Data Security (Especially Medical)

We know the problems with the Anthem Breach: no encryption But does it mean you should encrypt your data?   What does it mean to “encrypt the data” What if your data is “stolen” with correct credentials, i.e. if someone has  the username and password then it is over, whether the data is encrypted matters … Read more

QWERTY keylogger: “Connect the Dots”

Snowden documents lead to Regin and malware. http://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667 The malware  seems to be related to the QWERTY keylogger found in the Snowden documents.  The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents. Here is a blog post on the analysis of the QWERTY keylogger to the Regin … Read more

Fear The Killer Malware

Killer Malware…  what does it mean?  When is it coming? It means a distributed spam network (hard to blacklist)   (as John Stewart from Cisco mentioned http://oversitesentry.com/john-stewart-cisco-security-exec-interviewed-by-bloomberg/ ) A Zero-day malware included in well written (targeted) spam.  Like the Flash vulnerability that just came out. https://nakedsecurity.sophos.com/2015/01/23/adobe-issues-emergency-fix-for-flash-zero-day/   And then we come to the “Killer” part, Ransomware … Read more