Category: Security
Steganography makes a comeback
Steganography was malware before there was malware. In fact, the term dates back thousands of years and has only recently been used in cyber-circles. The word’s root is derived from the Greek word steganos, which means “covered” or “concealed.” Pre-technological generals used...
Cybersecurity Threat Advisory: Separ Malware Steals Credentials
What is the threat? Researchers from Deep Instinct have detected an ongoing phishing campaign being aimed at many organizations located across North America, Southeast Asia, and the Middle East. The campaign has been effectively distributing the credential-stealing malware known as...
Cybersecurity Threat Advisory: WordPress Plugin Flaw Allows Complete Website Takeover
What is the threat? A serious vulnerability in WordPress was recently discovered via the specific plugin known as “Simple Social Buttons.” This add-on enables site editors to insert social media sharing buttons throughout their website in an appealing and accessible...
Building a defense from social engineering attacks
Last week Smarter MSP examined the security threat that social engineering poses to organizations of all sizes. Social engineering is a technique that hackers use to gain access to an organization’s network, without having to break down the metaphorical door....
Cybersecurity Threat Advisory: Zero-Day Privilege Escalation Vulnerability in Apple’s iOS
What is the threat? Recently, Google’s Project Zero team reported a new zero-day vulnerability discovered in Apple’s iOS. They identified several malicious/fraudulent applications available for download in the app store. These applications leave iPhones susceptible to vulnerabilities that put the...
Cybersecurity Threat Advisory: Zero Day Microsoft Exchange PrivExchange Vulnerability
What is the threat? Remote attackers can exploit a vulnerability that has been discovered in Microsoft Exchange to gain Domain Controller admin privileges using the credentials of an Exchange Mailbox user. The attacker must exploit a combination of flaws to...
Cybersecurity Threat Advisory: RogueRobin Advanced Malware
What is the threat? Cyber researchers have recently found that there’s a custom-developed malware known as RogueRobin which uses multiple techniques to upload and download files to/from affected host(s). It was reported that the cyber threat adversary, DarkHydrus, is responsible...
Cybersecurity Threat Advisory: Cisco Flaw Leaves Networks Wide Open
What is the threat? Security researchers identified a critical and unpatched vulnerability (CVE-2018-15439) in the widely deployed Cisco Small Business Switch Software that could allow a remote attacker to bypass security restrictions and gain full admin access. The default configuration...
Cybersecurity Threat Advisory: Global DNS Hijacking Campaign
What is the threat? Organized cyber attackers have hijacked many Domain Name Servers (DNS) and manipulated them in ways which allow them to redirect traffic to/from a victim network and harvest usernames, passwords, and domain credentials for organizations which they...
Tech Time Warp: Prince Philip’s inbox gets hacked
Harry and Meghan might grab headlines for their privacy settlements and use of social media, but the younger royals are hardly breaking new ground. You might say they’re just following in the family’s footsteps. In 1985, two hackers were arrested...
