Check Point Software Technologies has uncovered vulnerabilities in the processing of Subtitles with the four most popular movie players for Windows and Linux systems: VLC Kodi Popcorn-Time Stream.io Hackers can exploit Subtitle ranking algorithms and allow exploited subtitles to be delivered first. The instant the subtitle is loaded, the hacker is able to perform Remote […]
New USB Kill 3.0: From the makers of USB Kill™
A long time ago, I posted a comment on #FB regarding USB Hardware Kill Sticks to an audience of disbelievers. So, as I’m trolling the ‘Net, I came across a legitimate manufacturer of such devices, aptly named: https://www.usbkill.com/; complete with a valid SSL certificate and secure shopping cart. Kudos to them for some great advertising on […]
BOLO: Chrome Spreads Your Creds!
There is a vulnerability that exists in the current version of Google’s Chrome browser that can allow your Windows Login, or Network Login, credentials to be pilfered by a remote hacker. The problem occurs by having Chrome download a harmless .SCF file. These files are very much like the .LNK files of old. SCF stands […]
Big Data vs. Big Oil: Technology Company Value
So, what is a barrel of bits trading for these days? Apparently, a lot more than a barrel of oil. The Economist brings up an interesting look at the big high tech industry and makes some startling revelations regarding the absolute, dominating wealth of some of the world’s most wealthiest technology companies; including Google, Apple, […]
The Cybersecurity Framework
Introduction In 2014, in response to an Executive Order from President Obama, the National Institute of Standards completed “Framework for Improving Critical Infrastructure Cybersecurity“, also known as “The Cybersecurity Framework“. The framework looks like a “Bow Tie”, from NISTIR 8170: The Framework’s five functional components are: ID: Identify PR: Protect DE: Detect RS: Respond RC: Recover […]
Demystifying President Trump’s CyberSecurity Executive Order
It didn’t take President Trump long to weigh-in on Federal Government CyberSecurity. And it took even less time for all kinds of company “Talking Heads” to issue their own self-serving versions of the Executive Order. There isn’t much there. No move to the “cloud”. No massive consolidation of resources into a massive Government data silo. No […]
Mr. Smith Goes to Washington
Following the latest variant of the WannaCry(pt) RansomWare that spread throughout the globe last weekend, Microsoft’s President and Chief Legal Officer, Brad Smith, blew a gasket. He argues, “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military […]
Help for MalWare & RansomWare?
The best way to stay safe in today’s world is to know the equipment that your using. Mostly, good common sense is all that is needed. But if you’ve been infected with RansomWare, you’re probably doomed and need to restore from backup. The keyword here is “probably“. In cases where a cryptographic hashing function has […]
BOLO: WannaCry(pt) RansomWare
First observed in February the WannaCry, or WannaCrypt, virus is wreaking havoc in European networks. Major outbreaks of a new variant were first detected Friday, 5/12/2017 in Spain but it has now traveled to over 99 countries. It also took out England’s National Health Service (NHS). The virus is web-based and spreads from users clicking […]
BOLO: Netrepser Espionage Trojan
Netrepser is a JavaScript (JavaScript ≠ Java) Trojan designed for espionage purposes. This was detected and reported by Bitdefender on May 5, 2017. Believed to be of Russian origin, the common distribution of this Trojan is by Email. However, its JavaScript nature suggests that this may be able to cause infections in web-based “Drive-By Download” […]