Tag: Web

Cisco: MS Word Macro Attacks Still Work Just Fine

We like to throw around the term ‘Advanced Persistent Threat’ casually these days to refer to a whole range of sophisticated and persistent attacks – usually on high value targets. But a blog post today by Cisco Systems makes clear that many otherwise sophisticated attackers do just fine with some pretty low tech and old school methods. Case in point: an attack Cisco is dubbing “String of Paerls-” a series of attacks on companies involved in research and what Cisco calls the ‘industrial manufacturing vertical.’ According to the report, the attacks start with a decidedly old school attack: a Microsoft Word document that includes a malicious Office Macro.”When the victim opens the Word document, an On-Open macro fires, which results in downloadin and executable and launching it on the victim’s machine.” Now, macro-based attacks are truly vintage. They first came to light in the late 1990s, with the Melissa virus – an early and successful […]

Continue Reading

Is HyperCat An IoT Silo Buster? | ZDNet

Steve Ranger over at ZDNet has an interesting write-up on HyperCat, a UK-funded data sharing open specification for Internet of Things devices. The new specifications has the backing (or at least interest) of major players and could become an alternative to proprietary standards such as Apple’s HomeKit or Google Nest. HyperCat is described as an “open, lightweight, JSON-based hypermedia catalogue” that is designed to “expose information about IoT assets over the web.” The goal is to provide a set of open APIs and data formats that startups and other smaller firms can use to built ecosystems of connected objects. Smart devices are typically developed using common technologies and platforms: RESTful APIs, JSON (Javascript Object Notation) for data formatting and HTTP (or secure HTTP) as the main communications protocol. However, the Internet of Things is badly “silo’d” – meaning that interoperability between IoT devices happens only when those smart devices happen to use the […]

Continue Reading

The Week in Data Breach: Pizza And Chinese Food

The news over the weekend was about more data breaches affecting chain restaurants. First, there are reports that the pizza chain Domino’s appears to have been hacked. The news came by way of an online post on Friday by a group claiming to have compromised servers used by Domino’s to store data on customers in France and Belgium. (Cached version of the announcement can be viewed here.) The group claims to have made off with information including the user name and password for 592,000 French customers and over 58,000 records from Belgian customers. It has asked Domino’s for payment of €30,000 in exchange for the data. The company has acknowledged the attack, but claims no customer financial data was stolen. In other news, the Chinese restaurant chain PF Chang’s acknowledged on Thursday that it was, indeed, the victim of a successful cyber attack that a breach last week that resulted […]

Continue Reading

DDoS Attacks Hit Cloud Apps Evernote, Feedly

Large-scale attacks knocked two prominent, web-based services offline late Tuesday, as cyber criminals attempted extort money from the owners of news aggregation site Feedly and the hosted productivity tool Evernote. Feedly – a web site that pulls together news feeds from across the web – remained unreachable early Wednesday, while Evernote was back online. Both companies issued statements confirming that they were the victims of a massive distributed denial of service (DDoS) attack. “We’re actively working to neutralize a denial of service attack. You may experience problems accessing your Evernote while we resolve this,” read a message sent from Evernote’s Twitter account Tuesday evening at around 8:00 PM Eastern Time. And, around 5:00 AM Eastern on Wednesday, Feedly posted a blog entry that reads: “Criminals are attacking feedly (sp) with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give […]

Continue Reading

Heart Attack? Fixes For More Critical Holes In OpenSSL

Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical. The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately. According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s […]

Continue Reading
1 9 10 11 12 13 26