PINDROP BLOG

Category: Hacking

June 12, 2017
New macOS Ransomware Service Emerges
The ransomware scourge is beginning to creep, ever so slightly, into the Apple ecosystem, as researchers have discovered a new service hosted on the Tor network that will develop custom ransomware samples for buyers on demand. The ransomware as a service model is not new, but this is believed to be the first one that…
Read More →
June 9, 2017
Phishing Attacks Using SSL Spike
Phishing crews increasingly are using sites with valid SSL certificates in order to make their attacks appear more legitimate, a new report shows. In the last couple of years it has become much easier and faster for site owners to obtain SSL certificates for their sites, thanks to the emergence of free CAs such as…
Read More →
June 8, 2017
Exploit Kits Turn to Malvertising for Survival
Exploit kit activity has been decreasing for a couple of years now, a result of some consolidation in the market, as well as effective investigations and takedowns by law enforcement. But that doesn’t mean the attackers using them have given up. They’ve just shifted tactics, with many now focusing on using malvertising and social engineering…
Read More →
June 6, 2017
Hack the DHS Program Gets Support in the House
A Senate bill that would allow hackers to go after the networks at the Department of Homeland Security as part of a bug bounty program now has a companion piece of legislation in the House of Representatives. Last week, two senators introduced a bill that would create a pilot bug bounty program at DHS, similar…
Read More →
June 1, 2017
OneLogin Warns of Breach at U.S. Data Center
Security firm OneLogin, which provides single sign-on and other identity and authentication products, has suffered a data breach that it says likely affects all of its customers served by its data center in the United States. In an email sent to customers, the company said that customer data was possibly compromised, but it didn’t specify…
Read More →
May 31, 2017
You May Soon Be Able to Hack the DHS
A pair of senators wants to give hackers a chance to take a swing at the Department of Homeland Security’s networks and internal systems through a broad bug bounty program. A proposed bill introduced in the Senate Friday would build on the foundation of the Hack the Pentagon program that the Department of Defense ran…
Read More →
May 26, 2017
RoughTed Malvertising Campaign Bypasses Ad Blockers
A long-running, multi-faceted, malvertising campaign has been found using a technique that enables the sites involved to bypass the protections of ad blockers. Malvertising campaigns can take a lot of different forms and they often involve multiple layers of compromised or malicious sites and lots of redirections. Some campaigns are connected to malware operations and…
Read More →
May 25, 2017
Active-Defense Bill Now Allows Destruction of Data, Use of Beacon Tech
A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker’s machine. The Active Cyber Defense…
Read More →
May 25, 2017
Serious Samba Flaw Threatens Networks
There is a severe, remotely exploitable vulnerability in many versions of the Samba software that has been siting unnoticed for seven years. The vulnerability is trivial to exploit and there is proof-of-concept exploit code available for it, making it even more dangerous. The Samba maintainers have released a patch for the flaw, and researchers are warning customer…
Read More →
May 24, 2017
DDoS Attacks Continue to Grow in Intensity, Shorten in Length
In a new report, Imperva researchers shed some light on how DDoS attacks are evolving and becoming at once more complex and briefer. In the first quarter of this year, 80 percent of all attacks lasted less than an hour with 90 percent of all network layer attacks lasting less than 30 minutes, compared to only 78 percent…
Read More →
In a race of information vs. misinformation, what will deep fakes and data breaches look like? Register for our webinar to learn how to defend against these types of threats