September - 2018

washingtoncybercenter.com

Another Municipality with Issues

Government entities tend to have a unique situation. The entity has a set amount of revenue received annually. There are fluctuations with this as property values and taxes fluctuate and other sources of fees are collected. These adjustments are not significant. With the limited resources, the government entities have to plan for activities through the year. These usually cost money and don’t allow for a mass amount of changes. There are also the random events that occur that

Another payment portal breach-Here we go again: GovPayNow.com

Third party vendors have historically been the Achilles heel of the business world for years. The examples of this abound through the news feeds over the last seven years. The first, huge compromise based on this is the Target breach occurring proximate to the holidays, allowed by trusting explicitly a third party vendor. This vendor, a heating/cooling vendor, allowed their compromised system to deliver the malware to Target and make its way to the PoS system, and exfiltrate

Watch your USBs: Ahoy, USBHarpoon!

You would be hard pressed to find a person who has not in the least seen a USB. Most people have probably used a USB with their phones, to charge an accessory, attach a printer to a laptop, transfer a file, or any other various activities with these. As the users take these and use them for their specific use, in nearly all of the cases the USB is generally fine and creates no issues. The USB works as expected. Unpleasant Ends Researchers decided to see what else could be don

Malware upgrade for Android!

Overall, there are two primary smartphone forms-the iPhone and Android. Of the two, the Android phones have been targeted at a much greater rate. Yet another example of this target shift has recently been noted. This new Android phone malware is termed MysteryBot. Targeted In this case, the targets were the Android 7.X and Android 8.X (Nougat and Oreo). This malware tricks the user into installing the malware, pretending to be Adobe Flash Player. The method for the payload be

Static Long-Term Processes are not Welcome at InfoSec’s Door

Attacks on the enterprise and embedded systems are not slowing down. These are increasing as the attacks are expanding the sophistication, the number of attacks is growing in numbers, the attackers have modified their activities to a business model, and the notoriety associated with an attack has increased the publicity with these. As an increase in the issue’s potency, these attackers are located across the globe. The mainstream, present response is to put the defensive arch

Adidas Issues

Adidas IsMost people have seen or are aware of the Adidas brand of shoes, clothing, and other products. These are sold in retail establishments and online. Recently Adidas had the opportunity to experience the excitement of a breach with their online venture. An unauthorized party accessed the Adidas servers. This was unknown to Adidas until they were notified by a third party. The data was exfiltrated on June 26, 2018. This data included the user’s contact information, usern

Yet another reason to monitor your computer: RadRAT will give you an interesting day

Remote access tools (RATs) are an interesting tool to maliciously have placed on a system. When these initially were created years ago, the focus was to gain access to the target’s computer and turn on the webcam and/or microphone to record the unsuspecting user. The next iteration was coded so the “On” light was toggled off, even though this was on. As time passed the technology improved, and this class of malware likewise improved to increase its functionality, performance,

Recent Posts

Archive