Don’t Panic! Keep Calm, sort it out step-by-step. Recently our website was hacked and defaced. We should have been on alert as the Google Webmaster website sent us a message to update our WordPress site to the latest version, which is the first time they sent us a warning in all the years we have been registered with them. That alone should have been enough to get us to do something, but alas we had other things on the agenda, and didn’t get around to it. Bad move. We were hacked and most likely you were hacked by a script, an automated... 

As a cyber security guy I always start the year looking at what security conference are coming up in the next 12 months, just so I can plan my itinerary. You always get the SANS events which are always good quality, especially their training sessions, although they can be a tad expensive. You also get the specialist events, those focused on encryption, those focused on regional forums and more recently those focused on Crypto-currencies like BitCoin or DodgeCoin, which, if you are interested in those fields that’s great, but not of an interest... 

Bob Lord, CISO over at Yahoo has confirmed the company was hacked and the perpetrators got away with account information for half a billion users. From what is likely to be one of the largest hacks of all time Bob’s statement casually drops in the following “investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network” That’s right according to Bob, they were attacked by a NATION STATE! No if’s no but’s, the state-sponsored actor is no longer in their network. It is unusual... 

Earlier today both the Tesla Motors Website and Twitter account was hacked, followed closely by Elon Musk’s Twitter account. The hackers tweeted that if you were to follow two Twitter accounts that you would get a free Tesla car. The hacked website had a notice that claimed to be hacked by Twitter user’s by the name of rootwrox and chf060. While the @chF060 account has been silent on the matter, @rootworx has responded to say he was not involved and believes it is a “16yr old script kiddie based out of Finland” is responsible... 

Times are a changing. Once a upon a time your security was all about a decent Firewall and some Anti-Virus and you were good to go. Yeah, not so much any more. Signature based Anti-Virus, as a tool to protect you from infection, is pretty much useless in this day and age. Why, because hackers and the techniques they use to infect you have evolved. Back in the day if you spotted a new bit Malware you could create a signature, essentially a SHA1, that would allow you to detect the Malware and allow you to block the infection. The challenge now-a-days... 

A Toxic Hell Stew of Vulnerabilities The above quote was made by Tim Cook at last years Apple developers conference in regards to the Android operating system. He went on to say that 99% of all Mobile Malware was produced for, and operated on Android. Having come from a threat research background I can tell you he is not to far wrong. But…. There are lies, damn lies and then, there are statistics. If you just limit your view to a portion of the statistics you could easily conclude the Android is indeed “a toxic hell stew of vulnerabilities”,... 

Twitch, the popular, LEADER, in the online streaming gaming arena has been hacked, leaking user data in to the ether known as the Internet. User are waking up to an email informing them that there has been “unauthorized access to SOME of your Twitch user account information”. The email then goes on to say that “possibly your Twitch username and associated email address, your password (which was cryptographically protected), the last IP address you logged in from, and any of the following if you provided it to us: first and last... 

Legbacore Presenation The boys Xeno Kovah and Corey Kallenberg, regulars at the major security conferences, gave a presentation at the CanSecWest security conference in Vancouver this past week, on how to hack BIOSes. Xeno and Corey, previously of MITRE (you know the non-profit organization that manages Federally Funded Research and Development Centers (FFRDCs) supporting the DOD, the FAA, the IRS, the DHS, and NIST) fame, have gone out on their own at LegbaCore. Their first major bit of research is a working proof of concept of owning BIOS Chips... 

It has been a busy couple of months for a hacking collective calling themselves the “Syrian Electronic Army” (SEA). Targeting mostly media organisations Twitter accounts and websites the hacktivists have managed to claim the scalps of some high profile media companies. The Guardian, one of the victims of SEA, would have you believe that the hacktivists are funded by the Syrian government based on a speech given by Assad to Damascus university students at the end of 2011, where he praised the electronic army and embraced them as an extension... 

A sophisticated cyberattack designed to access the US natural gas pipelines appears to have been under way for a number of months, the Department of Homeland Security has warned, elevating concerns about the that vital infrastructure could be vulnerable to computer attacks. The department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said recently that it had identified a single campaign behind multiple attempted intrusions into several unique pipeline companies since December last year. ICS-CERT has issued warnings and...