Choosing Windows for your organization should get you fired

In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops: You are doing a terrible job and should probably be fired.  I know. That’s harsh. […]


How to secure your CMS with out patching

In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers.  “There’s just not enough time for normal site owners to apply the updates,” said David Jardin,[…]

Even weak hackers can pull off a password reset MitM attack via account registration

At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures. They dubbed the attack:[…]

Hackers attacked 4 Florida school districts, allegedly hoped to hack voting systems

We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere with the election; they attempted to pivot from compromised school districts to state voting systems. The Miami Herald reported that MoRo, a group of hackers based in Morocco, penetrated “at least four Florida[…]