Month: December 2018

Fraudulent Tactics on Amazon Marketplace

Posted on By infossl
amazon, fraud, sabotage, Security technology

Fascinating article about the many ways Amazon Marketplace sellers sabotage each other and defraud customers. The opening example: framing a seller for false advertising by buying fake five-star reviews for their products. Defacement: Sellers armed with the accounts of Amazon distributors (sometimes legitimately, sometimes through the black market) can make all manner of changes to … Read More “Fraudulent Tactics on Amazon Marketplace” »

Congressional Report on the 2017 Equifax Data Breach

Posted on By infossl
breaches, databreaches, nationalsecuritypolicy, reports, Security technology

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It’s a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital … Read More “Congressional Report on the 2017 Equifax Data Breach” »

New Shamoon Variant

Posted on By infossl
cybersecurity, datadestruction, infrastructure, malware, Security technology

A new variant of the Shamoon malware has destroyed significant amounts of data at a UAE “heavy engineering company” and the Italian oil and gas contractor Saipem. Shamoon is the Iranian malware that was targeted against the Saudi Arabian oil company, Saudi Aramco, in 2012 and 2016. We have no idea if this new variant … Read More “New Shamoon Variant” »

Real-Time Attacks Against Two-Factor Authentication

Posted on By infossl
authentication, email, maninthemiddleattacks, phishing, Security technology, twofactorauthentication

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that … Read More “Real-Time Attacks Against Two-Factor Authentication” »

Marriott Hack Reported as Chinese State-Sponsored

Posted on By infossl
attribution, china, hacking, hotels, Security technology

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources … Read More “Marriott Hack Reported as Chinese State-Sponsored” »

New Australian Backdoor Law

Posted on By infossl
australia, backdoors, cryptography, cryptowars, encryption, Security technology

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it’s really bad. Note: Many people e-mailed me to ask why I haven’t blogged this yet. One, I was busy with other things. And two, there’s nothing I can … Read More “New Australian Backdoor Law” »