Author Archives: HALOCK Security Labs

THE PASSWORD BY ITSELF IS NOW EXTINCT

Multi-Factor Authentication is the New Standard The use of a password for authentication is technically referred to as single factor authentication. The fact is that anything beyond a game site or online news source should be protected by more than just single factor authentication. In the hyper-connected world in which we live in today, it […]

Cleverly Disguised Ransomware Infecting Chrome Users

A new variant of ransomware is spreading via poorly secured websites and the Chrome Web Browser. Users are fooled into downloading what they think is a missing font pack in order to resolve the error. This attack technique is not uncommon, and has been recently reported delivering click-fraud malware, and now, ransomware. Click-fraud malware is […]

ARE EMPLOYEE PERSONAL SOCIAL MEDIA ACCOUNTS MAKING YOUR NETWORK VULNERABLE?

Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your […]

ALERT: CRIMINALS REQUESTING W-2s VIA SIMPLE SOCIAL-ENGINEERING SCHEME

By Todd Hacke Tax season is a hectic time of year for not only organizations but their employees.  This year attackers are looking to take advantage of this turbulence with a simple social engineering inquiry that could land them a gold mine of personal and financial information.  It turns out all they have to do […]

OPTIONS FOR MERCHANTS USING MOBILE PAYMENT APPLICATIONS TO ACHIEVE AND MAINTAIN PCI COMPLIANCE

By Morgan Rickel  PMP, QSA If you are a merchant considering the implementation of a mobile payment acceptance solution, or if you are currently using one, the Payment Card Industry Security Standards Council (PCI SSC) has determined that one of the major risk factors in validating mobile payment acceptance applications with the Payment Application Data […]

CYBER SECURITY INCIDENT REMEDIATION: COMMON PROCEDURES FOR RESPONDING TO COMPUTER INTRUSIONS

By Todd Hacke The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play? While having a full incident response plan, a trained response team, and well-placed […]

9 QUICK TIPS TO IMPROVE WEAK AUTHENTICATION

Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration […]

HOW TO PROTECT YOURSELF FROM SOCIAL ENGINEERS IN THE SOCIAL MEDIA

The use of social media like Twitter, Facebook, Instagram, Tumblr, Google Plus, LinkedIn and others have been steadily growing. It is used not only between individuals connecting with their “tweeps,” but also for businesses connecting with their customers, and even politicians with their constituents. Social media platforms have become a forum for sharing all manner […]

1 2 3 12