Proof of Concept Archives

Meetup: GDPR Context and Myth Busters by Our Resident Expert Greg Albertyn – Thursday, September 6, 2018

Michelle Drolet

Join us for our next InfoSec at Your Services Meetup: “GDPR Context and Myth Busters by Our Resident Expert Greg Albertyn” Hosted by Michelle Drolet and Greg Albertyn When: Thursday, September 6, 2018 6:30 PM to 8:00 PM Where: Skyboxx, 319 Speen Street, Natick We will discuss: How we collect, use and share personal data has

0 Minute 38 Second Read

Towerwall Security/Vulnerability Alert Vol 13.96

Michelle Drolet

The “Stagefright” hole in Android – what you need to know Provided by Paul Ducklin at Sophos, Inc. The conference circuit can be a competitive arena, especially when there are multiple parallel streams. For example, back in 2010, I was at Black Hat in Las Vegas, and I attended the talk next door to the late Barnaby Jack’s now legendary

5 Minute 22 Second Read

Data Privacy Alert Vol 13.82 – The GHOST vulnerability – what you need to know

Michelle Drolet

The funkily-named bug of the week is GHOST. Its official moniker is the less catchy CVE-2015-0235, and it’s a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. A buffer overflow is where you assume, for example, that when you handle a four-byte network number written out as

3 Minute 41 Second Read

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Michelle Drolet

by Paul Ducklin on September 3, 2014 Yesterday was Firefox’s most recent Fortytwosday(updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0. For those who like to keep their feature set behind the leading edge, yet stay on top of security fixes, there’s also ESR 24.8 and ESR 31.1. ESR is short for Extended Support Release;

3 Minute 12 Second Read

10 Things I Know About Social Engineering

Michelle Drolet

10. Don’t trust uniforms. Wearing shirts with company logos on them can be enough to gain access to restricted areas. Verify that visitors really are who they say they are. 9. ID caller from IT. If you receive a call offering IT support for a problem you didn’t know you had, get suspicious. That’s probably

1 Minute 54 Second Read

Towerwall Security/Malware Alert Vol 13.71

Michelle Drolet

GameOver Zeus P2P Malware Original release date: June 02, 2014 Systems Affected Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8 Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 Overview GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1]

2 Minute 53 Second Read

Towerwall Information Security/Malware Alert Vol 13.67 – Notorious "Gameover" malware gets itself a kernel-mode rootkit…

Michelle Drolet

Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We’ve covered it as plain old Zbot. We’ve covered the Citadel variant, which appeared when the original Zbot code was leaked online. We’ve even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different

4 Minute 43 Second Read

Towerwall Security/Vulnerability Alert Vol 13.62

Michelle Drolet

Recent vulnerabilities for which exploits are available compiled by the Qualys Vulnerability Research Team. This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases,

4 Minute 2 Second Read

Towerwall Information Security Alert Vol 13.50 – Making phishing more complex – on purpose

Michelle Drolet

Earlier this week a colleague pointed out an intriguing phishing sample that he had come across. It was interesting not because of any great sophistication or complexity, but rather that it illustrated the reuse of an old social engineering trick. The brand being targeted in the phish campaign is Poste Italiane, a well-known Italian group

1 Minute 30 Second Read

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Our Cybersecurity Solutions

Virtual Security Officer

We Advise

Industries

Trends & Threats

Knowledge Hub

Our Company

Focus Area: Proof of Concept

Towerwall Security/Vulnerability Alert Vol 13.96

Data Privacy Alert Vol 13.82 – The GHOST vulnerability – what you need to know

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Towerwall Security/Malware Alert Vol 13.71

Towerwall Information Security/Malware Alert Vol 13.67 – Notorious "Gameover" malware gets itself a kernel-mode rootkit…

Towerwall Security/Vulnerability Alert Vol 13.62

Towerwall Information Security Alert Vol 13.50 – Making phishing more complex – on purpose

Talk with us now about:

Your security needs.

Call 774.204.0700

Email Us