cyber security Archives - Page 2 of 5 - Cybersecurity experts

Planet Zuda podcast 6: Some Open Source Code is like Poisoned Food & Rise Of Mac Malware

wefightforsecurityMarch 14, 2018March 14, 2018cyber security, information security, podcast, podcasts, technologyandroid, android open source, cyber security podcast, information security, is open source safe, macintosh, macintosh malware, open source, open source code, open source security, podcast, podcasts, wordpress, wordpress plugins

Some open source code is like food poisoning by getting food off the road from a random person. It will make you puke your brains out is a good analogy to explain how insecure the majority of the code written by individuals is and how you can lose everything. Other open source code from companies is more along the lines of getting food from a food truck, which is a company and the majority of companies try to deliver a safe product and not one that is the equivalent of food poisioning.

Macintosh Malware is on the rise. In 2017 Macintosh malware rose 270 percent in one year. If anyone tries to tell you Macintosh is bullet proof, they are wrong.

Podcast Cyber security & Technology news: Binance phishing scam & Oculus Rift Fixed

wefightforsecurityMarch 8, 2018April 9, 2018cyber security, information security, oculus rift, podcast, technologybinance, binance cryptocurrency, binance hack, cryptocurrency, oculus rift, oculus rift broken, oculus rift fix, oculus rift security, phishing scam, podcast

Binance, a cryptocurrency exchange has responded to claims that they were hacked and show that it was in fact a clever phishing scam, not a hack. Oculus rift, which we discussed yesterday has fixed their issue making oculus rift headsets work again.

United Nations & Lack Of Cyber Security

wefightforsecurityMarch 7, 2018March 8, 2018cyber security, information securitycyber security, information security, open bug bounty, united nations, united nations cyber security, united nations hacked, zone-h

Today we will be covering the United Nations hacks that haven’t gotten the level of publicity that they deserve both in this article and on our podcast. In recent years we reported a compromise in the United Nations site and we can say per our experience that calling the United Nations to report their site has been hacked is no pleasant task. Per our experience their initial response was a polite way of saying you may be arrested, but once they realized we didn’t hack them, we just spotted that the site had been hacked we were transferred to the IT guy who seemed to be in a panic. Like any organization, the United Nations should implement proper cyber security vetting for the code they use. This includes having the code that they currently have in use go through a third party audit and have the security updated. They should also have all their programmers learn secure development practices, and audit all third party code that they use on their website.

So is the United Nations using proper cyber security measures? It doesn’t seem to be the case, since the United Nations hasn’t been hacked just once this year, the most recent known United Nations hack was Feburary 4th, 2018. The United Nations was also hacked several times in January, 2018 as as shown here on January 28th, January 16th, January 15th, January 14th and six times in 2017 just on Open Bug Bounty alone.

These aren’t the only times the United Nations has been hacked and was publicly documented. Zone-h, a site for archiving defaced websites has two archived instances of the United Nations being hacked in 2008 and in 2006.

While the United Nations has been hacked more than anyone would want, it is important to take into consideration the gigantic size of the United Nations site with multiple sub domains. It certainly does not appear that there has been a review of all their code in years. The best solution would be for them to have a full security audit, get rid of old sub-domains they no longer need, and make their code easier to maintain through multiple tools that are available.

Unfortunately, our conclusion based on the public information about the United Nations site right now, is that they are not a safe website per our companies policies of what are acceptable risks. Being hacked for the last 12 years with no significant appearance that we can see of improved cyber security certainly does not seem like a safe website to us, but it is ultimately up to the user to decide the risk level they want to take when using a website.

Planet Zuda Cyber Security And SEO podcast: Episode 1

wefightforsecurityNovember 10, 2017November 10, 2017cyber security, information security, podcast, seo, Uncategorized, wordpress securitycyber security, cyber security fines, cyber security lawsuits, cyber security seo, equifax data breach, equifax lawsuits, european union fines, hilton data breach, internet security seo, podcast, seo podcast, wordpress, yoast seo

In this episode, we discuss security data breaches, how flawed a lot of open source programs are with security, especially one person WordPress plugins. We also covered cionews.com, Yoast SEO, On The Go Systems premium plugin WPML and plenty more.

Breaking: Domino’s Hacked in 2017 & Late 2016, Criminal Claims

wefightforsecurityOctober 31, 2017cyber security, information securitycyber security, dominos 2017, dominos australia, dominos hack, dominos hack 2016, dominos hack 2017, dominos pizza, pizza security

Dominos has been hacked, but this is not surprising since we spoke to a criminal who claimed publicly and privately reiterated his claims that he had hacked into Domino’s Venezuala website dominos.com.ve allegedly using a SQL injection, which he publicly announced. We were unable to independently prove the claims by said criminal, since they wouldn’t share where the exploit was that they allegedly used.

Why did the criminal allegedly hack dominos? We do not want to mention the bizarre and insane conspiracy he or she was chasing, but let’s just say this criminal who hacked Domino’s was chasing something that didn’t exist that other news outlets publicly named over and over in the 2016 U.S election. We have no idea how domino’s fit into their conspiracy theory, except that they sell pizza and the conspiracy theory was partially pizza based.

So, why are we just now writing about a Domino’s hack against Venezulua that allegedly took place in late 2016? Because Domino’s who we contacted at the time said something to the effect that they would handle it, but now a Domino’s hack against Australians is showing a pattern in their security that is too familiar and we believe is unhealthy for their customers.

The 2017 Domino’s hack in Australia is interesting, since Domino’s is saying a third party is at fault due to a rating system that a third party used to manage that leaked customer personal details. This is interesting, because criminals want in your site and they are going to look for the weakest link to get into your site and unfortunately third parties are the most vulnerable when it comes to code.

A company like Domino’s can have a strict security code, but if it doesn’t ensure that their security model is also being used by their third parties and auditing their code, then they enter a security weakness into their threat model. This is a weakness that we take seriously and audit all third party code.

We may be publishing more of what occured in the 2016 domino hack, as this is now relevant information, so please check back as this is a developing news event.

Category: cyber security