By:

Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]



By:

Is Your Organization a House of Cards – Part 6

February 17th, 2015

This is the last in a series of posts describing how a typical credit card data theft occurs, from the hacker’s point of view. If you haven’t read the prior posts, check out parts 1, 2, 3, 4, and 5 to see how we got here. At this point, I have credentials for an online invoicing portal […]



By: - Independent Computer Security Analyst

@gcluley

Android and Windows battle for top position on the malware front, claims report

February 16th, 2015

We all know that malware is a huge problem on the Windows platform. Every day, something like 400,000 new Windows malware variants are dissected by security labs, and most people’s anti-virus software is set to download updates on a pretty much continual basis in an attempt to keep up. It sounds bad because it *is* […]



By:

Is Your Organization a House of Cards – Part 5

February 9th, 2015

This is another in a series of posts (parts 1, 2, 3, 4 ) discussing how I’m infiltrating an airline’s network to gain access to credit card data. I’ve identified a vendor for the airline and am in the process of retrieving saved passwords from the vendor’s Chief Accountant’s browsers. My goal is to find credentials […]



By:

Is Your Organization a House of Cards – Part 4

February 2nd, 2015

In previous posts (part 1, part 2, part 3) I have been taking you through the steps to steal credit card information from Lychee Air, an airline in China. So far I have managed to break into the network of a catering company who works with Lychee Air. I have downloaded account info for their […]



By: - Independent Computer Security Analyst

@gcluley

Dirty sex website xHamster exploited in malvertising campaign

January 29th, 2015

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too. xHamster, one of the world’s […]



By:

Is Your Organization a House of Cards – Part 3

January 26th, 2015

In my last 2 posts (part 1, part 2) I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. I’ve identified an airline, Lychee Air, flying out of Hangzhou Airport. I was able to use a not-so-public IP camera to watch […]



By:

Is Your Organization a House of Cards – Part 2

January 19th, 2015

In my last post, I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. Now I have my project defined. The first step is to identify a target. Because I’m looking specifically for an airline, I can’t just start scanning ports […]



By: - Independent Computer Security Analyst

@gcluley

The EFF’s secure messaging scorecard. Which app will you use?

January 15th, 2015

We live in alarming times. Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days – following the ghastly events in Paris – UK Prime Minister David Cameron has called for secure communication apps to be made unlawful, or at […]



By:

Is Your Organization a House of Cards?

January 12th, 2015

Some data breaches get a lot of attention in the news. When a large amount of data is taken from a popular retailer or organization, it makes big news in the media, and law enforcement gets interested. They like to be seen investigating the biggest crimes so everyone thinks they are doing their job. On […]


By:

PayPal Accounts Still For Sale After Major Vulnerability Fix

December 26th, 2014

Earlier this month it was announced that PayPal fixed a bug which would allow an attacker to take over practically any PayPal account. The vulnerability was identified and reported through PayPal’s Bug Bounty program by Yasser Ali, an independent IT Security researcher in Egypt. Ali was experimenting with PayPal’s security token mechanism. He found that […]


By: - Independent Computer Security Analyst

@gcluley

German steel works suffered “massive damage” after hack attack

December 23rd, 2014

Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report from the German Federal Office of Information Security. Once again, according to the German report [PDF], the initial infection took place because a member of staff was tricked by a spearphishing email that […]


By:

“Sophisticated” Regin Relies on Age-Old Techniques

December 22nd, 2014

The IT Security industry is saying that Regin is “Top-tier” – “Sophisticated” – “Super-spyware”. When you look at a Regin attack in detail however, you find a lot of techniques in common with plain old-fashioned data-stealing malware. No matter how sophisticated the malware, the same steps are needed to successfully infiltrate the victim’s machines. And familiar defenses […]


By: - Independent Computer Security Analyst

@gcluley

SoakSoak malware hits over 100,000 WordPress websites

December 15th, 2014

Do you run WordPress on your website?  If so, you’re in good company. Around 19% of the world’s websites are thought to run WordPress, which is even more astonishing when you consider that many sites don’t have any content management system at all. And although running your own self-hosted version of WordPress (as opposed to […]


By: - Independent Computer Security Analyst

@gcluley

Hackers target military, embassy and defense workers in Operation Pawn Storm

October 25th, 2014

A group of organised criminal hackers, possibly backed by an unknown country, are targeting government, media and military organisations in the United States, Pakistan, and across Europe, according to new research [PDF] released by researchers at Trend Micro. In an operation dubbed “Pawn Storm”, the hackers have targeted computers belonging to – amongst others – […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com