2015 was a busy year for The State of Security blog. Over the past 12 months, we’ve covered everything from new vulnerabilities to a rundown of computer security films, from the most notorious hacker groups to some of the best conferences in the industry.
As we set our sights for 2016, we know that some of this year’s events define 2015 more than others. We also know that these particular developments are likely to shape the security community for years to come.
Provided below is a collection of blog posts whose subjects we feel will have such a lasting impact. (These articles are arranged chronologically.)
What You Need to Know About Superfish, The Man-in-the-Middle Adware Installed on Lenovo PCs
Published: February 19, 2015
Back in February, news broke of an issue called Superfish, a self-signed root certificate installed on Lenovo PCs and laptops that could intercept HTTPS encrypted traffic and insert adverts into users’ web browsers. At best, Superfish was a potentially unwanted program (PUP). At worst, it was a potential target for malicious hackers looking to intercept the communication of countless Lenovo customers. Our article explores the problem and includes some relevant resources for affected users.
Forget Blackhat – The Best Hacking Movies of All Time
Published: February 24, 2015
Following the release of the film Blackhat, a review of which can be found here, we take a moment to appreciate some of the best hacking movies that came before it. Wargames, The Matrix, and Sneakers are just some of the well-known titles featured in our reminiscence of code-based cinema.
5 Social Engineering Attacks to Watch Out For
Published: March 23, 2015
While some attackers use their technical expertise to break into a computer system, others rely on their ability to exploit human weakness. Our article explores the five most common types of social engineering attacks that malicious actors use to exploit human psychology to their advantage, both in the real and digital worlds. Recommendations on how to avoid these types of attacks are also provided.
How to Protect Yourself From Caller ID Spoofing
Published: April 20, 2015
Caller ID spoofing with intent to defraud, cause harm, and/or wrongfully obtain anything of value is prohibited by the Federal Communications Commission (FCC). However, that doesn’t stop telemarketers and scammers from using this technique. Our article serves as a primer on caller ID spoofing, providing readers with an understanding of what the process entails and what you could do if you ever question the number you see on your caller ID.
How to crash any iPhone or iPad within WiFi range
Published: April 22, 2015
One of the highlights of this year’s RSA Conference in San Francisco was “No iOS Zone,” a vulnerability discovered by Skycure’s Yair Amit and Adi Sharabani that essentially allows an attacker to crash any and all iOS devices within range of a WiFi hotspot. This vulnerability can be exploited regardless of whether the iOS devices are attempting to connect to WiFi. The only solution? Run and get out of range of the WiFi network.
The Top 10 Highest Paying Jobs in Information Security – Part 1
Published: May 4, 2015
The first of a two-part series, our article provides job descriptions, required skills, and salary information on the five highest-paying jobs in information security. This article specifically discusses the following positions: Chief Information Security Officer (CISO), Security Architect, Security Director, Security Manager, and Security Engineer. The second part of our series relates information for Incident Responders, Security Consultants, Computer Forensic Experts, Malware Analysts, and Security Specialists.
Top 10 Information Security Conferences
Published: May 6, 2015
Security personnel love conference season, so we thought we would make their lives a little easier. Our article provides an overview of some of the biggest names in the infosec conference world, including Black Hat USA, BSides, and DEF CON. In a separate article, we also discuss five lesser-known conferences that come highly recommended among infosec professionals.
How to Stalk Someone’s Location on Facebook Messenger
Published: May 28, 2015
Marauder’s Map, a tool released back in May, allows Facebook users to stalk their contacts by scraping the location data shared from their Facebook Messenger page. This information is plotted on a map, the latitude and longitude lines of which have more than five decimal places of precision. Such accuracy enables users to build a profile of where their contacts work, live, and hang out. Our article discusses this tool and provides step-by-step instructions on how concerned users can disable location sharing in Facebook messenger.
DD4BC Group Targets Companies with Ransom-Driven DDoS Attacks
Published: June 14, 2015
Earlier this year, news broke about a group called DD4BC that leverages distributed denial-of-service (DDoS) attacks as a means to extort victims into paying ransoms. If the victim does not pay, the group conducts a large-scale DDoS attack against them. Our article explores the history of this group, observes DD4BC’s tactics, and provides some information on how companies can protect against DDoS ransom attacks.
IE Under Attack! Microsoft Releases Emergency Out-of-Band Patch
Published: August 18, 2015
In August, Microsoft published an emergency advisory on CVE-2015-2502, a zero-day vulnerability that could allow an attacker to assume control of a computer if users visited an infected webpage with any version of Internet Explorer. If attackers successfully convinced users to visit a booby-trapped site, they would assume full control of the computer and could then do whatever they wanted with it. Microsoft noted in its advisory that it would release a fix outside of its Patch Tuesday cycle–a clear indication of this vulnerability’s severity.
Title image courtesy of ShutterStock