Microsoft Excel Files Increasingly Used To Spread Malware

Over the last few years we have received a number of emails with attached Word files that spread malware.  Now it seems that it is becoming more and more popular to spread malware using malicious Excel files. Lately, Fortinet has collected a number of email samples with Excel files attached Continue Reading

Did you order those iTunes movies? Nope, it’s just phishing for Canadian Apple users

Over the weekend, we encountered an interesting variation of a phishing email targeting Apple users. The email contained an alleged receipt for five movies purchased from the iTunes Store that was so detailed that the user who received it, and who knows better, still almost fell for the scam. Figure Continue Reading

Linux Gafgyt.B!tr Exploits Netcore Vulnerability

Over the past few months we have seen a lot of malware activity around the Netcore vulnerability, so we decided to take closer look at its exploitation. The following screen shot shows attack traffic captured through Wireshark. Figure 1 Figure 2 shows a quick enumeration of the sample. (There are Continue Reading

WordPress 4.7.1 Security and Maintenance Release

WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are Continue Reading

2017 and the Internet: our predictions

An abbreviated version of this post originally appeared on TechCrunch Looking back over 2016, we saw the good and bad that comes with widespread use and abuse of the Internet. In both Gabon and Gambia, Internet connectivity was disrupted during elections. The contested election in Gambia started with an Internet Continue Reading

Byline: Is it Finally Time for Open Security?

One of the distinct advantages of working in the IT industry for over 35 years is all of the direct and indirect experience that brings, as well as the hindsight that comes with that. One of the more personally interesting experiences for me has been watching the growth and ultimate Continue Reading

WooCommerce Tax Rates Cross-Site Scripting Vulnerability

WooCommerce is a free eCommerce plugin for WordPress. It has been downloaded over 1 million times and over 30% of all online stores are now powered by WooCommerce. I recently discovered that WooCommerce is vulnerable to a cross-site scripting (XSS) attack. This XSS vulnerability is caused because the WooCommerce tax Continue Reading

Managing the Attack Surface of a Smart City

Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline: First – tools are developed, and infrastructure is built and enabled. And second – the technology is scaled up. In the case of smart cities, we are in the first phase, Continue Reading

How Your Online Retail Site Could Benefit from using Instagram

2016 has been Instagram’s year. It now has over 500 million monthly users (more than Twitter!) and 60% log in daily, making it the second most engaged network after Facebook. Instagram is also proving to be a near-ideal platform for brands – particularly ecommerce brands. 70% of Instagram users report already Continue Reading