What do you think this is?

just thoughts of a restless mind...

When multi-factor will not save you

When multi-factor will not save you

There is a lot of discussion lately about multi-factor authentication and how this will upgrade everyone’s security. Indeed, it is an improvement and it was about time we start becoming more conscious about the security issues related to authentication.
As usually though, these discussions generated a lot of confusing and “why it didn’t work” moments when we see cases such as Reddit’s hack in August of 2018.

Read more ...

Tagged in : security, social engineering, risk management

The problem with compromised software

The problem with compromised software

As everybody probably knows by now, CCleaner was compromised and malicious individuals added multi-stage malware payload on it. A typical case of compromised software if you ask me, pretty much like the one with the Ukrainian tax software that spread Not-Petya.
But there is a different aspect to why compromised software is very dangerous, and it actually uses (believe it or not) social engineering in a more advanced way.

Read more ...

Tagged in : security, social engineering, malware