Dataproof Communications

Recently, we started receiving suspicious events from our internal sandbox Exploit Checker plugin. Our heuristics for supervisor mode code execution in the user address space were constantly being triggered, and an executable file was being flagged for further analysis. At first, it looked like we’d found a zero-day local privilege escalation vulnerability for Windows, but the sample that was...

Many Australian businesses need to rethink their approach to security to prepare for their nation’s new mandatory data breach notification law which take effect this month. The Privacy Amendment (Notifiable Data Breaches) Act 2017 enacts the Notifiable Data Breaches (NDB) scheme in Australia from February 22 this year. The NDB scheme mandates that organizations suffering lost or breached data must...

A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely...

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group...

Since its founding in 2001, the Open Web Application Security Project (OWASP) has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 2017 edition of the OWASP Top 10 marks its first update since 2013 and...

A consumer ratings agency, a cable network, a transportation company and a web services provider. What ties them together? Sure, they were all impacted by very high-profile security breaches. But, if you dig a little deeper, you’ll find these organizations had a lot in common before, during and after their respective breaches. And those commonalities can teach us valuable...

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. Cryptocurrencies crop up in all kinds of spam: from traditional advertising (courses about investment and trade) to more fraudulent and malicious varieties. Quite...

On Monday, Jan 29th, IRS officially opened its 2018 season. Some taxpayers already filed their taxes and cybercriminals know it too. So, right after two days of the official 2018 season opening, we got phishing messages with a fake refund status Websites: The link in the email leads to a hacked Brazilian restaurant, redirecting to Website with Australian domain...

Like a lot of people, your mobile phone number is probably easily accessible to anyone with a bit of searching. Imagine if someone could take this number and your name and gain access to your mobile phone account including billing, email address and phone IMSI.  Or maybe someone hacked into one of your social accounts and accessed your contact...

When an organization considers switching a mission-critical compliance or security system from one vendor’s solution to another it’s a very big decision.  There is expense involved in acquiring the new solution, it will take time and money to deploy and retrain staff, and it will take careful planning to avoid disruption in the transition. Yet again and again, customers of...