Eric Hess, Author at Helical

A Cautionary Tale On Domain Hacking

Japanese cryptocurrency exchange Coincheck recently announced that hackers gained access to emails sent to the firm by its customers by changing its DNS records with its domain registrar. By doing this, the hackers were able to forward incoming emails to themselves. First off, all readers of this short piece should check whether their third party...

Scamming Tax Refunds and COVID-19 Relief: The Weaponization of Trash and Recycling

In a recent study, researchers have discovered an upward surge in threat activity designed to capture a wide range of payments and appropriations between taxpayers and the government, targeting tax refunds to COVID-19 appropriations. Some of these efforts trace back to accountants involved in tax preparation services that dispose of customer hard copy paperwork insecurely via...

Apple’s Security Mis-Steps

Because multimedia files need to be transferred to an operating system library to identify what needs to be done with it next, vulnerabilities in multimedia processing components can allow malicious code to be run remotely on the receiving device/OS without requiring any further action by a user. Google’s Project Zero discovered such a bug in Image...

Back To School With COVID Contact Tracing & Social Distancing for Kids

With most of the U.S. having been under some form of “Stay at Home” restrictions for over a month, many of us are grappling with the question of how to manage the transition back to the new normal. As many think about businesses, our school systems are becoming a more burning question. First, as...

Ransomware’s New Double Threat

The common ransomware attack pattern has traditionally involved threat actors holding access to data hostage in return for a ransomware payment. There is now an uptrend in a second layer of extortion…increasingly hackers are extracting large quantities of sensitive information (such as customer, financial and employee information) and threatening publication unless ransom demands are paid. To prove that they intend to execute on the threat, a small portion is leaked on the dark...

How To Fight COVID-19 Scammers From Your Computer

Since last December, over 136,000 new COVID-19 themed domains have been created. While many are legitimate or simply parking for future sale, others are clearly not. As reported in our last microblog, the FBI published an alert on April 1st warning of cyber actors stepping up their efforts against virtual environments…no doubt many such actors are leveraging newly...

Secure Your Teleworkers To Counter New Threats

With more organizations adapting to working from home due to Coronavirus or COVID-19, there is a tremendous surge in online activities from home devices…and increased remote working security risks. Organizations need to focus on securing their remote workforce from such vulnerabilities. With “Stay At Home” orders or their equivalents impacting huge worldwide populations, organizations have adapted by asking their staff to work from home or telecommuting and are embracing conference calling, video conferencing for e-meetings, etc. like never...

FBI Issues Telework Security Warning & Zoom’s Security Problems Worsen

My recent blog post: Is Secure Video Conferencing Achievable? How To Improve Security for Your Video Conferencing App covered the basics of video conference application security and touched on Zoom’s security and privacy issues. Well, it seems the doubts are becoming much more widespread, a recent report by Citizen Lab finds issues not only with Zoom’s encryption (aside...

Is Secure Video Conferencing Achievable? How To Improve Security for Your Video Conferencing App

We are more dependent than ever on video applications for our personal and professional lives. For many, it is now the only way for us to make face to face contact with co-workers and loved ones, even when they are local. Every organization needs data security practices that address video conferencing as they are...

Two New Critical Windows Vulnerabilities That Permit System Take Over – No Patch Available Yet

A two zero-day critical vulnerabilities in the Windows OS enables hackers to take over systems, Microsoft said in a security alert yesterday. The zero-day vulnerability is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows. Microsoft says there are two remote code execution (RCE) vulnerabilities...

Entries by Eric Hess

A Cautionary Tale On Domain Hacking

Scamming Tax Refunds and COVID-19 Relief: The Weaponization of Trash and Recycling

Apple’s Security Mis-Steps

Back To School With COVID Contact Tracing & Social Distancing for Kids

Ransomware’s New Double Threat

How To Fight COVID-19 Scammers From Your Computer

Secure Your Teleworkers To Counter New Threats

FBI Issues Telework Security Warning & Zoom’s Security Problems Worsen

Is Secure Video Conferencing Achievable? How To Improve Security for Your Video Conferencing App

Two New Critical Windows Vulnerabilities That Permit System Take Over – No Patch Available Yet

About Us

Social

Contact Us

Quick Links

Products