Updates on Supply Chain Level Backdoors and Magecart
by Reflare Research Team on Oct 12, 2018 3:29:00 PM
It appears that the supply chain level backdoor has been thought of as a viable business model for quite some time. And now people (and governments) are asking the pointy questions. First Published 12th October 2018 For a nostalgic feel, Supermicro's latest quantum prototype comes in …
The Risk of Hardware Backdoors
by Reflare Research Team on Oct 8, 2018 3:28:00 PM
If the Bloomberg report is true, this means that American companies aren’t the only victims of hardware tampering. This is a real threat that’s been growing for years, and multinational companies are at risk. First Published 8th October 2018 These aren't the droids you're looking for. …
Facebook's 'View As' Breach
by Reflare Research Team on Oct 1, 2018 3:26:00 PM
In extreme cases, an attacker could use this access to take over the accounts of the people they are spying on - read their private messages, post things on their behalf, and play havoc with their digital lives. First Published 1st October 2018 Access tokens - kinda important to get r …
Formalised Offensive Cyber Strategies
by Reflare Research Team on Sep 21, 2018 3:24:00 PM
The US Department of Defense Cyber Strategy serves as DoD's next step toward re-engineering cyber operations to protect and defend its networks and systems. This is the first time the DoD has had a clear direction on how it will address its cyber needs. So tell me, where's your plan? …
Old Attackers, New Targets - The British Airways Breach
by Reflare Research Team on Sep 14, 2018 3:22:00 PM
The site was extremely well designed and did not feel at all ‘spammy’ to use – indeed, on the surface it felt reassuringly professional, with a slick revolving banner of destinations. It just clearly wasn't British Airways. First Published 14th September 2018 The world's favourite air …
Attack Realities - Browser Plugins and Risk
by Reflare Research Team on Sep 7, 2018 3:20:00 PM
The MEGA Chrome extension for file hosting included JavaScript code designed to monitor web traffic in order to steal the user’s login credentials from a large selection of sites. First Published 7th September 2018 Guilty by extension. 3 min read | Reflare Research Team On September 4 …
Audits, Attacks and False Positives
by Reflare Research Team on Aug 24, 2018 3:16:00 PM
Recently, several security companies detected phishing pages using the name of a core DNC system. These pages attempted to trick users into providing their login credentials by spoofing the legitimate login page for a Democratic Congressional Campaign Committee (DCCC) application buil …
The Difficulty of Profiling Hackers
by Reflare Research Team on Aug 20, 2018 3:14:00 PM
The public image of any given group of people tends to be created by mass media. Whether it is a tribe of Amazonian warriors or a modern terrorist leader, mass culture will project its own image on them. Hackers are no different. First Published 20th August 2018 When kids get up to no …
Reddit's Hack & The Risks of Phone-Based 2-Factor Authentication
by Reflare Research Team on Aug 6, 2018 3:11:00 PM
While it is clear that the 2FA implementation was not at fault here, there are significant risks associated with phone based 2FA that warrant serious consideration before you make this type of authentication method available to users. First Published 6th August 2018 r/LetsHackReddit 4 …
Dealing with the Increasingly Severe Cyber-Threat Landscape
by Reflare Research Team on Jul 27, 2018 3:08:00 PM
The severity of cyber attacks has increased at a rapid pace over the past several years. No longer is it just large companies that need to secure themselves from malicious actors; individual users now must consider how they can protect themselves too. First Published 27th July 2018 Th …