Sunday, April 26, 2026
Home Blog Page 146
AI cybersecurity guidance for small businesses

Know where your business is exposed, what matters most, and what to fix first.

CyberExperts gives small businesses AI-generated cyber checkups, practical recommendations, and recurring cyber hygiene monitoring — without enterprise consulting complexity.

Get an AI Cyber CheckupSee how it works
AI Cyber CheckupIdentify likely weak points and get a prioritized action plan.
Recurring MonitoringStay current with updated cyber hygiene guidance over time.
Built for SMBsPractical recommendations for real-world small business setups.

Most small businesses know cybersecurity matters. Very few know what to fix first.

CyberExperts turns cybersecurity confusion into a practical action plan. Instead of vague fear, generic checklists, or expensive consulting, you get AI-generated guidance focused on likely risks, weak spots, and the most important next steps.

How it works

1. Tell us about your businessShare your team size, tools, email setup, device practices, and current security habits.
2. CyberExperts analyzes your setupOur AI reviews likely weak points, common risks, and practical cyber hygiene gaps.
3. Get a prioritized action planReceive clear next steps in plain English — focused on what matters most.
4. Stay current with ongoing monitoringAdd recurring cyber hygiene monitoring if you want updated guidance over time.

Start with a checkup. Continue with monitoring.

AI Small Business Cyber Checkup

A one-time AI-generated assessment that identifies likely weaknesses, highlights the biggest issues, and gives you a practical action plan.

  • Likely weak points and avoidable risks
  • Top-priority recommendations
  • Plain-English next steps
Start Checkup

AI Cyber Hygiene Monitor

A recurring cyber hygiene subscription that updates your recommendations, flags likely weak spots, and helps you stay current over time.

  • Recurring reassessment
  • Updated recommendations
  • Refreshed priorities over time
See Monitoring

What CyberExperts does — and does not do

Done by AICyberExperts is built as an AI-delivered cybersecurity guidance product.
For small businessesDesigned for operators who want practical guidance without enterprise complexity.
Not a magic guaranteeIt helps identify likely risks and prioritize what to fix first.
Recurring option availableContinue with ongoing Cyber Hygiene Monitor updates over time.

See your biggest cybersecurity gaps in plain English.

Start with an AI Cyber Checkup and get a practical view of what to fix first.

Get an AI Cyber CheckupView Monitoring

Murder by Hacking

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
Murder by Hacking

When Hackers Kill

Hackers have already – perhaps many times- have contributed to death by hacking into secure systems and releasing information.  This information has lead to the loss of life in many different ways, including suicide and murder.

But hacking has now evolved to the point that cybercriminals can use computers to negatively affect and damage the physical world, including the murder of individuals and groups.

Hackers have the power of mass-murder in their hands right now.

Using malware to affect the physical environment is nothing new.  One of the most famous cases is the Stuxnet virus that was used to destroy Iran’s nuclear centrifuges.  This virus made the centrifuges spin out of control and took down 20% of Iran’s nuclear centrifuges.

Since the Stuxnet example, there have been many more hackers using computers to cause physical damage to steel mills, water dams, power grids, etc.

I can cite no cases where hackers have used the digital world to directly affect the physical world to cause the murder of a person.  But that does not mean that it has not happened.  Hackers have likely been able to pull off murder without being caught.

The number of ways that hackers can murder is staggering.  There are thousands of systems that hackers could infiltrate to cause death directly.

The Airplane Hack

Pilots rely on computerized systems on planes to such an extent that newer planes can virtually take off, fly, and land by themselves.

Hackers can cause havoc on an airplane.  The systems that control the plane have vulnerabilities.  Cybersecurity experts agree that no system in the world is perfect.  All systems have either major or minor vulnerabilities that are exploitable.

The pilot is the last line of defense against hackers.  But people are also a week link when it comes to security.  Hackers can use the pilot’s weaknesses to achieve their evil goals.  The hacker could take control of instrumentation and provide false readings that would influence the pilot to make decisions that would lead to a plane crash.  The combination of social engineering and airplane hacking would be a powerful and potentially deadly attack.

Zombie Automobile Attacks

You can go to YouTube to see demonstrations of hackers unlocking Teslas remotely.  Beyond that, hackers can take control of navigation systems and autopilot systems.  Recently it was demonstrated that a car’s GPS could be hacked to make the driver drive to the destination that the hacker chooses.

As more and more cars increase their connectivity, there will be additional threats.  Self-driving vehicles will be able to communicate with each other and have complete data on the driving environment.

Hackers have demonstrated that they can take over a car’s braking system, control the dashboard instruments, and start or kill the engine.

Many cars are implementing safety features such as “assisted steering” designed to steer the vehicle to avoid accidents.  Of course, self-driving cars have systems that are in complete control.  This means that a hacker can remotely take over a car’s steering.  The implications of this are dire.

Even if murder is not the objective, it is entirely feasible that hackers can cause havoc by exploiting vulnerabilities to create a fleet of hundreds of “zombie autos” in a city.  The hacker then can launch a denial of service attack that would bring a city’s highways to a standstill by making cars drive erratically and dangerously.

And the list goes on.

The ways that a hacker can kill are almost endless.

  •  Hacking the power grid
  •  Hacking a pacemaker or other medical device
  •  Hacking the water supply systems
  •  Hacking boat navigation systems
  •  Hacking weapons systems
  •  Hacking drones and using them as weapons
  •  Hacking prison systems to release prisoners
  •  Hacking nuclear power facilities
  •  Hacking the air traffic control system
  •  Hacking devices to make the overheat and explode
  •  Hacking traffic lights to cause accidents
  •  Hacking law enforcement reporting systems

Have hacker’s already committed murder?  I think that the answer to this is likely yes.  To be sure, in the future, the likelihood of such a crime will continue to rise.

 

 

 

 

 

 

What is Zerodium?

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
What is Zerodium?

Zerodium is a reputable place where you can sell zero-day exploits.

Hackers and security researchers know that Zerodium is a way to cash in on vulnerabilities that they discover in operation systems, software and hardware, and devices.

There are several ways that you can make money from discovering vulnerabilities.

  •  You can disclose the vulnerability to the software or hardware vendor.  Many companies offer a “Bug Bounty” program where they pay for such discoveries.  It is the “White Hat” thing to do.
  •  You can sell the exploit on the black market.  If you do this, your exploit will undoubtedly be used for nefarious purposes, and you are likely to be criminally liable for any bad things that happen.  But such “black hat” buyers are likely to pay the highest dollar for exploits.
  • You can sell the vulnerability to Zerodium or a similar organization.  These companies are  “grey hat.”

Zerodium has a strong track record of protecting their sources.  The company pays an attractive bounty and is only interested in high-risk vulnerabilities and fully functional and reliable exploits.

For example, if you find a way to penetrate a newer iPhone, you can certainly sell the hack to Zerodium for a nifty 7 figure sum.

What does Zerodium do with vulnerabilities that it purchases?

Zerodium is very selective on who they resell the vulnerabilities too.  Their customers are governments and large defense companies who have the ability and willingness to pay very high sums for such information.

Zerodium has an internal team of researchers who analyze, test, secures, and documents the vulnerability before providing it to the end-user/customer.

Zero-day exploits usually have a short shelf life.  Eventually, the vulnerabilities are found and patched.  But the persons who initially identify the feat can undoubtedly cash in at Zerodium or similar sites.

 

What is Persian Stalker?

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
1
What is Persian Stalker?

Persian Stalker is targeting Iranian social media accounts.

The “group” has been around since 2017, and they have been observed targeting social media accounts.  Specifically, this group focuses on gaining access and control of Instagram and Telegram accounts.

Telegram is a popular service with about 40 million users.  Telegram is a communication app that has been used to organize protesters in Iran.  Of course, the Iranian government is not a fan of this service.  The Iranian government has actively requested that certain services and channels be shut down.  As far as we know, the Iranian government has not engaged in blocking the service in Iran.

Persian Stalker uses several techniques to gain access to user’s accounts.  They have created false login pages for miss-typed domain names.  If you accidentally misspell the website, the malicious website will appear that looks exactly like the real thing.  When the user logs in the login data are captured, and the user is presented with an error message.  Of course, the 2nd login will work correctly, so the user never finds out that their login information was compromised.

Another technique that Persian Stalker uses is BGP hijacking.  BGP stands for Border Gateway Protocol.  BGP is the routing protocol that is used in the internet backbone.  BGP is also gaining popularity as the protocol used in some wide area networks.  BGP hijacking is accomplished when the routing tables are corrupted so that the attacker can maliciously reroute internet traffic.  In the case of Persian Stalker, the BGP hijacking is used to capture the user’s credentials.

In summary, Persian Stalker is a malicious team who is stealing social media account usernames and passwords.  They are primarily targeting Iranian users, but this target may expand to other areas of the world.  This group uses the stolen information for malicious purposes.  There is no evidence that this group has any political agenda.

 

 

 

 

How I passed the CISSP exam without reading any books

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
6
How I passed the CISSP exam without reading any books

Reading is not my best learning style.

In today’s world of podcasts and audiobooks, I believe that fewer and fewer people are accustomed to learning by reading and writing.  For me, this is undoubtedly the case.

I love learning through audiobooks and video training.  I used these learning methods exclusively to pass some challenging IT Certification tests, including passing the CISSP test earlier this year.

No expensive boot camp needed

I am not a fan of CISSP boot camps.  I believe that many of the companies that run these week-long training classes are doing a disservice to the folks taking the classes and to the certification process itself.

Boot camps promise to prepare you to pass the CISSP.  Many people think that they can cough up thousands of dollars, and they will get inside information on what questions will be on the CISSP exam.  But this is not the case.

Nobody can tell you what questions you will encounter on the CISSP exam.  No one.

I have never seen such high security when taking a certification test.  The CISSP test is only available at specific Person VUE locations that have strict controls.  The security is intense.

Your IDs are checked and double-checked.  You will be required to do a biometric hand scan multiple times.  You will be on camera 100% of the time that you are taking the test.  In addition to the camera, you will be watched by a live person the whole time.

Given the high security and the many thousands of possible questions, rest assured that there is no cheating on this test.  There are not “brain dumps” that will tell you what questions you will get on the exam.  The only way to successfully conquer the CISSP exam is to know the eight domains that the test covers.

But there is a trick.

Because the CISSP test covers such a vast array of topics and details, it is nearly impossible to know that answers to all of the questions.  When I took the exam, I was pretty confident that I knew the answers to about 75% of the questions.  But 75% will not get you a passing score.

The trick to passing this mind-bending test is to become an expert test taker.  Specifically, you need to become an expert at taking multiple-choice tests.  There is an easy way to master this, but it takes a lot of time to do.

If you follow my study plan, you can pass the CISSP exam with three months of study, and without reading any books.

That is a tall claim, but I know it works.  I started studying in January, and I passed the exam on March 20th.  I did not have the time or patience to sit down and read the thick exam guides.  Reading these books don’t provide me with a lot of value because I can read a whole chapter and then realize that I do not even remember what I read.

The solution for me is not to keep re-reading chapters over and over.  It may work, but I don’t have the time to spend hours and hours mastering each domain.

My Study Plan – Less than three months.

The first thing that I did was to get some audiobooks on Audible.com.

Week 1– Complete the following audiobook: Essential CISSP Exam Guide: Updated for the 2018 CISSP Body of Knowledge

This audiobook gives you a good overview of the exam content.  It is the perfect starting place for your studies.  I listened for several hours per day.  Specifically, I listened during my commute to work.  I also listened while at home.  I listened all the time until it was over.

Then I listened to the whole thing a second time.

Week 2 – Watch the free CISSP training videos at Cybrary.it 

A friend of mine told me about the certifications training at Cybrary.it.  This video training is free, and I found that the CISSP course was pretty good.  I watched this training on my iPhone, and it took me about a week to complete the course.  I listened to the videos on my commute to work, glancing at the video during traffic stops.  I expect that this Cybrary.it training is as effective as most of the expensive boot camps that you will find.

Week 3 – At this point, I thought that I had a good handle on the content that I expected to be on the CISSP exam.  I felt that I did, but I didn’t.  I realized that during the next step in my study plan.

Listen to the audiobook – Simple CISSP Exam Questions

This audiobook reads sample questions to you.  Over 4000 of them.  Question after question.  After each question, the answer is given.

After I started listening to the sample questions, I realized that I was not at all ready to sit for the CISSP exam.

So, I listened to all of the questions and answers again.  I listened to this audiobook constantly.  I listened and learned.  If I did not understand the answer to a question, I would google the subject and figure it out.

Week 4 – Watch the Cybrary.it free training videos again.

It was almost torturing to watch the video series again.  But it was worth it because now I could relate the material to the sample questions that I listened to in the audiobook.  The Cybrary video now had more meaning to me because I understood how the content directly related to the sample test questions.

I watched the videos on my iPhone every night until I fell asleep.

Week 5, 6, 7, 8, 9, 10 – I did not realize this at the time, but I now began the most crucial part of my training.

I mentioned that I was preparing for the test to a few cybersecurity folks that I knew from my church and work.  Three of these people told me the same thing.  They said that the key to passing the test is to take practice exams over and over.  Of course, this made sense to me.  I already know this.

But what caught me off guard is that all three of them told me to use a strangely named website for the practice exams: cccure.

So, I went to cccure.  And I got to work.

This site does an excellent job of simulating the actual exam.  I used this website to become an expert test taker.  I answered every single question on the test engine, and I reviewed the answers to the questions.  I memorized the answers and why they were correct.

I fully expected that I would see the same or very similar question on the actual exam. 

Then I answered all of the test questions again.

And again.

I spend several hours on most days, just taking the practice tests. If there were something that I did not understand, then I would google the answer and figure it out.

I spend almost two months taking these practice tests.  Over and over.  By doing this, I was memorizing the answers.  As I said, I honestly expected that I would see the same questions on the test.

I was dead wrong.

The actual test did not have any of the questions from the practice test.  There were a handful of similar questions, but not a single one was the same.  Most of the questions were entirely and significantly different from the practice tests that I took.

But taking the practice tests over and over again taught me something that was the key to my success on the actual test.  I became an expert on taking tests.  I learned how to analyze the questions.  Even when the questions were on subjects of which I had little or no knowledge, I was able to deduce the answers.  I could instantly discard one or two of the answers.  Then I could confidently analyze the remaining answers and make a choice that I calculated to be correct based on my knowledge and my test-taking skills.

I passed the CISSP exam on my birthday.

The test was expensive, and I did not know If I was ready.  I was more concerned about losing the $700 than anything.  That is a lot of money to throw away.

But, I went ahead and scheduled the test for March 20th – My birthday.  Passing the CISSP exam would be my birthday present to myself.

After completing all the audiobook listening.  After watching video training until my brain hurt.  After doing weeks and week of practice questions…

I went to the high security of the test center.

I sat through the grind and found the exam filled with entirely unexpected questions.  Hour after hour of questions….

I walked out of the exam and found that I passed.

 

 

Phishing attacks up by 300% in 2018

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
Phishing attacks up by 300% in 2018

According to “The Retail and eCommerce Threat Landscape Report” from October 2018, there is a 297% increase in the number of phishing websites that target online retail businesses and customers of these businesses.  There is an average of 23 phishing sites for each retail company included in the study.  In 2017 the data showed that there were only 5.9 phishing websites per company.

A report illustrates how cybercriminals are increasingly targeting retailers and their customers through digital and social channels as retailers leverage new channels  for increased revenue opportunities

“The Retail and eCommerce Threat Landscape Report” (October 2018), notes a 297 percent rise in the number of false retailer websites designed to “phish” for customer credentials. In Q3 alone, there was an average of 23 phishing sites per company, which is a significant increase from 2017, which averaged 5.9 phishing attacks per company.

Also, says the report, there was a 278 percent rise in stolen goods listed on black markets for resale. Even more:

  • An average of 22.1 internal login pages or development servers exposed per retail company in 2018. When accessed this gives cybercriminals a portal into the retailer’s internal network
  • Fake apps and social media profiles are on the rise with a 469 percent spike in suspicious applications and a 345 percent increase in fake social media profiles (respectively) in Q4 2017

What we all know is confirmed by this data.  The need for increased security will be amplified exponentially as this trend continues in the future.  This will increase the demand for cybersecurity professionals to the point that salaries for these positions will be driven up toward the stratosphere.

More data shows that Americans are lackadaisical about security.

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
More data shows that Americans are lackadaisical about security.

A new research report Published by cybersecurity specialists, BestVPN.com, shows the state of online privacy in the United States. BestVPN surveyed 1,000 U.S. consumers to comprehend the state of online privacy in 2018. The report reveals a significant knowledge gap and suggests that, despite their fears, US citizens are not protecting themselves against the ever-growing amount of cyber-threats.

In light of the 2018 information breaches and revelations, consumers were asked to detail their cyber hygiene habits. There is a significant distrust of social media platforms; 45% of consumers report feeling uncomfortable about using platforms that track and sell their information.

Regardless of the mistrust of corporations, a lack of comprehension is evident with a substantial 46 percent of respondents not correcting their privacy settings on social accounts in the aftermath of both 2018 corporate cyber violations.

The report also details the hazards encountered in people’s WiFi. More than half (52 percent ) of respondents acknowledge they often join public WiFi Networks, however, lack a comprehension of the danger this exposes them to From hackers or exploitation of their private, confidential information.

North Korean Cryptocurrency Scam Efforts – Marine Chain

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
North Korean Cryptocurrency Scam Efforts – Marine Chain

Experts think that the infamous North Korean hacker group Lazarus accounts for targeted strikes against five cryptocurrency exchanges.

North Korea’s burgeoning cyber military seems to have especially honed its assault abilities to attack cryptocurrency-related organizations. In the face of mounting and crippling international sanctions, Pyongyang’s many hacker groups have adopted cryptocurrency-focused malicious attempts as an effective way of generating income to the reclusive country.

Security specialists at Group-IB consider that the infamous North Korean Hacker group Lazarus accounts for targeting strikes against five cryptocurrency exchanges.

According To security researchers in Recorded Future, even as Pyongyang’s ruling elite have gotten better at operational safety, the impoverished state’s hackers began mounting a technical cryptocurrency scam by producing an entirely functional scam electronic coin named Marine Chain.

“Marine Chain was allegedly an asset-backed cryptocurrency that allowed the tokenization of marine vessels for numerous owners and users,” Recorded Future investigators composed in a report. “The Marine Chain site no longer resolves but has been operated by a firm named Marine Chain Platform.

Apart from a LinkedIn webpage, the firm had a minimum internet presence, no client testimonials, and several employees.”

Marine Chain was linked to several North Korean taxpayers who launched a previous cryptocurrency.  But this cryptocurrency was shut down and the people behind the scam made off with the funds spent by the coin buyers.

Pyongyang’s leadership Elite has turned to illegal cyber activity as a tool to create capital for the impoverished country.

 

The freeRTOS Vulnerability Disaster

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
The freeRTOS Vulnerability Disaster

FreeRTOS, the open-source operating system that powers most of the small microprocessors and microcontrollers in many IoT hardware products has newly identified vulnerabilities.

The vulnerabilities are in the TCP/IP stack and affect the FreeRTOS.

The versions affected

The versions affected are FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components).

Why this is a disaster

FreeRTOS is used in many IoT devices.  These devices are often inexpensive and not easily patched.  In fact, many of these devices have firmware that has not been updated for many years.

Examples of products that use FreeRTOS are fitness trackers, temperature monitors, appliances, car, door locks, water meters, and many more small devices.  The vulnerable devices that use the TCP/IP are the vulnerable ones.  This means that the devices can connect to the internet.

Since we know that these devices are connected we can conclude that they can also be patched.

But will they?

Likely not.  So this is a vulnerability that has the potential to be exploited for years to come.

The full list of the vulnerabilities, and their identifiers, that affect FreeRTOS:

CVE-2018-16522 Remote Code Execution
CVE-2018-16525 Remote Code Execution
CVE-2018-16526 Remote Code Execution
CVE-2018-16528 Remote Code Execution
CVE-2018-16523 Denial of Service
CVE-2018-16524 Information Leak
CVE-2018-16527 Information Leak
CVE-2018-16599 Information Leak
CVE-2018-16600 Information Leak
CVE-2018-16601 Information Leak
CVE-2018-16602 Information Leak
CVE-2018-16603 Information Leak
CVE-2018-16598 Other

City of Westhaven Connecticut Pays $2K in Ransomware Extortion

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
City of Westhaven Connecticut Pays $2K in Ransomware Extortion

Another successful ransomware attack….

The City of West Haven, Connecticut made the tough decision to pay hackers $2,000 in ransom money after a ransomware attack halted all their operations. The city contacted the Department of Homeland Security who discovered the attack originated outside of the U.S. West Haven mayor Nancy Rossi said the attack disabled around 23 servers last week which led their local officials deciding to pay the $2000 in Bitcoin to unlock their servers.

Hackers are Unstoppable?

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
Hackers are Unstoppable?

According to research by Kaspersky Lab, 86% of Cybersecurity professionals think that hackers are not stoppable and will eventually succeed at compromising the systems that the cyber pros are hired to protect.

In my opinion, this awareness of the seriousness of the threat is admirable.  Such an attitude should keep us all on high alert.

On the other hand, the view may also become a self-fulfilling prophecy.

The most significant risks come from two groups:  criminal gangs and insider threats.

Criminal gangs of hackers are generally motivated by financial gain. These types of breaches happen every day. Most of these never make the news because they are relatively small in scale. Many of these are not even properly reported.  The Kaspersky survey showed that these security experts believe that 40% of their attackers are likely to be organized, criminal hackers.

The increased risk and the understanding that systems will eventually fall to an attack leads to the belief that most cyber experts will see their budget increase (56%).

Financial loss and reputational damage are the most concerning potential outcomes of cyberattacks.  Of course, these go hand in hand.  If your reputation is damaged, customers will likely take their business elsewhere.

The Most Frequent Kinds of Malware

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
The Most Frequent Kinds of Malware

Malware is short for “Malicious Software” and has been around for a very long time.  Way back in the 1980s, trojans and other types of malware were distributed on floppy disk to unsuspecting users.

Malware can be used to destroy data, destroy hardware, steal information, create zombies (computers that hackers can control remotely), and other things that you do not want to happen!

There are many types of malware, but I have listed and defined each of the most common types of malware that you will see in the wild.

Which are the most Frequent Kinds of malware?

Adware is unwanted applications designed to throw ads up in your display, most frequently within an internet browser.

Spyware is malware that secretly tracks the computer user’s actions without consent and reports it to the program’s author.

A virus is a malware that attaches to a different application and, when implemented –usually unintentionally by the consumer –reproduces itself by changing other computer applications and trapping them with its bits of code.

Worms are a kind of malware very similar to viruses.  The difference is that worms are self-replicating.  They distribute to other computers within a network and are usually designed to destroy files or wreak havoc in different ways.

Trojans typically represent themselves as something helpful to deceive you. When it is in the system, the attackers supporting the Trojan gain unauthorized access to the computer. From that point, Trojans may be used to steal financial data or install threats such as viruses and ransomware.

Ransomware is a sort of malware that encrypts your documents, then forces you to pay a ransom to get them back. Ransomware has been known as the cyber criminal’s weapon of choice as it requires a quick, rewarding payment from hard-to-trace cryptocurrency. The code supporting ransomware isn’t hard to obtain through internet criminal marketplaces, and protecting against it’s quite hard. Typically, it’s also designed to remain hidden from the consumer until an event triggers it.  WannaCry Ransomware was one of the most damaging and newsworthy attacks.

A keylogger is a malware that records all of the user’s keystrokes on the keyboard, generally storing the accumulated data and sending it into the attacker, who’s seeking sensitive data such as usernames, passwords, or credit card information.

Malicious Cryptomining allows someone else to use your personal computer to mine cryptocurrencies such as Bitcoin or Monero. This malware uses the CPU power of your computer to contribute to crypto mining and then sends the coins to the attacker.

 

What is Coinhive Malware?

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
What is Coinhive Malware?

A cryptocurrency mining code called Coinhive is creeping onto unsuspecting websites around the net.

Coinhive uses javascript to harness computer users CPU capacity when they visit a website.

So, when you visit a website with Coinhive code your computer is working to mine cryptocurrency for someone.

Coinhive itself is not Malware.

Coinhive is not malware by itself.  Coihive code is a technique to generate income from websites as an alternative to running ads on the site.  When the user is notified up front and is given the choice to leave the site or continue then we have no moral objection.

However, often the code is not disclosed to the user.

Even worse, hackers are now installing the code on unsuspecting websites in order to profit.  Most of the victims are using an older version of Drupal that has vulnerabilities that can be exploited to install the script.

Mining the cryptocurrency Monero is the most common use for the Coinhive mining code.  In fact, the folks that run Monero are aware of this issue and working on solutions to lesson the attacks.

The Bloomberg article about Supermicro Supply Chain Hardware Hack

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
The Bloomberg article about Supermicro Supply Chain Hardware Hack

Everyone is talking about the Bloomberg Businessweek’s volatile report alleging that Chinese spies had implanted surveillance chips in the motherboards of computer servers.

The report is not standing up to the smell test.  As president Trump would say – This is fake news.

Apple, Amazon, and the other involved parties delivered strong denials.  If these companies saw any potential truth in the article they would have not issued such strong denials.  For one thing – if there was any truth in the article then each of these companies would have a high liability for misleading the public with the denials.

It appears somewhat strange that nobody has reported identifying one of the spy chips from any motherboards in production.   Would not it have been simple for any businesses using servers comprising elements from Supermicro, the firm whose products were supposedly backdoored, to send an engineer to find the miniature spy chip at one of their datacenters?  I know engineers who work on circuit boards and these folks would easily be able to identify a maliciously installed component.

The Bloomberg article even showed a picture of the chip.  I am sure that that image was just to enhance the impact of the story.

While lack of proof Isn’t enough to Debunk the report, it will raise doubts.

Joe Fitzpatrick, a hardware hacking pro and one of those sole named sources, stated that he finds out the story implausible.

The writers have published incorrect cybersecurity reports before. (nobody is ideal, but these previous crimes do raise an eyebrow) Even Rob Joyce, a leading National Security Agency official, stated he’s not discovered “any ties into the claims which are in this report.” He added:”I fear that we are chasing shadows at this time.”

The good thing about the article is that it has raised security consciousness related to supply chain management.  There is more visibility on this issue.  Likely this alone will make manufacturers take another look at vulnerabilities related to hardware security.

1...145146147...149Page 146 of 149

CyberExperts is your cybersecurity news and education website. We provide you with the latest breaking news and videos in the cybersecurity industry.

Contact us: [email protected]

© Copyright - CyberExperts.com