Trojan Password Crackers | Facebook vs. Firefox
CyberInsights #53
Trojanised malware targeting ICS
It’s the oldest trick in the book. Sell software that purportedly cracks passwords but actually contain backdoors.
Only this time round it is targeted at Industrial Control Systems (ICS). This malware, masqueraded as software to recover forgotten passwords of Programmable Logic Controllers (PLCs). Once it recovered the lost password, it makes the PLC a part of a botnet army.
An interesting observation in the article - if the objective is to create a botnet army, why choose PLCs? The low number of PLCs does not make it financially viable. Is there another objective? State sponsored espionage, perhaps?
Take Action:
If you use ICS, then check if your systems are vulnerable. The article provides a list of PLCs that might be vulnerable. Also, check your software inventory to see if machines connected to the ICS have password crackers installed. In that case, you have a shadow IT problem to deal with.
Know someone who might find this useful? Share this post.
Nc3, Bb4 … Facebook vs. Mozilla
Firefox users who had breathed a sigh of relief when Firefox removed tracking parameters might have celebrated too soon.
The battle between privacy and tracking continues.
Facebook has decided to encrypt the entire url to a single blob of hex. Now, removing tracking parameters is nearly impossible. If you would like to keep your browsing private, but still use Facebook, you can’t.
Take Action:
If you are a corporate CISO and have not already blocked Facebook and all its sites, consider doing so right away. For personal use, isolate Facebook in its containers in Firefox or use a separate browser just for Facebook. I would recommend Librewolf.
Useful? CyberInsights is a weekly post about two new items in cybersecurity which helps the cybersecurity professional think. Subscribe to it here.
Monkey, Shakespeare, Typewriter : Cybersecurity for Everyone has been receiving rave reviews. The one I liked best is - “the definitive introduction to cybersecurity that every person should read.”. If you haven’t purchased it already, look it up here: Physical Copy - India, Kindle Version - Worldwide