325 Posts

Larry Loeb

Principal, PBC Enterprises

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He wrote for IBM's DeveloperWorks site for seven years and has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange.

Written By Larry Loeb

Security Utility Abuses Supply Chain for a Malware Attack

CCleaner was compromised at the main distribution site to include a malware attack. The Floxif attack is a downloader that breached the app supply chain.

Content Delivery Networks Offer More Bandwidth, but Can Hide Malware

Cybercriminals are using content delivery networks to spread malware. This vector is especially effective because it is difficult to block CDN IPs.

Facebook’s CDN Enables Security Breaches Targeting Brazilian Users

A malware group is using Facebook's CDN servers to store malicious files that it later uses as a vehicle for security breaches targeting Brazilian users.

IBM and MIT Announce New AI Lab

IBM and MIT have announced the foundation of a new AI lab. Its research will focus on developing four key areas, including advancing core AI algorithms.

Resurgent Malware Attack Targets MongoDB

Security researchers uncovered a concentrated malware attack against MongoDB servers that is reminiscent of previous attacks from earlier this year.

Poor Management of Security Certificates and Keys Leads to Preventable Outages

Despite significant progress in the area of security certificates, many organizations still suffer preventable outages, according to a recent study.

Defray Ransomware Tries Going Vertical

A new Defray ransomware variant attacks specific verticals in two separate campaigns: health care and education, and manufacturing and technology.

NIAC Cybersecurity Report Regarding Critical Infrastructure Issued

A draft report by NIAC indicated that there is a narrow window in which cybersecurity efforts could be improved on a national scale.

Insecure Apple Authorization API Still Used

An older MacOS API is still being used by many developers, despite risks. While a new API has been released, it isn't considered to be a good replacement.

Threat Actors Deliver Cryptocurrency Miners Via Neptune Exploit Kit

Threat actors are reviving exploit kits to deliver cryptocurrency miners through malvertising campaigns. The Neptune exploit kit mines for Monero.