The IronBox Team Blog

How download your Facebook data

You’ve probably heard about the trouble Facebook is in these days regarding the Cambridge Analytica user data “breach of trust”, and now there’s a story about Facebook (for Android users using Messenger) recording your call logs: https://www.nbcnews.com/tech/social-media/facebook-confirms-it-records-call-history-stoking-privacy-furor-n860006 If you want to

Read More

GitHub Reveals 4M JavaScript and Ruby Vulnerabilities in Public Repositories

This is very cool, I didn’t know that GitHub did this. Every time a vulnerability is disclosed in the public related to some open source library, GitHub scans its repositories for applications that depend on those libraries, and in this

Read More

Notable 2017 Security Hiccups

Here’s some of the notable 2017 security hiccups from ZDNet: http://www.zdnet.com/article/2017-in-security-privacy-a-total-dumpster-fire Happy holidays and enjoy, –Kevin  

Read More

The United States National Security Strategy, Retaining In-House Expertise

Here’s a link to the United States National Security Strategy released today: https://www.whitehouse.gov/wp-content/uploads/2017/12/NSS-Final-12-18-2017-0905.pdf (cyberspace security strategy starts on page 31). No plan is perfect, but I’d like to point out a bright a really good (and surprising) focus of the strategy,

Read More

Yahoo and Equifax Data Breach Senate Hearing

I got this in my inbox this morning about a Senate hearing regarding major data breaches (Yahoo and Equifax): http://www.zdnet.com/article/equifax-yahoo-fail-to-answer-the-most-basic-questions-during-senate-hearing. If you’re interested in watching the actual hearing, check out YouTube at https://www.youtube.com/watch?v=LunazYJGNXU (starts at about the 12:20 mark). The article reports

Read More

Cybersecurity Month Tips (from Google)

Was just using Google and noticed this under the search bar: https://privacy.google.com/your-security.html?utm_source=google&utm_medium=hpp-desktop-auth&utm_campaign=security-tips&categories_activeEl=sign-in#your-security-action Great short little tips from Google (especially since the Equifax hack is still fresh in everyone’s minds) that you can use to help protect your accounts. –Kevin

Read More

macOS High Sierra 0-Day Released Hours Before Launch

A security researcher (and by the way ex-NSA guy) named Patrick Wardle released an exploit that enables attackers to exfiltrate passwords from macOS reportedly hours before Apple released their new operating system macOS High Sierra. http://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack There’s no point in

Read More

The importance of keeping up to date with patches

Here’s a story about what caused hackers to be able to compromise the Equifax hack which eventually led to 143 million accounts to be accessed: http://www.zdnet.com/article/equifax-confirms-apache-struts-flaw-it-failed-to-patch-was-to-blame-for-data-breach The cause was a series of patches that were available since March that slipped

Read More

Equifax Hack and Strings Attached If You Get Help From Them

You probably have heard of Equifax getting hacked and some 143 million records stolen, tons of articles everywhere about that. Here’s one you probably didn’t read and it’s about how if you receive help from Equifax on this data breach,

Read More

Hackers Using Hotel Wi-Fi Networks for Attacks, and What You Can Do Right Now

Here’s a story about how hackers are using hotel wi-fi networks to attack users, corporate espionage and for political targets: http://www.zdnet.com/article/hackers-are-using-hotel-wi-fi-to-spy-on-guests-steal-data Attacks come in various flavors (social engineering, network based and malware). For social engineering that’s on the user to be

Read More