Sign in

Zen Chan

Cybersecurity | Technology

The Era of Ransomware 2.0

Image by Mohamed Mahmoud Hassan from publicdomainpictures.net | CC0 Public Domain

“Conceal a flaw, and the world will imagine the worst.”
— Marcus Valerius Martial

My colleague called me today urgently asked for my advice. I thought it was work-related, it turned out someone was affected by ransomware, and she wanted to see if anything I can do while the files were already encrypted. Not before I make any comments, my colleague told me that the victim paid eventually.

The story didn’t end there. There is a follow-ups payment that needs to be paid for the second “key” — a new technique that hackers use as “double-extortion.” …


Cybersecurity | Technology

It’s Time To Protect Yourself; Even You Have Nothing To Hide

How To Be Anonymous Online. It’s Time To Take Back Our Control on… | by Zen Chan | Medium
Image by Tony Webster from Wikimedia | Creative Commons

“All human beings have three lives: public, private, and secret.” ― Gabriel García Márquez

A while back, I met an old friend who I hadn’t seen since I graduated. We went for a cup of coffee to catch up for the past decades. He told me he was watching “Breaking Bad” in season 2. And we both love Breaking Bad (Who didn't?) I also recommended him to try Westworld as “Jessie Pinkman” was in last season.


From top stories to practical guides

List of Zen’s InforSec on Medium and Thank you. | by ZEN CHAN | Dec, 2020 | Medium
“Miracles do happen” in Central, Hong Kong | Copyright by the author

I wrote on Medium in November 2019. I still remember the first story was written at the Suvarnabhumi Airport (BKK) in Thailand. I typed on my Pixel 2XL, using the on-screen keyboard when I was waiting for my girlfriend's arrival.

Not many people use Medium in Hong Kong, but I like reading on medium. Since the last US election, I gave up Facebook. Unlike Facebook, I post on Medium to share what I learned and enjoyed. Before I realized it, my English improved! (I know it still sucks).

When preparing my presentation, the flow and the arrangement of contents secretly…


What I learned after becoming an ISSAP®

The ONE thing that makes a Great Cybersecurity Professional What I learned after becoming an ISSAP®
Photo by Hunters Race on Unsplash

I Passed!

I just passed the exam of ISSAP® — Information Systems Security Architecture Professional from (ISC)2®. It was one of the most challenging exams I took in my life. All the answers to the multiple choices are correct, but it is required to choose the best answer in most cases. I checked the member count from the official website. There are 25 active holders in Hong Kong and 2061 worldwide.


Even Users Who Have No Interaction With Discord Are at Risk

Image by Gage Skidmore from Flickr | (CC BY-SA 2.0)

“A ship is safe in harbor, but that’s not what ships are for.”
John A. Shedd

Discord is a platform predominantly popular among gamers. It creates specific groups or communities of users who can send voice, text, and other media messages between one another quickly. Last week, Sophos reported a massive increase in the number of malware detection alerts found in Discord.

According to the report, the number of malware incidents on Discord jumped 140 times compared to last year. …


Cybersecurity | Technology

And Guidance for MSPs and Small- and Mid-sized Businesses (SMBs) by CISA

Image from Maxpixel.net | CC0 Public Domain

Managed Service Providers (MSPs) recently draw our attention after being targeted by cybercriminals. As they are typically gaining privileged access to their clients’ infrastructure, attacking one MSP would give attackers access to various systems. That’s why it is an attractive target for cybercriminals (i.e., high ROI).

The recent Kaseya supply chain attack told us all how scalable and serious such an attack can undergo. A REvil ransomware affiliate obtained access to Kaseya systems to access the systems and encrypt data of around 60 of its customers (many of which are MSPs).

This first touch down then further goes down the…


Technology | Cybersecurity

And How to Check If Your Phone’s Been Hacked by Pegasus

Image from Pxhere | CC0

What is Pegasus?

Pegasus is originally Military-grade software for tracking terrorists and criminals. However, according to NSO Group, Pegasus is only used to “investigate terrorism and crime” and “leaves no traces.” It was first discovered in 2014, infected phones via spear-phishing: either specifically crafted text messages or emails that lure a target into clicking on a malicious link.

In short, Pegasus is a spyware that is developed, marketed, and licensed to governments worldwide by the Israeli cyber-surveillance company NSO Group. It is perhaps the most potent piece of spyware ever (certainly by a private company). …


The latest one-stop location to stop ransomware

Screenshot of https://www.cisa.gov/stopransomware

Regarding the recent alarming cyberattacks, especially ransomware, CISA provides us multiple resources for different attack stages, from the beginning to the post-attack era.

People Pay the Ransoms

While companies are urged not to pay ransoms to recover data, significant payouts have been made in just the last six months alone, indicating the increasing severity of ransomware. According to DOJ news, approximately USD350 million in ransoms was paid in 2020, more than a 300% increase from the previous year.

There have been significant attacks against corporations and critical infrastructures like Colonial Pipeline Co. by DarkSide or other healthcare organizations that forced systems to go offline…


Cybersecurity | Microsoft

Including the Out-of-Band Fix For the Windows Print Spooler Remote Code Execution Vulnerability Under Heavy Fire.

Image by Efes from Pixabay | Creative Commons CC0 1.0

On July 14, Microsoft issued patches for 117 CVEs. Above all, four of them are under attack heavily, and six are publicly known. Among all 117 CVEs:

  • Critical = 13
  • Important = 103
  • Moderate = 1

The products and services affected include Microsoft Windows, Exchange Server, Microsoft Office, Dynamics, SharePoint Server, Internet Explorer, Bing, Visual Studio, OpenEnclave, and Windows Storge Space Controller.

Comparing with the previous two months, this Patch Tuesday is more significant than that before — May and June patches 55 and 50 CVEs, respectively, according to the official releases notes. …


Technology |Cybersecurity

Artificial Intelligence Is Not New, but It Is Still in a Maturing Stage in Cybersecurity.

Image from Pxhere | Creative Commons CC0

Cyber is basically a tremendous amount of computers linked together. And AI in cybersecurity is already working 7 x 24 for us. Like malware analysis and automated detection involves massive amounts of data to be reviewed. More AI-assisted security products would be in the market in 2021 as data volume nowadays is already unable to be analyzed by humans only.

The goal of artificial intelligence (AI) is to build more intelligent machines. We saw the applications of AI in multiple domains, including:

  • finance (Algo-trading)
  • logistics (Robo-delivery)
  • healthcare (Machine-assisted diagnostic)
  • manufacturing (Car factories)

and not surprisingly, it is also used in…

Zen Chan

Interested in Infosec & Biohacking. Security Architect by profession. Love reading and running. Top Writer in Privacy. Editor of Technology Hits.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store