If you are a high risk or high net worth user of Google’s popular Gmail platform, Google Drive, or other Google services such as YouTube or Google Analytics, Google has come up with an advanced security program for you.
Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011. Their report on Dragonfly can be found on their website. While they are cautous when providing attribution, reading between the lines indicates that Dragonfly is probably a Russian based group, possibly working on behalf ...Continue Reading →
Is the U.S. energy sector under attack? The ambitious and sophisticated exploits like this one are usually the work of a nation-state. Who wants to turn off the lights? Last Wednesday we took a look at the US-CERT alert warning about the ongoing cyber-attack against the U.S. electric grid, and on Friday we took a look at many of the tactics, ...Continue Reading →
Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this? Russia? North Korea? Cybersecurity firm Symantec has attributed this attack to a group they have identified as the Dragonfly Group, who may have been responsible for the attack on the Ukrainian electric grid in 2015 and 2016. ...Continue Reading →
October is Cybersecurity Awareness Month, and this week’s theme is Simple Steps to Online Safety.
The toughest part of cybersecurity is securing the human mind, emotions, behaviors, and responses from the making a decision or taking an action that will open the door for a cyber-attacker. The reality is that it is much easier to secure systems than humans. And unfortunately, humans have been given a ...Continue Reading →
The Sophos Naked security blog ran an article in August that was a disappointing revelation about major online brands that allow ridiculously easy user passwords. Just because a web site will permit you to use a bad password, doesn’t mean you should. Our current recommendation is to use passwords of at least 15 characters, and couple that with two-factor authentication at every opportunity.
The password management program Dashlane performed an audit of 37 online brands and rated their ...Continue Reading →
Two-factor and multi-factor authentication are becoming more important and more available as we struggle to secure our information from attackers. These factors are something you know, something you have, and something you are. Biometrics (something you are) are one of the three factors used in computer, network, and application authentication.
Biometrics include thumbprint or fingerprint readers, palm scanners, iris and retinal scanners, facial recognition, speech recognition, and even arcane systems that detect ...Continue Reading →
Last Friday we covered some of the security issues travelers can face when staying at a hotel. Today we are going to look at air travel – specifically the bad things that can happen to you if you carelessly discard or foolishly post a picture online of your airline boarding pass.
For some reason, people like to post images of their boarding passes on ...Continue Reading →
Last week we went deep on the subject of just how bad losing control of your email account can be. Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.
Prevention is the best solution. Your email account is one of the crown jewels ...Continue Reading →
On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker. Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.
They have already proven that you are susceptible to phishing and other social engineering exploits. So sending the victim other phishing emails that allow more access ...Continue Reading →