Start Your Cybersecurity Plan

There are a number of great frameworks for developing your cybersecurity plan.  Two of our favorites are the NIST-CSF and the 20 CIS Controls.  We have written about these excellent tools before here (CIS Controls) and here (NIST-CSF).

Back in December we received an email from Pete Herzog of ISECOM about a new, open-source methodology manual for cybersecurity defense. ...

Continue Reading →
0

Watch Out For Fake Mobile Apps

The Federal Trade Commission recently released an warning about fraudulent mobile apps.  These apps are designed to steal personal information such as user names, passwords, credit card numbers, and other personal information.

My advise is to always get your app from an authorized app store, such as the Apple Store or the Google Store.  These apps have been tested for the most part.

Another idea ...

Continue Reading →
0

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have ...

Continue Reading →
0

U.S. House Supports Encryption

The House Judiciary Committee’s Encryption Working Group has released a report that comes out in favor of strong encryption, and opposed to the daft notion of creating encryption  “backdoors” for law enforcement and government to use.  As we have expressed in this blog previously, the concept that the secret backdoor keys could somehow be kept securely, when nothing else seems to be able to be kept secret, is the main ...

Continue Reading →
0

Crystal Ball Gazing for 2017

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post.  Guess which one this is?  I’ve been reading the pundits, and considering my own findings as a cybersecurity professional.  I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

  • Continued issues with crypto-ransomware in ...
Continue Reading →
0

The Russians Are Coming!

Cybersecurity professionals are in agreement.  The Russians appear to have been actively engaged in influencing the outcome of our recent Presidential election.  Specifics include compromising and taking over Hilary Clinton’s chief of staff, John Podesta’s personal Gmail account.  This spear phishing exploit used a “near-miss” domain name of “accounts.googlemail.com”  to trick John into clicking on a link and and entering his email credentials.  The real domain name is accounts.google.com.

There was also ...

Continue Reading →
0

10 Tips To Secure Your New Christmas Devices

If Santa brings you a bunch of new electronic toys for Christmas, take an extra moment to secure them properly.  Many new devices will work fine straight out of the box, but this usually means they are set up with very insecure manufacturer defaults.  Here are our tips:

  • Default passwords – Always take a moment to replace the default user name and password (often just “admin” and “password”) with something more secure.  Passwords should ...
Continue Reading →
0

Facebook Searches Dark Web For Stolen Passwords

facebookThis actually is in the “good news” department.  The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites.  As we have discussed here many times, password reuse creates a serious security vulnerability.  If the cyber-crooks have your password for one site, they will try it on ...

Continue Reading →
0

Are ICS and SCADA Systems the Next IOT Disaster?

industrial-securityThere is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories.  We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.

We saw the kind of damage that an IoT botnet ...

Continue Reading →
0

You Just Got An Email From A Friend – But It Was A Phish

Email_thumb2One of the hardest types of phishing emails to defend against are those that come from the email account of a friend or trusted business associate, such as your dentist, lawyer, realtor.  The sender’s email address is not spoofed, because the malefactor has tricked them into providing their email address password.  The bad guys are actually logged into  your friend’s email account,  and now they are trying to do the same thing to ...

Continue Reading →
0
Page 42 of 61 «...1020304041424344...»