Netgear Routers Will Need Firmware Update.

If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection.  This is a security bug that could allow a remote attacker to access your router.  This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.

Vulnerabilities such as this one ...

Continue Reading →
1

Start Your Cybersecurity Plan

There are a number of great frameworks for developing your cybersecurity plan.  Two of our favorites are the NIST-CSF and the 20 CIS Controls.  We have written about these excellent tools before here (CIS Controls) and here (NIST-CSF).

Back in December we received an email from Pete Herzog of ISECOM about a new, open-source methodology manual for cybersecurity defense. ...

Continue Reading →
0

Watch Out For Fake Mobile Apps

The Federal Trade Commission recently released an warning about fraudulent mobile apps.  These apps are designed to steal personal information such as user names, passwords, credit card numbers, and other personal information.

My advise is to always get your app from an authorized app store, such as the Apple Store or the Google Store.  These apps have been tested for the most part.

Another idea to ...

Continue Reading →
0

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

U.S. House Supports Encryption

The House Judiciary Committee’s Encryption Working Group has released a report that comes out in favor of strong encryption, and opposed to the daft notion of creating encryption  “backdoors” for law enforcement and government to use.  As we have expressed in this blog previously, the concept that the secret backdoor keys could somehow be kept securely, when nothing else seems to be able to be kept secret, is the main fatal ...

Continue Reading →
0

Crystal Ball Gazing for 2017

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post.  Guess which one this is?  I’ve been reading the pundits, and considering my own findings as a cybersecurity professional.  I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

  • Continued issues with crypto-ransomware in 2017 ...
Continue Reading →
0

The Russians Are Coming!

Cybersecurity professionals are in agreement.  The Russians appear to have been actively engaged in influencing the outcome of our recent Presidential election.  Specifics include compromising and taking over Hilary Clinton’s chief of staff, John Podesta’s personal Gmail account.  This spear phishing exploit used a “near-miss” domain name of “accounts.googlemail.com”  to trick John into clicking on a link and and entering his email credentials.  The real domain name is accounts.google.com.

There was also a ...

Continue Reading →
0

10 Tips To Secure Your New Christmas Devices

If Santa brings you a bunch of new electronic toys for Christmas, take an extra moment to secure them properly.  Many new devices will work fine straight out of the box, but this usually means they are set up with very insecure manufacturer defaults.  Here are our tips:

  • Default passwords – Always take a moment to replace the default user name and password (often just “admin” and “password”) with something more secure.  Passwords should be ...
Continue Reading →
0

Facebook Searches Dark Web For Stolen Passwords

facebookThis actually is in the “good news” department.  The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites.  As we have discussed here many times, password reuse creates a serious security vulnerability.  If the cyber-crooks have your password for one site, they will try it on other ...

Continue Reading →
0

Are ICS and SCADA Systems the Next IOT Disaster?

industrial-securityThere is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories.  We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.

We saw the kind of damage that an IoT botnet could ...

Continue Reading →
0
Page 5 of 24 «...34567...»