Need a Personal Cyber Security Staff? Rubica May Be the Answer

I was recently introduced to a personal cybersecurity service called Rubica.  If you are looking for a company that can provide you and your family or your small business with the kind of cybersecurity operations that are available to larger companies, this may be for you.

A bad day for me starts with a client calling to say, “I was hacked,” or to hear that they have fallen prey ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


US-CERT: Alert (TA17-181A) Petya Ransomware

Systems Affected

Microsoft Windows operating systems

Overview

This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center’s (NCCIC) analysis of the “NotPetya” malware variant.

The scope of this Alert’s analysis is limited to the newest Petya malware variant that ...

Continue Reading →
0

How Hard Is It To Become A Cyber-Criminal?

According to a recent article on Naked Security, not at all hard.  While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.

Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400.  And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically. ...

Continue Reading →
0

Will Artificial Intelligence Beat Real Intelligence?

One of the persistent memes that interest me is the impending event sometimes known as “the singularity.”  This is a probable future where our electronic devices become self-aware and fully autonomous.  We see the beginnings of this happening all around us in devices like Amazon’s Alexa and Echo, The Nest and Google communities of smart devices, self-driving vehicles, and all the Internet of Things (IoT) devices that listen to ...

Continue Reading →
0

Malicious Android Apps Steal Text Messages

Sophos Naked Security alerted us to two Android apps that are included in the Google Play Store as legitimate apps.  This makes these apps particularly dangerous, if you are following our advice to only install apps from legitimate sources.  Once installed, they download a plug-in that harvests your text messages and sends them to a web server.  Since the plug-in is downloaded after ...

Continue Reading →
0

Not All Attacks Are Cyber Attacks – Watch For Phone Scams Too

As long as we are on the subject of telephone fraud, here is a post inspired by a recent article from Naked Security.  It reminded me that not all attacks are high-tech cyber-attacks.  The phone is still an effective tool used by criminals to extract cash from their victims, and the losses can be in the thousands.

Here are some different scams run by these scammers:

  • Tech support scam:  Callers ...
Continue Reading →
0

Is Phone Phreaking Still A Thing? Recent FBI Arrest Says Yes

Phone phreaking refers to the exploration of phone systems and networks to discover how they work.  It also refers to the exploitation of telephone lines and systems in order to make free long distance calls.   Like the term “hacking,” it can refer to both the curious and the criminal.

Time to climb into Mr Peabody’s WABAC Machine for our history lesson.  Phone phreaking got its start in the ...

Continue Reading →
0

Email Account Hijacking – Part 4 Prevention and Dectection

Last week we went deep on the subject of just how bad losing control of your email account can be.  Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.

Prevention is the best solution.  Your email account is one of the crown jewels ...

Continue Reading →
0

Email Account Hijacking – Part 3 Extending the Exploit

On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker.  Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.

They have already proven that you are susceptible to phishing and other social engineering exploits.  So sending the victim other phishing emails that allow more access ...

Continue Reading →
0
Page 1 of 39 12345...»