Phishing – Not Just For Email Anymore

You know those surveys, games, and “like and copy” messages that your Facebook “friends” share with you?  Would you be surprised to learn that many of these “fun with friends”  activities are just cover for a new form of phishing exploit?  In the last few years phishing attacks have evolved from a primarily email-based attack into attacks using other vectors including surveys, games, gifts and prizes, and social networks.

Continue Reading →

0

Data Privacy Day

Next Monday Jan 28 is Data Privacy Day.  According to StaySafeOnline.org, “Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.

The ...

Continue Reading →
0

Recovering From A Cybersecurity Incident

Ever feel like there should be a 12-step program for your cybersecurity career?  “Hello, I’m Bob and I’m a recovering cybersecurity professional.”  Doing the same old “defense in depth” stuff and still the barbarians get onto your network and wreak havoc.  Remember the definition of insanity?  “Doing the same thing and expecting different results.”  As with any 12-step program, the first step would ...

Continue Reading →
0

It’s Income Tax Fraud Season Again

Every year about this time, cyber-criminal groups start to ramp up for the annual income tax fraud season.  If you would prefer to receive your own tax refund, as opposed to letting some scam artist get it instead, the basic solution is to file your returns as early as possible.  Here are some things to be watching for.

  • W-2 reports phishing scam – This phishing scan usually targets company HR department personnel, ...
Continue Reading →
0

Securing Your Social Network Accounts

One of the worst things that can happen to you online is when someone hijacks one of your social network accounts.  When unauthorized bad-actors get your Facebook or Twitter password, they can use your account to impersonate you, and to send all sorts of friend requests, share requests, spam, and posts with click-bait links that can lead your friends to web pages that will steal their information or silently download and ...

Continue Reading →
0

Irainian Phishing Campaign Attempts to Bypass 2FA

A new phishing campaign by the Iranian state-sponsored group known as “Charming Kitten” is using new tactics to trick users out of their passwords and both SMS and app generated two-factor codes.  Charming Kitten is tied to the Islamic Revolutionary Guard.  This campaign has been ongoing since October 2018.  Information on this attack was released on December 18, 2018 by Certfa Lab.

Targets of these attacks are high-ranking individuals in the financial ...

Continue Reading →
0

Your Location is For Sale

I have written before about how our smartphones are ratting out our location, using GPS and even just cell tower location information.  The New York Times recently published a story that followed a woman throughout her day and discovered that her location was collected over 8000 in a single day.  From the location database they purchased from a location data broker, they were ...

Continue Reading →
0

EMV Cards Not Preventing Card Data Theft

The implementation of EMV (Europay, Master Card, Visa) or “chip” cards have not reduced the instances of credit card theft in the US.  The reason:  WE ARE DOING IT WRONG!!  I have been writing about the late implementation of EVM for years, and complaining about the “chip and sign” method we are using in the United States, vs. the much more secure “chip and PIN” method used in Europe, where they ...

Continue Reading →
0

Chinese Attacks Against MSPs and IT Support Companies Puts Clients At Risk

US-Cert recently released the following warning to businesses, governmental units, and other organizations who contract their computer support to computer support companies that are known as Managed Service Providers or MSPs.  An MSP provides support principally by using remote monitoring, remote access, and remote control software products.  They install a monitoring tool called an “agent,” and a command and control device on the ...

Continue Reading →
1

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Securing New Devices

12/28/2018 03:57 PM EST  Original release date: December 28, 2018

During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of ...

Continue Reading →
0
Page 2 of 65 12345...»