When I am speaking or training, and the subject turns to penetration testing, I make certain to explain to the class or audience that nearly everything a pen-tester does violates federal laws. For starters, there is the Computer Fraud and Abuse Act. There are many other computer laws at both the federal and state levels.
Penetration testing takes a vulnerability assessment to the next ...
Continue Reading →
One of my clients was the victim of a cyber-crime, and I reported it to the FBI’s Internet Crime Complaint Center. Today I will discuss how the process worked.
My client called me to help her after someone posing as her intercepted a payment on an invoice that she sent to one of her customers. The way this worked is that some time in the past, her business email account had ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There’s now an app that can detect them:
The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana ...
Continue Reading →
We recently wrote about the upsurge in ransomware attacks, and one of the examples in that article was the recent attack on about two dozen governmental and educational networks in the state of Texas. Texas was initially tight lipped about what they were doing to mitigate the attack, in an effort to prevent the attackers from learning about their defensive strategies and systems, and adapting their ...
No one is immune from cyber-attacks anymore, and that includes Apple and Linux systems. Lately there has been a lot of activity around crypto-ransomware attacks against Linux servers. When you consider that a very large percentage of servers working on the Internet are running Linux under the hood, this is a critical issue.
February 2019 brought us the ransomware variant B0r0nt0k, which encrypted server contents and then demanded as much as ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.As cybercriminals grow more sophisticated and news of major breaches reach headlines nearly daily, cybersecurity professionals are in high demand: There are currently nearly 3 million unfilled cybersecurity jobs worldwide, ISC(2) found.
Original release ...
Continue Reading →
You might have heard that the founder of Twitter, Jack Dorsey, recently had his Twitter account hijacked. You are probably wondering how a tech-savvy founder of a technology company could possibly lose control of his account at his own company. Personally, I can’t think of anything more embarrassing. It turns out the culprit was his phone. Specifically, the SMS texts ...
A couple years ago, it looked like crypto-ransomware attacks were falling by the wayside. Business email compromise (email account hijacking) and associated wire transfer fraud were becoming easier and more successful for cyber-criminals than ransomware. I made some predictions in this blog and in public presentations that ransomware had seen it’s day. Unfortunately, I was wrong. In 2018 ...
A quick Saturday digest of cybersecurity news articles from other sources.Under the overarching theme of ‘Own IT. Secure IT. Protect IT.’, the 16th annual National Cybersecurity Awareness Month ...
Continue Reading →
If you visited certain websites with your iPhone (or Android or Windows device**) over the last two years, it is possible that your iPhone downloaded and installed malware that allowed attackers to intercept and record everything you did and everywhere you went with your iPhone. This includes real-time location information, all your emails and messaging (including encrypted versions ...