You just got infected with SamSam crypto-ransomware. What if I told you I had a secret process that guarantees I can recover your files that have been encrypted by a ransomware attack. Would you pay me to get your files back?
Brian Krebs tweeted on May 16 about ProPublica’s investigative article about ...
Continue Reading →
I have been saying for some time now that passwords by themselves are no longer an effective form of security. Too easy to hack, too easy to crack. Currently my go to recommendation is any form of two-factor authentication. Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.
On the horizon there are other authentication options that may replace passwords entirely. Here are a ...
Continue Reading →
Recently the ISSA (Information Systems Security Association) released the results of a survey they took in December 2018. There is a shortage of qualified cybersecurity professionals; not enough people are entering the field, and those with ten or more years of experience may be leaving the field due to stress, lack of a career path, and ineffective mentoring.
The ...
Continue Reading →
The powerful Anubis banking Trojan is showing up in the Google Play Store in other apps. Currently, Anubis is masquerading as a battery saver and currency converter. This Android banking Trojan launches a fake app overlay screen when the user opens the app. The user enters his or her account credentials into the fake overlay, which allows the Anubis malware to steal the data. Anubis can imitate 377 financial apps ...
A quick Saturday digest of cybersecurity news articles from Bruce Schneier.Bruce Schneier explains once again why encryption back doors for cops means back doors for crooks too. “The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of ...
Continue Reading →US-CERT and CISA recently released a warning about a new tunneling malware application that the North Korean cyber operations group is using to move information from one computer to another, in order to exfiltrate that data. You can read about it at Malware Analysis Report (AR19-129A) MAR-10135536-21 – North Korean Tunneling Tool: ELECTRICFISH
Continue Reading →“This report provides analysis of one malicious 32-bit Windows executable file. The malware implements a custom protocol that allows traffic to be tunneled between ...
Have you recently migrated to Microsoft Office 365 for your company email services? US-CERT and CISA recently released Analysis Report (AR19-133A) Microsoft Office 365 Security Observations that described several security flaws or weaknesses inherent in the default deployment of O365.
Here are the findings of that report. The good news is that these are shortcomings with the default, out-of-box experience. These issues can be corrected through configuration. ...
Continue Reading →
Last week we took a deeper look at VPN services courtesy of a guest post from The Gadget Enthusiast. This article concludes the series.
Torrents are just the files that contain the information related to other files and folders that are distributed across the computers. For example, if you want to download a movie using torrent, then ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.Update your Firefox to version 66.0.4 and your TOR browser to version 8.0.9 to fix the problem with intermediate certificate verification.
Original release date: April 26, 2019
The Federal Trade Commission (FTC) has released an article with tips for parents to keep ...
Continue Reading →This week we are taking a deeper look at VPN services courtesy of a guest post from The Gadget Enthusiast.
So far, we’ve learned that the VPNs route your requested data through their servers to keep you anonymous.
But, as it happens with many things in the tech world, there’s not one but many different methods to ...