What Is Social Engineering?

social-engineeringThis should really be called “anti-social” engineering.  A good definition is “social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.”

My article on Wednesday will give an example of phone based social engineering – the fake tech support call. ...

Continue Reading →
0

Perils From The Edge – A Solution

turris-onamiaThere is a small company in the Czech Republic called Turris that developed a home and small office wireless router that may be the most secure small router available.  That is – when it’s available in April.  Right now its an Indegogo project.  You can pre-order it now for about $200.

This is an open-source project running OpenWrt.  According to the manufacturer, the router will be available in several ...

Continue Reading →
0

Perils From The Edge – Home Routers

ubiquitiMonday we looked at issues with the business class routers at Juniper Networks and Cisco Systems.  Today we are going to look at an exploit affecting the Ubiquiti brand of cable modems.

Cable and DSL “modems” are used by most consumers, and many small businesses to connect their home or business network to the Internet.  These “modems” are really routers.

(It has been a personal pet peave of mine that these devices were called modems ...

Continue Reading →
0

Perils From The Edge – Insecure Routers

juniper-networksAt the end of December last year Juniper Networks discovered that some malicious actors had added code to the firmware and software that run their routers, creating a back door that would allow attackers to access the router remotely, assume administrator privileges, and view and decrypt VPN traffic running through the routers.  As the story unfolded, it turns out that Juniper was using a random number generator from NIST, and that the Continue Reading →

0

CIT Cybersecurity Featured in New Business Minnesota

We were recently featured in the January edition of New Business Minnesota.  This is a monthly business magazine published by Pat Boulay.  You can download a copy of our featured article, Cyber-criminals Put Every Business At Risk, here.  There are some additional helpful links below the picture.

NBM-cover

Pat also runs a great business networking meeting once a month as well, on ...

Continue Reading →
0

Twin Cities 2016 CISSP Study Group

I got this announcement yesterday and thought I’d post it here for interested cybersecurity professionals.

isc2-logo

The 2016 CISSP Study Group for (ISC)2 “Common Body of Knowledge Examination” is forming with the first session starting Feb 23, 2016.  The study group is scheduled to last until June 28.

Background:
The board of directors of both the Minnesota Chapter of ISSA and the Twin Cities Minnesota (ISC)2 Chapter agreed to sponsor a CISSP Study Group.  “Our ...

Continue Reading →
0

Interview With Carolyn Heinze – Part Two

Continuing with my interview with Carolyn Heinze:

CH-       What are the key ingredients of a sound security preparedness strategy?

  • BW- They are:
    • Patch
    • Backup
    • Keep anti-malware software updated
    • Watch for and report suspected email exploits
    • Good password policy coupled with two-factor authentication when possible
    • Create an environment of cybersecurity awareness through training and fun employee events.

CH-       When we think of cyber security, the tendency is to consider breaches that come from the outside. What can organizations do to protect themselves from breaches that can potentially come from the ...

Continue Reading →
0

Malwarebytes Tackles Cryptoware

th-paypage-quick-480This is hot off the press.  Yesterday Malwarebytes announced a beta of a new anti-crypto software product designed to stop CryptoWall4, CryptoLocker, Tesla, and CTB-Locker.  You can download the beta here.

According to Malwarebytes:

“Malwarebytes Anti-Ransomware monitors all activity in the computer and identifies actions which are typical of ransomware activity. It keeps track of all activity and, once it has enough ...

Continue Reading →
0

Interview with Carolyn Heinze

I recently had my second interview with freelancer Carolyn Heinze, and the questions were so interesting I decided to replicate the interview in a couple of posts this week.

From: Carolyn Heinze
Subject: Interview Request – tED Magazine

Dear Bob,

I interviewed you a while back for an article on ransomware that appeared in ChannelPro.  I’m working on another article for which I thought you’d make a great source. Here’s the scoop:

I am writing an article on cyber security, and more specifically, ...

Continue Reading →
0

Do You Need A Virtual Private Network?

encryptionA virtual private network, or VPN, is a type of network computer connection that creates a private encrypted communications channel, commonly called a “tunnel,” when using insecure networks, such as in hotels and coffee shops, or when communicating over the Internet.  Many businesses provide a VPN connection for their mobile and traveling employees.  This means that when out of the office, a worker can open the VPN and be connected to the ...

Continue Reading →
0
Page 48 of 60 «...2030404647484950...»