PCI-DSS Standards Tougher in 2015

PCI-DSS Standards Tougher in 2015

If you accept credit cards for payment in your business, then you are subject to the Payment Card Industry Data Security Standard or PCI-DSS.  Up to now, this standard has really been more about compliance, but this year the Payment Card Industry is definitely focusing on real 24/7 365 security.  The industry has been hit hard in the last two years by the BackOff POS exploits that have affected major retailers such as Target, Home Depot, and Staples, as well ...

Continue Reading →
20
JAN
0

General

FIDO to Replace Passwords

FIDO to Replace Passwords

imageWe have come to a point in the history of networking and cybersecurity where we are seeing the effectiveness of passwords falling to the improved cracking tools of cyber-criminals.  At this point the encrypted hash of an 8 character password can be solved in less ...

Continue Reading →
16
JAN
0

General

Manual Account Hijacking: When It Gets Personal

The vast majority of account hijacking attempts are an automated variety running on botnets.  Recently Google released a whitepaper that takes a look at a less common, but more damaging threat – manual account hijacking.  The distinction here is that the affected account is hijacked by a human rather than a machine, and then is exploited for maximum revenue generation by the cyber criminal.

As with the vast majority of all cyber-exploits, this one starts with a phishing email.  The email ...

Continue Reading →
14
JAN
0

General

Sunday Funnies: Slow Drivers

Sunday Funnies: Slow Drivers

imageMy plea (falling on deaf ears I suspect)

  1. If you are going to drive below the speed limit stay out of the left lane.
  2. Slow drivers please stay out of the center lane.  I get it, you are avoiding the merging traffic in the right line ...
Continue Reading →
10
JAN
0

General

FWD: Daily Report Email Scam

If you receive an email titled “Fwd: Daily Report” from a coworker this is a malware attack.  Clicking on the attachment not only launches the Trojan horse downloader, which automatically calls out to a malicious server to download more malware, but it also emails a copy of itself to everyone in your address book.  The details of the email are below:

Email subject: FW:Daily report
Attachment name: F44907162.zip
Body: Please review attached ...

Continue Reading →
9
JAN
0

General

Mail Returned as Undeliverable? What Happened To My Email Account?

Mail Returned as Undeliverable? What Happened To My Email Account?

This has happened to me a couple of times, and I always get panicked calls from clients when it happens to them.  All of a sudden your email inbox is flooded with undeliverable return email messages, sent to people you have never heard of.  Hundreds of them, spanning sometimes as much as a week’s time.  See below.

Has your email account been hacked?  Do you have to change your password?  In a word, NO.  You are merely the victim of “spoofing,” ...

Continue Reading →
7
JAN
0

General

9 New Year’s Resolutions–Cybersecurity Version

In 2015, I resolve to:

  • Back up my data – this means your work product, pictures, music and any other irreplaceable files stored on your hard drive.  Backup once to an external drive attached to your computer, and a second time to an online service such as our recommended solution, Carbonite.
  • Create longer and complex passwords (10 characters or more).  Long passwords take more time to crack using brute force methods.  A 7 character password can generally be cracked in a ...
Continue Reading →
2
JAN
0

General

Page 6 of 49 «...45678...»