Adult Site Breach Exposes Weak Hashing

affThe site Adult Friend Finder, the “world’s largest sex and swingers site” recently exposed 412 million user credentials due to poor, or in some cases, non-existent password hashing practices. The biggest group losses were:

  • 339 million users of AdultFriendFinder.com
  • 62 million users of webcam site cams.com
  • 7.1 million users of Penthouse.com
  • 1.4 million users of stripshow.com

As we discussed last week, the reason that the Yahoo breach went unreported is ...

Continue Reading →
0

Cybersecurity Top 10

cybersecurity_436x270As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short.  This was the year, you promised yourself, that we get a handle on computer and network security.

Well it is not too late to get a start, and here is a short ...

Continue Reading →
0

Additional Notes from the Cyber Security Summit

cyber-security-summit-2016On Monday we looked at the some of the primary attack vectors used by cyber-criminals.  Here are the rest of the attack vectors that Kevin Thompson from FireEye shared at the Cyber Security Summit.  Many of these are significant twists on old exploits, or more sophisticated exploits.

  • Attacks using legitimate services.
    • Social networks – make friends or connections, gather information.
    • Cloud storage services to host malware downloads.  Link looks legitimate, its from Google Docs or DropBox.
    • Comment ...
Continue Reading →
0

What Should You Do If Your Info Is Breached?

US-CERTUS-CERT sent out an announcement in September about a new video from the FTC for people whose personal information may have been breached in a cyber incident.  There are tips on reporting, and how to recover with tools such as a credit freeze or fraud alert.  There are many links on both the CERT and the FTC websites to resources. ...

Continue Reading →
0

FTC Issues Alert for Rental Car Users

DHSBack on August 31 I received an email from the Department of Homeland Security about a set of FTC recommendations for people using rental cars.  I have experienced this issue myself.  Basically, it is simple and relatively convenient to connect a smartphone to the smart vehicle’s infotainment system in order to enjoy hands free phone calls, stored musical tracks, and the phone’s navigation application.  The problem is that the car ...

Continue Reading →
0

Mobile Security Tips

smartphone-securityAs we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important.  Smartphones, tablets, wearable tech,  and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off.  When these devices are stolen, you lose much more than the hardware.  Every bit of information on the device is up for grabs too, from contact lists, personal information, mobile ...

Continue Reading →
0

What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some ...

Continue Reading →
0

100 Things Facebook Knows About You

facebookI read about this on Naked Security, and popped over to the Washington Post to read the full story and list.  I knew this was happening, but it is freaky to see the entire list.  Facebook collects this information to deliver ads that are targeted at your interests and preferences.  If it seems that some of the ads that show up in your feed are weirdly right on ...

Continue Reading →
0

BEC – How Cyber-Attackers Can Rip Off Your Company

ic3We warned our readers about the FBI alert regarding the Business Email Compromise scam on July 6.  Cyber-criminals have successfully bilked US companies of over 3 billion dollars since January 2015.  Typically this exploit starts by the attacker gaining knowledge of the CEO’s or other highly placed executive’s user credentials to their email account.  This is most often done using a spearphishing email, but could also be accomplished ...

Continue Reading →
0
Page 4 of 7 «...23456...»