Another Lottery Scammer Nabbed by the Feds

We have reported previously about Operation Hard Copy.  This is from the US Department of Justice: The US Marshall’s Service arrested another member of the North Dakota lottery scam in Jamaica recently.

“United States Attorney Chris Myers announced today, that the U.S. Marshals Service, working with Jamaican law enforcement, has located and apprehended another man charged with participating in an international organized crime advance fee “lottery scam” which defrauded at least 90 mostly ...

Continue Reading →
0

Compliance is not Security

I am often asked to explain the difference between a security compliance audit, a vulnerability assessment, and a penetration test.  These exercises do many of the same things, but to a different degree.  A security compliance audit is like a 5K fun run, where a vulnerabilty assessment is more like a marathon.  A penetration test is an iron man competition.

In the course of ...

Continue Reading →
0

Tax Dollars At Work: FTC and US-CERT Resources for SMBs

US-CERT sent an announcement on May 9th about new resources for small and medium size business owners and managers.  Protecting Small Businesses can be found on the FTC website.  It includes information about:

  • Protecting your business from scams
  • Cybersecurity
  • Data breach response
  • Protecting personal information

There are also helpful videos about:

  • Building security into software development
  • Controlling access to data
  • Defending against ransomware
  • Fraud
  • Data ...
Continue Reading →
0

Report and Recover from Identity Theft with New FTC Service

Identity theft is a crime that can take years to recover from.  One of the early problems for an identity theft victim has been the requirement to file a police report.  Many police departments do not devote much effort to identity theft, so sometimes getting the police to actually create a report and provide you with a report number can difficult.  If the ...

Continue Reading →
0

Russian Bot-Herder and Spammer Pinched By FBI

Russian cyber-criminals are hard to arrest, because there is no extradition treaty between the US and Russia.  The Russian government allows them to prosper as long as they do not attack anything in Russia.  The Russian government also contracts with these criminal groups when they need some state sponsored hacking done, a la Grizzly Steppe.   In Russia, these guys are considered to be just very successful business men. They have achieved ...

Continue Reading →
1

Security Standards for the Internet of (Insecure) Things?

Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT).  Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point.  If only the people who are designing these devices, ...

Continue Reading →
0

Don’t Make Yourself A Target

Many social network sites make it too easy to overshare personal information.  An innocent post to Twitter or Facebook, or pictures uploaded to SnapChat or Instagram can help a criminal target you.  Online posts that identify your location, your travel and vacation plans, your employer, your home, and your personal possessions can be used by criminals to plan an crime.  Kidnapping ...

Continue Reading →
0

US-CERT Releases More About Grizzly Steppe

US-CERT just released more information about the Grizzly Steppe cybercrime group who has been fingered for hacking the DNC and US voter registration databases.  The short  report, titled Enhanced Analysis of GRIZZLY STEPPE Activity, makes interesting reading, especially if you are interested in finding out more about state-sponsored political espionage.  See pages 4-7 for the main story.

The Grizzly Steppe group is certainly ...

Continue Reading →
0

The Problem With Biometric Authentication

NIST is working on new authentication standards, and there are some surprising changes coming out of this effort.  One of the issues that NIST is dealing with is the use of biometrics for authentication.  But there are problems with biometrics.  Here they are from the NIST Special Publication 800-63b.  Emphasis is mine.

“5.2.3. Use of Biometrics

For a variety of reasons, this ...

Continue Reading →
0
Page 1 of 5 12345