Junkin’ Jack Flash

flash-logoAdobe’s Flash program has been a security nightmare. A favorite among malware writers for ages, Flash is useful for doing things like creating fake security pop-up alerts and conning computer users into buying security programs that don’t work and carry malicious content.  And it seems that there is another “zero-day” vulnerability discovered every three days.

Do we really need Flash?  No we don’t.  iPhones and iPads ...

Continue Reading →
0

Word and Excel Macro Viruses Are Back

macro-virusUsing BASIC or Visual BASIC programming scripts can add automation and other functions to documents created in the Microsoft Office productivity suite of products.  Unfortunately, this feature can be used by cyber-attackers to send malware exploits in otherwise innocuous looking documents that most people would open without a second thought.

The macro virus goes back to 1995, the most infamous being the Melissa email macro virus that $80 million in damages to US ...

Continue Reading →
0

Scary Disguises Hide Malware Too

goblinIt’s Halloween tomorrow, the traditional time when we dress up in scary or not-so scary costumes to disguise our identity and trick our friends and family.  It’s good to remember that malware often uses disguises to trick us into committing an action that releases the attack.  What follows are my scary Halloween stories.

  • Social Engineering – In this exploit the attacker may present themselves in person, over the phone, or by email, ...
Continue Reading →
0

AppGuard – Computer Security That Works

AppGuardI am often asked by frustrated clients “Why doesn’t traditional anti-virus and Internet security software products work?”  The unfortunate answer I have to give them is “It’s your fault.”  The more diplomatic answer I really use is that the security software cannot prevent something that is explicitly allowed by the computer user.  And the computer user is easily tricked into opening a file ...

Continue Reading →
0

Why Defense Doesn’t Work

Now that football season has started, there will be a lot of discussion about why great defenses don’t win football games.  Defense is not enough in the realm of cybersecurity, either.  I recently attended a webinar put on by The Open Web Application Security Project (OWASP) featuring Mike Benkovich (@mbenko) that discussed this concept as it applied to the DevSecOps (or SecDevOps) or the secure development of web applications.  It is not enough to write code that works, it also ...

Continue Reading →
0

Beware Pop-Up Security Alert Scam

I have been getting a lot of calls about this one, and I finally was able to get a screen print of the message.  When this happens to you – DO NOT CALL the provided number.  You will end up allowing them to connect remotely and then they will convince you to spend $300 to fix the problem.  You do not really have a problem, until you make the call.  To fix this, read to the bottom.

Continue Reading →

0

Linux Security

linux-logoIn our last post we may have introduced some of you to the idea of using Linux as a replacement for your Windows desktop or laptop.  Toward the end we touched on security, and this post will expand on that issue.

There is a fanatical cohort in the Linux realm that will tell you that Linux is secure by design and so security software is not necessary. And nobody is writing malware ...

Continue Reading →
0

Weakest Cybersecurity Link – It’s Your Staff

coworkersAll the expensive high-tech cybersecurity goodies cannot prevent someone in your employ from clicking a malicious link in an email and opening a gateway to further network exploitation.  That is the findings of ProofPoint in The Human Factor Report 2015.  The discouraging point for those of us who advocate employee training as an important part of an overall cybersecurity strategy is that in spite of training, people are still more likely ...

Continue Reading →
0
Page 4 of 5 12345