Income Taxes – File Early to Beat the Hacker

The early bird gets the worm.  The second mouse gets the cheese.  The late tax filer gets nothing.  Why?  April is tax fraud time.  The best way to avoid losing your tax refund to a scammer is to file as early as possible, before the tax fraudster can get it done.  Having said that, this information would be more valuable in January than in April.  From US-CERT.

Tax Guidance ...

Continue Reading →
0

Something You Are: Typing Cadence

What would it be like if you could identify yourself and authenticate your account by the way you type?  A Romanian company, TypingDNA, has created a Chrome extension that does just that.

I am a big advocate of two-factor authentication, but there are some problems.  One of the three types of authentication is biometrics, which is “something you are.”  NIST, in SP 800-63B states ...

Continue Reading →
0

What Security Advice Do The Experts Offer?

I recently read an article from Heimdal Security about online safety.  In this article Heimdal had asked 18 experts in the field of cybersecurity for their top 3 ideas about how to stay secure.  The contributors included top cybersecurity professionals from several anti-malware companies, security bloggers, and cybersecurity industry professionals.  The original article is here.

What I found interesting were the ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


History of Flying Saucer Sightings

From the Smithsonian:  A look at the history of unexplained flying objects through the lens of human technological change.


FTC Warns of Online Dating Scams

02/01/2018 09:22 PM EST Original release date: February 01, ...

Continue Reading →
0

How Email Accounts Are Hijacked

The most devastating exploit that can happen to you is to have your email account hijacked.  We have spilled a lot of pixels on this subject (see below).  The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.

Google recently released a study that analyzed how Gmail accounts are hijacked.  If you have an Android smartphone, you have a Gmail ...

Continue Reading →
0

The End of Passwords?

Every year some pundit declares that the password will soon be dead.  I have been proclaiming for several years now that the password, by itself, is no longer a suitably strong form of security, and have been a champion for two-factor authentication.

Microsoft has recently stated that their Windows Hello facial recognition system is a suitable replacement for passwords.  Windows Hello was ...

Continue Reading →
0

Free Dark Web Report from Experian – Part Three

On Monday and Wednesday we took an in depth look at the free dark web scan being offered by Experian.  As we found out on Wednesday, I was not too impressed with the results of the free scan.  Better information is available from HaveIBeenPwned.com.

What is Experian really offering?  The free scan just looked for the email address I provided, the ...

Continue Reading →
0

Free Dark Web Report from Experian – Part Two

On Monday we started an investigation into the free dark web scan that is being offered by credit agency Experian.  Again, this is NOT Equifax, who breached our information last year.  This is a different credit agency.

When we ran the free scan on Experian, they found three results.  But I knew there was more to find, because I had already ...

Continue Reading →
0

Free Dark Web Report from Experian – Part One

I caught an ad on TV the other night that made me curious.  Experian is offering a “free dark web report,”  ostensibly to see if any of your personal data is for sale on the Dark Web.  Well I don’t really need a test to tell me that.  Since the Equifax breach, I am pretty sure all of us have information for sale ...

Continue Reading →
0

Privileged Accounts Are Poorly Managed

Privileged accounts, typically administrator accounts, are the all powerful user accounts who can do anything on a computer, server, network, or domain.  These are the top targets for cyber-criminals and other malicious hackers.  And they generally are poorly managed.  Here are some common mistakes we see when conduction security reviews for clients.

  • Domain, Network, and Server Administrators – These accounts are often used as ...
Continue Reading →
0
Page 2 of 12 12345...»