Password Spraying is a New Type of Brute Force Attack

Password spraying is a new password exploit that is being used effectively against larger networks.  It’s become enough of a problem to merit an alert from US-CERT entitled TA18-086A: Brute Force Attacks Conducted by Cyber ActorsHere’s how it works.

Typically, in a traditional brute-force password attack, the password cracking software runs a long list of every possible password against a system.  In ...

Continue Reading →
0

Why Would Someone Hijack My Website?

If you own a small business, you have a website.  Would you be surprised to learn that your site is a top target of cyber-criminals?  Most people believe their business is too small and insignificant to be interesting to attackers, but your website is valuable to them precisely because it is small.

What makes a small business website an attractive target?   It is ...

Continue Reading →
0

Income Taxes – File Early to Beat the Hacker

The early bird gets the worm.  The second mouse gets the cheese.  The late tax filer gets nothing.  Why?  April is tax fraud time.  The best way to avoid losing your tax refund to a scammer is to file as early as possible, before the tax fraudster can get it done.  Having said that, this information would be more valuable in January than in April.  From US-CERT.

Tax Guidance ...

Continue Reading →
0

Something You Are: Typing Cadence

What would it be like if you could identify yourself and authenticate your account by the way you type?  A Romanian company, TypingDNA, has created a Chrome extension that does just that.

I am a big advocate of two-factor authentication, but there are some problems.  One of the three types of authentication is biometrics, which is “something you are.”  NIST, in SP 800-63B states ...

Continue Reading →
0

What Security Advice Do The Experts Offer?

I recently read an article from Heimdal Security about online safety.  In this article Heimdal had asked 18 experts in the field of cybersecurity for their top 3 ideas about how to stay secure.  The contributors included top cybersecurity professionals from several anti-malware companies, security bloggers, and cybersecurity industry professionals.  The original article is here.

What I found interesting were the ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


History of Flying Saucer Sightings

From the Smithsonian:  A look at the history of unexplained flying objects through the lens of human technological change.


FTC Warns of Online Dating Scams

02/01/2018 09:22 PM EST Original release date: February 01, ...

Continue Reading →
0

How Email Accounts Are Hijacked

The most devastating exploit that can happen to you is to have your email account hijacked.  We have spilled a lot of pixels on this subject (see below).  The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.

Google recently released a study that analyzed how Gmail accounts are hijacked.  If you have an Android smartphone, you have a Gmail ...

Continue Reading →
0

The End of Passwords?

Every year some pundit declares that the password will soon be dead.  I have been proclaiming for several years now that the password, by itself, is no longer a suitably strong form of security, and have been a champion for two-factor authentication.

Microsoft has recently stated that their Windows Hello facial recognition system is a suitable replacement for passwords.  Windows Hello was ...

Continue Reading →
0
Page 3 of 14 12345...»