If you are a high risk or high net worth user of Google’s popular Gmail platform, Google Drive, or other Google services such as YouTube or Google Analytics, Google has come up with an advanced security program for you.
Thanks to Datarecovery.com, for alerting us to this issue. They have seen a high number RDP (Remote Desktop Protocol) attacks lately. Generally, these attacks are targeting Microsoft Windows-based servers, where port 3389 has been left open.
The attacker scans for open port 3389, and then uses a password dictionary attack to break the server password. Once the password is found, the attacker can exploit the server or sell access to the server ...Continue Reading →
We have covered this issue before, but it bears repeating. The new NIST Digital Identity Guidelines are out, and they have thrown out some old password chestnuts because they did not work, or did not work as intended.
Below are the significant changes to password policy.
Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011. Their report on Dragonfly can be found on their website. While they are cautous when providing attribution, reading between the lines indicates that Dragonfly is probably a Russian based group, possibly working on behalf ...Continue Reading →
Is the U.S. energy sector under attack? The ambitious and sophisticated exploits like this one are usually the work of a nation-state. Who wants to turn off the lights? Last Wednesday we took a look at the US-CERT alert warning about the ongoing cyber-attack against the U.S. electric grid, and on Friday we took a look at many of the tactics, ...Continue Reading →
Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this? Russia? North Korea? Cybersecurity firm Symantec has attributed this attack to a group they have identified as the Dragonfly Group, who may have been responsible for the attack on the Ukrainian electric grid in 2015 and 2016. ...Continue Reading →
Three billion (3,000,000,000) is the current tally of breached user IDs, passwords, and customer account information at Yahoo. This is most assuredly all of the user account information they were holding about their customers. If you were or are a Yahoo account holder, just assume your information is among the lost.
Earlier we reported that this breach may have been less significant because Continue Reading →
October is Cybersecurity Awareness Month, and this week’s theme is Simple Steps to Online Safety.
The toughest part of cybersecurity is securing the human mind, emotions, behaviors, and responses from the making a decision or taking an action that will open the door for a cyber-attacker. The reality is that it is much easier to secure systems than humans. And unfortunately, humans have been given a ...Continue Reading →
The Sophos Naked security blog ran an article in August that was a disappointing revelation about major online brands that allow ridiculously easy user passwords. Just because a web site will permit you to use a bad password, doesn’t mean you should. Our current recommendation is to use passwords of at least 15 characters, and couple that with two-factor authentication at every opportunity.
The password management program Dashlane performed an audit of 37 online brands and rated their ...Continue Reading →
Two-factor and multi-factor authentication are becoming more important and more available as we struggle to secure our information from attackers. These factors are something you know, something you have, and something you are. Biometrics (something you are) are one of the three factors used in computer, network, and application authentication.
Biometrics include thumbprint or fingerprint readers, palm scanners, iris and retinal scanners, facial recognition, speech recognition, and even arcane systems that detect ...Continue Reading →