What You Can Do After The Equifax Breach

The Equifax breach has been all over the news this weekend, and it should be.  This is worse than they are telling us.  It most certainly DOES affect you, if you are adult and have ever purchased a car or opened a credit card account.  Don’t wait to be told you are a victim.  Assume you are a victim.

In a world where we are all suffering from “breach fatigue,” having suffered through dozens if not hundreds of these revelations about ...

Continue Reading →
0

Phishing Protection In Outlook and Office 365

There are four ways that a typical business user on a Microsoft Outlook/Exchange/Office 365 platform can utilize.  While these may not be perfect, and all of them have issues, applying these solutions will help prevent your users for falling victim to phishing emails.  These solutions are additive, and each additional solution deployed provides a further layer of protection.

Junk Mail Filter – Outlook comes with a built-in Junk Mail filter that, while ...

Continue Reading →
0

Investigating Email Headers

When I am investigating an email exploit, I will take a look at the email headers.  Email headers in an email are a lot like the html code in a web site.  This is information that the machines that create, send, and receive the email use for routing, and for providing other information about the message.  As a human, we do not see the headers unless we specifically look for them, ...

Continue Reading →
0

SANS: Phishing Exploits Are The Top Threat

The SANS institute released the results of  a new survey recently, and found that cybersecurity professionals ranked phishing as the number one exploit this year.  Phishing awareness training programs were seen by many as the best defense against phishing, spearphishing and whaling exploits.  Something that was new this year was the reporting of so-called “malware-less” exploits that use “the built-in features of the operating system to turn it against itself without downloading ...

Continue Reading →
0

How Web Addresses Are Spoofed

One of the tactics that I am seeing more often is the clever use of web address spoofing in the web sites and landing pages used in phishing emails.  This sort of spoofing has been used successfully even against people who have been training to detect phishing emails, and to check link destinations (using the hover trick) and double check web addresses in the browser address bar.

Here are some techniques that ...

Continue Reading →
0

How Web Addresses Work

Most of us have been using web addresses for years without really understanding how they work.  Today we are going to try to demystify the web address for you.  Web addresses are basically “rented” for a period of time from a Domain Name Registrar, and are part of the Domain Name System (DNS).  DNS changes the easy alphanumeric domain names we use into numerical IP addresses that computers and web servers ...

Continue Reading →
0

How Hard Is It To Become A Cyber-Criminal?

According to a recent article on Naked Security, not at all hard.  While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.

Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400.  And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically. ...

Continue Reading →
0

Email Account Hijacking – Part 4 Prevention and Dectection

Last week we went deep on the subject of just how bad losing control of your email account can be.  Today we are wrapping up the four-part series with solutions to help you prevent email account compromise from happening, how to detect if it has already happened to you, and how to recover if that is the case.

Prevention is the best solution.  Your email account is one of the crown jewels ...

Continue Reading →
0
Page 1 of 4 1234