WordPress JetPack Exploit Hijacks Websites for Tech-Support Scam

Bad actors are using compromised WordPress.com accounts and the popular Jetpack plugin to add a malicious plug-in of their own that turns compromised websites into a vehicle for perpetrating a fake tech support scam.  Attackers are using stolen user names and passwords from other breaches and trying these credentials on WordPress.com to find accounts.  They are even searching whois records for website domain names registered with the same email account as the stolen user name.

Continue Reading →
0

How to Block Malware on Small Business Networks

Most of the small business clients I work with do not have a huge budget for a cybersecurity program, and something like a managed security service program (MSSP) is beyond their reach.  They have money for a firewall, and endpoint security, but that is about it.  Sound like your business?  Then read  on.

There are eight simple, free or low-cost things that small business IT professionals or IT support providers can do ...

Continue Reading →
0

How I Got Your Password – Part 1

In our last post we looked at the frighteningly short amount of time that it takes to crack a typical password.  Today we will look at all the different password cracking methods that a clever attacker can use to compromise your password, and how to defend against these attacks.

Password cracking

There are several types of automated password attacks that can be combined to make the process quicker, or to configure for a certain type of password attack.

  • Dictionary attack – This is ...
Continue Reading →
0

Android Things Promises to Close IoT Security Holes

IoT or the Internet of Things has been to this point a seriously unsecured cluster-flop for the most part.  Millions of insecure devices are in our homes and businesses, and these devices may be eavesdropped, recording audio or video, performing a DDoS attack, or being leveraged as an easy access pivot point into your network for further exploitation

Thankfully, progress is being made in ...

Continue Reading →
0

The Role of the IC3 in Cybercrime Prosecution

If your business has been the victim of a cybersecurity incident, data breach, or other cybercrime, you may have had to decide whether to keep the incident to yourself, or report the crime to the police.  If you carry cyber insurance, reporting the crime is a requirement to file an insurance claim.  So you called the police and filed a report,  You may have been discouraged by the lack of enthusiasm ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


FBI Releases IC3 2017 Internet Crime Report

05/07/2018 08:30 PM EDT  Original release date: May 07, 2018

FBI has released the Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, which highlights scams trending online. The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and ...

Continue Reading →
0

How Secure Are Mobile Payment Apps Anyway?

The latest trend in the card payment universe are the mobile payment apps that let you use a smart watch or smartphone in place of a credit card.  Just how secure are these payment systems?  One of my regular readers, Eric Morley, owner of Big Frog Custom T-Shirts in Woodbury, MN, asked me that question via LinkedIn, and I thought it was a great idea for an article.  ...

Continue Reading →
0
Page 1 of 20 12345...»