The Aftermath of Apple vs. The FBI

applelogoAs we all know, Apple refused to assist the FBI in cracking the iPhone 5c of the San Bernardino “terrorist” killers. The FBI took Apple to court.  Then the FBI dropped the case after successfully hacking the phone.  Then they successfully hacked another phone in a different case in New York.  Information appeared linking Israeli mobile security firm Cellebrite to the successful breach of ...

Continue Reading →
0

What Happens When Your Website Gets Hijacked part 2

The fine people at WordFence Security have also recently published information on what happens when web sites get hijacked.  They gathered this information by surveying their client and blog readers.  The results are in the infographic below.

what_attackers_do_to_wordpress_sites-1024x573

Taking a site down or site defacement makes up 25% of the malicious actions, which I found surprising.  The other items on the list ...

Continue Reading →
0

Millions of Insecure Devices Share The Same Keys

keySo how would it be if you found out that the key to your house also worked at your neighbor’s house.  What if it turned out the builder in your subdivision used the exact same lock on every house they built, and your key could get you into every house in your neighborhood?

This is essentially the situation that security researchers at SEC Consult discovered with a host of Internet connected ...

Continue Reading →
0

No Fooling – How to Secure WordPress

WordPresslogoI know it’s April Fool’s Day, but this is a straight up serious post.  If you own, operate, host, support, or develop WordPress sites, this article is for you.

We have written a few articles covering the subject of WordPress security.  I recently received an email from John Stevens over at HostingFacts.com, inviting me to review their excellent tutorial, 28 Ways ...

Continue Reading →
0

Watch Out For HawkEye

hawkeyeWe haven’t seen macro viruses for a while, but they are back. HawkEye a new variant of the resurgent use of unpatched vulnerabilities in Microsoft Word and other office documents.   Using macros, written in Visual Basic, attackers are using Word document attachments to run code on victim computers.

Last week we wrote about the Locky ransomware exploit that encrypts your data ...

Continue Reading →
0

WordPress Security Learning Center

WordPresslogoLast Friday we dove down the WordPress Security bunny hole to chase the Aethera botnet and the other attack platform that WordFence reported.  Today we are looking a their new WordPress Security Learning Center.

If you are a developer or security professional, you should check this site out, and take the time to fit the classes into your schedule.  If you are interested ...

Continue Reading →
0

Why The Government Can’t Be Trusted with Back Doors

backdoorHow would you feel if, in order to gain access to a known terrorist’s house, the government passed a law that required every lock manufacturer to create a master key that would unlock every locked door anywhere?  What if the police promised that they would only use the key on the one house?  What if they promised to keep the key safe and secure so it could never get into the hands ...

Continue Reading →
0

OpenDNS Umbrella – Web Filtering and Security for SMBs

OpenDNSA great product for quickly and easily adding web site filtering to your organization is OpenDNS Umbrella.  OpenDNS was recently purchased by Cisco Systems.  OpenDNS is another featured security product that is part of the Managed Services program here at CIT.

The way OpenDNS works is that all of your traffic to and from the Internet is run through the proxy server cloud at OpenDNS.  In addition to protecting your organization ...

Continue Reading →
0

If Only We Could Block Traffic From the Dark Web…

penetration_testTry to imagine how much bad stuff we could keep off our computers and networks if we could figure out a way to filter incoming traffic from the Dark Web.  Well maybe we can.

First, my apology in advance to my non-technical followers, this article may be a bit high level for the average user.

A post in Spiceworks from “Born2Frag”  goes ...

Continue Reading →
0

What Is Social Engineering?

social-engineeringThis should really be called “anti-social” engineering.  A good definition is “social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.”

My article on Wednesday will give an example of phone based social engineering – the fake tech support call. ...

Continue Reading →
0
Page 18 of 21 «...101617181920...»