Malicious Android Apps Steal Text Messages

Sophos Naked Security alerted us to two Android apps that are included in the Google Play Store as legitimate apps.  This makes these apps particularly dangerous, if you are following our advice to only install apps from legitimate sources.  Once installed, they download a plug-in that harvests your text messages and sends them to a web server.  Since the plug-in is downloaded after ...

Continue Reading →
0

Email Account Hijacking – Part 3 Extending the Exploit

On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker.  Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.

They have already proven that you are susceptible to phishing and other social engineering exploits.  So sending the victim other phishing emails that allow more access ...

Continue Reading →
0

What Can I Do With A Hijacked Email Account? Part 2

On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password.  Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.

I consider email account compromise to be one of the most personally harmful cyber-exploits.  When another person has access to your email ...

Continue Reading →
0

Speaking at 2017 ISSA International Conference

I am honored to be presenting at the 2017 ISSA International Conference, October 9-11 in San Diego, CA. This year’s theme is “Digital Danger Zone.” Please join me for networking, education, and fun.

I will be presenting “Shields Up for WordPress Web Sites and Blogs.”  This presentation covers the threat of website hijacking, what an attacker wants to do with your website, ...

Continue Reading →
0

Who Is The Real Inventor of Blockchain?

It is widely believed that Satoshi Nakamoto is the inventor of an encryption technique called “blockchain.”  I just read a new book by Sarah Westall titled “FIRST: Meet the Inventor of Blockchain” that credits Dr Kelce Wilson as the true inventor of blockchain, a concept he developed between 2000 and 2001 while serving in ...

Continue Reading →
0

Smartphones Need Security Too

When a smartphone is stolen, it is a disaster.  You have just given the keys to your online life, your email, social media accounts, and credit cards you have synced with an app.  If you have the new smart locks on your home or office, you also gave them literal keys, the ability to open those locks.  If you have live camera feeds ...

Continue Reading →
0

Latvian Cyber Crook Extradited for 2010 Star Tribune Malvertising Exploit

Back in February 2010, the Minneapolis StarTribune website was the victim of a malvertising exploit.  Visitors to the Strib website would download malware that caused the computer to become slow and malfunction.  Then a pop-up window would appear that advised the visitor that their computer was infected with malware, and the purchase of a $49.95 anti-malware product would solve the problem.  I remember working on the computers of several clients who ...

Continue Reading →
0

Ransomware is not Dead Yet

Toward the end of last year I made a pair of bold predictions.  The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place.  The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams.  I was only half right.

BEC exploits have increased, because the potential returns are so ...

Continue Reading →
0

FBI + Geek Squad = Illegal Search

When I was a self-employed computer repair professional, it used to drive me mad when I got called in on a repair AFTER the customer had taken the computer to the Geek Squad.  Their service could be highly variable, and often the original problem was not fixed.

The Geek Squad started as a great little local IT shop founded in Minneapolis by Robert Stephens, ...

Continue Reading →
0
Page 2 of 13 12345...»