Why The Bad Guys Love Ransomware

Crypto-ransomware continues to be one of the most popular money making exploits for cyber criminals.  The reason for this is simple; its works, and the return on investment is quite high.  According to a recent article in Naked Security, the score will reach $1 billion in 2017.

A poll by the IBM company found that nearly 50% of the businesses polled had been hit by ransomware, and of those 70% paid ...

Continue Reading →
0

Netgear Routers Will Need Firmware Update.

If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection.  This is a security bug that could allow a remote attacker to access your router.  This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.

Vulnerabilities such as this one ...

Continue Reading →
1

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

Password Policy Improvements

password2On Monday we attacked the utility of current password policies and standards.  Today we will offer up an array of improvements.

To be truly effective from a security perspective, password policies need to be designed to withstand both online and offline password cracking methods. We discussed offline methods in our post last month, so we will not do more than recap them here. ...

Continue Reading →
0

Current Password Policies Don’t Work

good-passwordMost corporate password policies are a waste off time and do not add anything extra to providing secure authentication.  Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.)  But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on Continue Reading →

0

Cybersecurity Top 10

cybersecurity_436x270As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short.  This was the year, you promised yourself, that we get a handle on computer and network security.

Well it is not too late to get a start, and here is a short ...

Continue Reading →
0

Fixing Your Infected IoT Devices

mirai-botnetThe Mirai and Bashlight botnets have caused quite a stir in the cybersecurity and IT realms.  The easy ability to round up and deploy millions of devices in a botnet using automated tools has raised the bar.  How we respond to DDoS attacks will have to change.

Nevertheless, you can remove your IoT devices from the bot-net and keep them from being reacquired.  Here are some easy solutions:

First, as clever as these exploits ...

Continue Reading →
0

Mirai and Bashlight Show the Power of IOT Botnets

mirai-botnetI was tempted to post this article late in October, when Brian Krebs suffered with the DDoS attack on his website, or when the Mirai botnet attack on DynDNS was in full swing, but decided to wait it out until after the election, in case it turns out that the Dyn attack was a precursor to an attack to disrupt the elections.  And as of today, it appears that it was not.

Up ...

Continue Reading →
0

Call Center in India Busted for IRS Collection Fraud

irs-logoNaked Security recently reported on the raid on a call center outside of Mumbai India that was engaged in defrauding US taxpayers of over $15 million dollars by pretending to be IRS collection agents.  70 people were arrested and over 600 call center operators remain under investigation.  While this is good news, this scam was very successful and is likely to pop up again.  We are reporting on it here ...

Continue Reading →
0
Page 4 of 9 «...23456...»