Mirai and Bashlight Show the Power of IOT Botnets

mirai-botnetI was tempted to post this article late in October, when Brian Krebs suffered with the DDoS attack on his website, or when the Mirai botnet attack on DynDNS was in full swing, but decided to wait it out until after the election, in case it turns out that the Dyn attack was a precursor to an attack to disrupt the elections.  And as of today, it appears that it was not.

Up ...

Continue Reading →
0

Call Center in India Busted for IRS Collection Fraud

irs-logoNaked Security recently reported on the raid on a call center outside of Mumbai India that was engaged in defrauding US taxpayers of over $15 million dollars by pretending to be IRS collection agents.  70 people were arrested and over 600 call center operators remain under investigation.  While this is good news, this scam was very successful and is likely to pop up again.  We are reporting on it here ...

Continue Reading →
0

NIST Offers Cybersecurity Assessment Tool

NISTNIST has created a self assessment tool for companies and organization who are working through the NIST Cyber Security Framework (NIST-CSF).  This tool is called the Baldridge Cybersecurity Excellence Bulder and is designed to help companies implement the principles of the CSF.

According to NIST, organizations can use the Baldrige Cybersecurity Excellence Builder to:

  • Identify cybersecurity-related activities that are critical to business strategy ...
Continue Reading →
0

FTC Issues Alert for Rental Car Users

DHSBack on August 31 I received an email from the Department of Homeland Security about a set of FTC recommendations for people using rental cars.  I have experienced this issue myself.  Basically, it is simple and relatively convenient to connect a smartphone to the smart vehicle’s infotainment system in order to enjoy hands free phone calls, stored musical tracks, and the phone’s navigation application.  The problem is that the car ...

Continue Reading →
0

National Cyber Security Awareness Month

US-CERTOctober is National Cyber Security Awareness Month.  This was released by US-CERT, and I thought it was worth posting.

“October is National Cyber Security Awareness Month, which is an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance (NCSA) has released the first in a series of tips focused on helping people protect their online activities and increasing ...

Continue Reading →
0

Use Linux Tails for Privacy

Linux-TailsYou don’t need to be a journalist, freedom fighter, or living under an oppressive political regime to have the desire for some online privacy.  Maybe you are trying to put the contents of your life back into the Pandora’s box you opened when you signed up on Facebook.  Maybe you would like a little privacy in your online life.

Linux Tails is an ...

Continue Reading →
0

Mobile Security Tips

smartphone-securityAs we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important.  Smartphones, tablets, wearable tech,  and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off.  When these devices are stolen, you lose much more than the hardware.  Every bit of information on the device is up for grabs too, from contact lists, personal information, mobile ...

Continue Reading →
0

What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and some ...

Continue Reading →
0

BEC – How Cyber-Attackers Can Rip Off Your Company

ic3We warned our readers about the FBI alert regarding the Business Email Compromise scam on July 6.  Cyber-criminals have successfully bilked US companies of over 3 billion dollars since January 2015.  Typically this exploit starts by the attacker gaining knowledge of the CEO’s or other highly placed executive’s user credentials to their email account.  This is most often done using a spearphishing email, but could also be accomplished ...

Continue Reading →
0

Recovering from Ransomware

teslacryptYou have trained your staff and improved your defenses.  In spite of your best efforts, you have an active case of crypto-malware running on a system in your business.  How do you recover?

Here are the steps to recovery:

  • Disconnect the affected system from the network by removing the Ethernet network cable connection or turning off the Wi-Fi connection.
  • Determine if the encryption process has completed.
    • If so, leave the system running, but disconnected from the network. ...
Continue Reading →
0
Page 4 of 9 «...23456...»