I was a guest on Sarah Westall’s web radio program, Business Game Changers. The YouTube video is below. It’s 53 minutes, so get a beverage, sit back and enjoy.
Continue Reading →
On Wednesday we discussed the importance of backing up your website as part of a larger cybersecurity strategy. Today we are going to look at feature considerations for you as you decide which backup plugin is right for you.
Personally, I have used both Backup WordPress and Updraft Plus, and I have been satisfied with both of them. When you search for backup plugins, ...Continue Reading →
Are you backing up your website? If your web server crashed, how quickly could you get your site back online? If your website is hijacked, compromised, or infected with a malicious download, how long would it take you to recover?
We have harped for years on the importance of backing up your data and files, and testing them to see if you can actually ...Continue Reading →
A new exploit that uses a PowerPoint feature that enables “mouse-over actions.” This feature allows a PowerPoint slide show to initiate activity without having to actually click on a link. Just hovering on a link is enough to advance to the next step. Since we have been teaching people for years to reveal a link destination by hovering over a link to show the top tip box, this exploit would take ...Continue Reading →
We have reported previously about Operation Hard Copy. This is from the US Department of Justice: The US Marshall’s Service arrested another member of the North Dakota lottery scam in Jamaica recently.
“United States Attorney Chris Myers announced today, that the U.S. Marshals Service, working with Jamaican law enforcement, has located and apprehended another man charged with participating in an international organized crime advance fee “lottery scam” which defrauded at least 90 mostly ...Continue Reading →
I am often asked to explain the difference between a security compliance audit, a vulnerability assessment, and a penetration test. These exercises do many of the same things, but to a different degree. A security compliance audit is like a 5K fun run, where a vulnerabilty assessment is more like a marathon. A penetration test is an iron man competition.
In the course of ...Continue Reading →
US-CERT sent an announcement on May 9th about new resources for small and medium size business owners and managers. Protecting Small Businesses can be found on the FTC website. It includes information about:
There are also helpful videos about:
Back on February 22nd, we discussed Facebook’s new Delegated Account Recovery feature. Basically, if you should for some reason forget your password to any account, or lose your two-factor authentication device (smartphone), and can no longer get into your account, Facebook will help you recover the account, as long as it is one that is enrolled with Facebook.
This is not the same thing as password managers like DashLane or LastPass, although ...Continue Reading →
Kali Linux – This is a pen-testers version of Linux that comes fully loaded with over a hundred testing applications. Kali can be installed in any old laptop you have laying around, installed as a virtual machine ...Continue Reading →
When starting an security assessment or penetration test with a new client, often the first step is information gathering or reconnaissance. Sure, you could just ask the client for the information you want, but where’s the fun in that? Here is a list of tools to use to find information that they may not know is publicly available.
Google hacking or Google “dorks” – Johnny Long literally wrote the book about Google ...Continue Reading →