OpenDNS Umbrella – Web Filtering and Security for SMBs

OpenDNSA great product for quickly and easily adding web site filtering to your organization is OpenDNS Umbrella.  OpenDNS was recently purchased by Cisco Systems.  OpenDNS is another featured security product that is part of the Managed Services program here at CIT.

The way OpenDNS works is that all of your traffic to and from the Internet is run through the proxy server cloud at OpenDNS.  In addition to protecting your organization ...

Continue Reading →
0

Phishing and Spearphishing – Don’t Take The Bait!

Phishing HookHere’s a provocative statement:  If you could just prevent your staff for clicking on links or opening attachments in phishing emails, 95% of your cybersecurity problems would be prevented.

As perimeter defenses and anti-malware software products have become more effective, cyber-attackers have turned to the phishing email approach as their number one favorite method for acquiring user names and passwords or gaining unauthorized access to computers on your network.   The spearphishing ...

Continue Reading →
0

Scary Disguises Hide Malware Too

goblinIt’s Halloween tomorrow, the traditional time when we dress up in scary or not-so scary costumes to disguise our identity and trick our friends and family.  It’s good to remember that malware often uses disguises to trick us into committing an action that releases the attack.  What follows are my scary Halloween stories.

  • Social Engineering – In this exploit the attacker may present themselves in person, over the phone, or by email, ...
Continue Reading →
0

How To Catch a Phish

No-PhishingThe number one method used by cyber-criminals to infect your PC with malware is the phishing email. Today we will show you how to check out suspicious emails yourself.   These cleverly designed emails encourage you to open an attachment or click on and website link in order to download and install their malicious applications and exploits.  I recently received the email below, and as an exercise, checked it out on ...

Continue Reading →
0

Why Defense Doesn’t Work

Now that football season has started, there will be a lot of discussion about why great defenses don’t win football games.  Defense is not enough in the realm of cybersecurity, either.  I recently attended a webinar put on by The Open Web Application Security Project (OWASP) featuring Mike Benkovich (@mbenko) that discussed this concept as it applied to the DevSecOps (or SecDevOps) or the secure development of web applications.  It is not enough to write code that works, it also ...

Continue Reading →
0

Weakest Cybersecurity Link – It’s Your Staff

coworkersAll the expensive high-tech cybersecurity goodies cannot prevent someone in your employ from clicking a malicious link in an email and opening a gateway to further network exploitation.  That is the findings of ProofPoint in The Human Factor Report 2015.  The discouraging point for those of us who advocate employee training as an important part of an overall cybersecurity strategy is that in spite of training, people are still more likely ...

Continue Reading →
0

Dyre Wolf Banking Malware Poses Threat To Your Bank Balance

Modern cyber criminals are using more sophisticated blended attacks to achieve some pretty spectacular monetary hauls.  The Dyre Wolf malware exploits is currently be combined with a spear-phishing approach, a telephone based social engineering middle, and a distributed denial of service (DDOS) attack on the back end to access corporate bank accounts and wire transfer large sums of money.  Originally uncovered by IBM’s security team in 2014, this exploit had netted on cyber-crime group over $1 million dollars.  The IBM ...

Continue Reading →
0

US Announces It’s Game Over For Zeus Kingpin

Bogachev Wanted posterThe Gameover Zeus and related Neverquest banking Trojan exploits are one of the most truly frightening security nightmares facing small businesses and individuals.  These exploits allow a remote attacker to join you on an online banking session, and then transfer funds from your account after you thought the session was over.

The US State Department has place a $3 million bounty on the head of Evgeniy Mikhailovich Bogachev, The criminal mastermind behind the Gameover ...

Continue Reading →
0

Drive-By Trojan Downloader Compromises Security

One of my collegues sent a link to a BBC article about the Sinowal Trojan horse , which is also known as Torpig and Mebroot. This trojan installs itself on victims’ computers when they simply visit certain web sites, and collects banking and credit card information and reports back to the what appear to be eastern European and Russian criminal gangs, such as the Russin Business Network. Links to the article are here.

Your best form of protection ...

Continue Reading →
0
Page 3 of 3 123