Creating and remembering strong (long) passwords is a chore, and leads to poor security practices such as shorter passwords, reuse of passwords, and writing down passwords in a password list or book that could be stolen. The best way to create strong passwords and store them for use is a password manager.
The easiest password managers are found in popular web browsers such as Chrome, Firefox, and Edge. Safari uses the Apple ...
Continue Reading →
The first week of October was the start of National Cyber Security Awareness Month (NCSAM) but brought us news of new crypto-ransomware attacks against hospital systems in Alabama (USA), and Victoria, Austrailia. It appears that in both cases the hospital systems are wotking with federal cyber incident response teams to mitigate and recover, and ...
A quick Saturday digest of cybersecurity news articles from other sources.Original release date: October 4, 2019
The Microsoft Threat Intelligence Center (MSTIC) has released a blog post describing an increase in malicious cyber activity from the Iranian group known as Phosphorus. These threat actors are exploiting password reset or account recovery features to take control of targeted email accounts.
In a ...
Continue Reading →
A recent report says that 75% of corporate executives believe what 100% of cybersecurity professionals know: phishing emails represent the greatest cyber-threat to business computer systems and networks. Humans are still the weakest link in the cybersecurity chain. Cybersecurity awareness training and simulated phishing testing is seen as the most effective way to improve detection and avoidance in employees. To be truly effective training frequency should happen quarterly, but often ...
When I am speaking or training, and the subject turns to penetration testing, I make certain to explain to the class or audience that nearly everything a pen-tester does violates federal laws. For starters, there is the Computer Fraud and Abuse Act. There are many other computer laws at both the federal and state levels.
Penetration testing takes a vulnerability assessment to the ...
Continue Reading →
One of my clients was the victim of a cyber-crime, and I reported it to the FBI’s Internet Crime Complaint Center. Today I will discuss how the process worked.
My client called me to help her after someone posing as her intercepted a payment on an invoice that she sent to one of her customers. The way this worked is that some time in the past, her business email account had ...
Continue Reading →
Found this on Pinterest. Did you know that defragmenting a hard drive or HDD ( the old spinning magnetic platter kind) is not necessary? The newer Windows operating systems since Windows 7 do that automatically in the background when your computer is on but inactive.
And defragging a SSD or solid state drive DAMAGES the flash memory chips. So just ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There’s now an app that can detect them:
The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana ...
Continue Reading →
The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack. Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad. Passwords ...
