Crystal Ball Gazing for 2017

This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post.  Guess which one this is?  I’ve been reading the pundits, and considering my own findings as a cybersecurity professional.  I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.

  • Continued issues with crypto-ransomware in 2017 ...
Continue Reading →
0

The Russians Are Coming!

Cybersecurity professionals are in agreement.  The Russians appear to have been actively engaged in influencing the outcome of our recent Presidential election.  Specifics include compromising and taking over Hilary Clinton’s chief of staff, John Podesta’s personal Gmail account.  This spear phishing exploit used a “near-miss” domain name of “accounts.googlemail.com”  to trick John into clicking on a link and and entering his email credentials.  The real domain name is accounts.google.com.

There was also ...

Continue Reading →
0

How Bogus Lottery Scams Work

The FBI recently reported on arrests of a number of lottery scammers in what they call “Operation Hard Copy.”  We do like to report when cyber-criminals are arrested, prosecuted, and jailed, because it shows that stopping cyber-crime is not impossible.  But it is almost always a multi-national, multi-jurisdictional undertaking that requires the cooperative efforts of law enforcement from several countries.

What I found most interesting was the way that this ...

Continue Reading →
0

Oops!

Yesterday I released a post before it was fully baked.  I publish 3 times a week, and generally I have articles written several weeks ahead, but my schedule has caught up with me, and I have nothing in the hopper.  I’ll have to get busy over the Christmas holiday weekend.

Please come back Friday for the complete article.

Continue Reading →
0

10 Tips To Secure Your New Christmas Devices

If Santa brings you a bunch of new electronic toys for Christmas, take an extra moment to secure them properly.  Many new devices will work fine straight out of the box, but this usually means they are set up with very insecure manufacturer defaults.  Here are our tips:

  • Default passwords – Always take a moment to replace the default user name and password (often just “admin” and “password”) with something more secure.  Passwords should ...
Continue Reading →
0

Facebook Searches Dark Web For Stolen Passwords

facebookThis actually is in the “good news” department.  The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites.  As we have discussed here many times, password reuse creates a serious security vulnerability.  If the cyber-crooks have your password for one site, they will try it on ...

Continue Reading →
0

Are ICS and SCADA Systems the Next IOT Disaster?

industrial-securityThere is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories.  We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.

We saw the kind of damage that an IoT botnet ...

Continue Reading →
0

You Just Got An Email From A Friend – But It Was A Phish

Email_thumb2One of the hardest types of phishing emails to defend against are those that come from the email account of a friend or trusted business associate, such as your dentist, lawyer, realtor.  The sender’s email address is not spoofed, because the malefactor has tricked them into providing their email address password.  The bad guys are actually logged into  your friend’s email account,  and now they are trying to do the same thing to ...

Continue Reading →
0
Page 1 of 23 12345...»