FBI Asks Ransomware Victims to Report Infections

ic3The rare Tuesday post.  I got an announcement from the FBI on Friday that I thought was important enough to share that I am squeezing into to my regular publishing schedule on what is typically an off-day. Anyway, now is your chance to stick it to the criminals who have been distributing Locky, CryptoWall, CryptoLocker and other ransomware exploits.  If you or your business has been victimized ...

Continue Reading →
0

What Is Your Data Worth?

penetration_test_436x270When you lose your login credentials to an online account, it can be devastating.  Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands.  So the bad guys took your user ID and password, or some other personal information.  Was it worth it?  There is an active resale market for this information, and ...

Continue Reading →
0

100 Things Facebook Knows About You

facebookI read about this on Naked Security, and popped over to the Washington Post to read the full story and list.  I knew this was happening, but it is freaky to see the entire list.  Facebook collects this information to deliver ads that are targeted at your interests and preferences.  If it seems that some of the ads that show up in your feed are weirdly right ...

Continue Reading →
0

Beware of Facebook Scams

facebookEverybody, it seems, is on Facebook, and the numbers back it up, with over 1 billion members worldwide.  So naturally, anytime you get a crowd of people this large, the cyber-criminals are going to be all over it.

Don’t even get me started with the oversharing of personal information.  Please stop telling me and the crooks that you will be out of town for a week on a Vegas vacation, and your ...

Continue Reading →
0

BEC – How Cyber-Attackers Can Rip Off Your Company

ic3We warned our readers about the FBI alert regarding the Business Email Compromise scam on July 6.  Cyber-criminals have successfully bilked US companies of over 3 billion dollars since January 2015.  Typically this exploit starts by the attacker gaining knowledge of the CEO’s or other highly placed executive’s user credentials to their email account.  This is most often done using a spearphishing email, but could also be ...

Continue Reading →
0

Spotting a Phish

Phishing HookPhishing is still the overwhelming go-to choice for cyber-criminals launching an attack.  Over 90% of computer system breaches start with a phishing email in an inbox.  Finding ways to unmask these impostors is a good first step are protecting yourself from a phishing exploit.  Let’s look at this first example, apparently from a law firm about a legal action.

 

green-winick Continue Reading →

0

NIST Nixes TFA Via SMS

NISTHoly acronyms Batman!  What the heck does this headline mean?  Well, the National Institute for Standards and Technology (NIST) has removed two-factor authentication (TFA) via short-messaging service (SMS) from the approved list of two-factor authentication methods.  The reason is that SMS is an unencrypted service, and the lack of encryption makes it too insecure for use in Federal authentication systems.  NIST is recommending that all ...

Continue Reading →
0

Changing Passwords Regularly May Be Insecure

password1Bruce Schneier had an interesting post where he attacked the commonplace practice of requiring regular password changes.  Usual corporate IT policies require changes every 90 days, and in some high security environments, more frequently than that.

The basic issue with frequent password changes is that humans will create a system that makes it easy to remember the next iteration of the password. ...

Continue Reading →
0

Recovering from Ransomware

teslacryptYou have trained your staff and improved your defenses.  In spite of your best efforts, you have an active case of crypto-malware running on a system in your business.  How do you recover?

Here are the steps to recovery:

  • Disconnect the affected system from the network by removing the Ethernet network cable connection or turning off the Wi-Fi connection.
  • Determine if the encryption process has completed.
    • If so, leave the system running, but disconnected from the ...
Continue Reading →
0
Page 46 of 61 «...2030404445464748...»