A recent article from Naked Security said that people ignore legitimate security warnings on their computer a whopping 87% of the time. But on the flip side, I know from experience that a good percentage of people will fall for a pop-up of the fake tech support variety all too often. What is going on here?
What seems to be the consensus is that people are overwhelmed by the number of ...
Continue Reading →
The rare Tuesday post. I got an announcement from the FBI on Friday that I thought was important enough to share that I am squeezing into to my regular publishing schedule on what is typically an off-day. Anyway, now is your chance to stick it to the criminals who have been distributing Locky, CryptoWall, CryptoLocker and other ransomware exploits. If you or your business has been victimized ...
When you lose your login credentials to an online account, it can be devastating. Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands. So the bad guys took your user ID and password, or some other personal information. Was it worth it? There is an active resale market for this information, and ...
I read about this on Naked Security, and popped over to the Washington Post to read the full story and list. I knew this was happening, but it is freaky to see the entire list. Facebook collects this information to deliver ads that are targeted at your interests and preferences. If it seems that some of the ads that show up in your feed are weirdly right ...
Everybody, it seems, is on Facebook, and the numbers back it up, with over 1 billion members worldwide. So naturally, anytime you get a crowd of people this large, the cyber-criminals are going to be all over it.
Don’t even get me started with the oversharing of personal information. Please stop telling me and the crooks that you will be out of town for a week on a Vegas vacation, and your ...
Continue Reading →We warned our readers about the FBI alert regarding the Business Email Compromise scam on July 6. Cyber-criminals have successfully bilked US companies of over 3 billion dollars since January 2015. Typically this exploit starts by the attacker gaining knowledge of the CEO’s or other highly placed executive’s user credentials to their email account. This is most often done using a spearphishing email, but could also be ...
Phishing is still the overwhelming go-to choice for cyber-criminals launching an attack. Over 90% of computer system breaches start with a phishing email in an inbox. Finding ways to unmask these impostors is a good first step are protecting yourself from a phishing exploit. Let’s look at this first example, apparently from a law firm about a legal action.
Continue Reading →
Holy acronyms Batman! What the heck does this headline mean? Well, the National Institute for Standards and Technology (NIST) has removed two-factor authentication (TFA) via short-messaging service (SMS) from the approved list of two-factor authentication methods. The reason is that SMS is an unencrypted service, and the lack of encryption makes it too insecure for use in Federal authentication systems. NIST is recommending that all ...
Bruce Schneier had an interesting post where he attacked the commonplace practice of requiring regular password changes. Usual corporate IT policies require changes every 90 days, and in some high security environments, more frequently than that.
The basic issue with frequent password changes is that humans will create a system that makes it easy to remember the next iteration of the password. ...
Continue Reading →
You have trained your staff and improved your defenses. In spite of your best efforts, you have an active case of crypto-malware running on a system in your business. How do you recover?
Here are the steps to recovery: