The title may see a little harsh, but a recent survey according to Keeper Security’s 2019 SMB Cyberthreat Study is that 66% of SMB business leaders do not believe they will be victimized by at cyber-attack. That’s two out of three business owners. I would love to say I’m shocked, but my experience with my own clientele would confirm it.
According to the Poneman ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Original release date: August 23, 2019
The Internal Revenue Service (IRS) has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details ...
Continue Reading →
Paul Calder Le Roux, a brilliant South African software programmer who ran the most successful and largely legal opioid marketing networks called RX Limited, and morphed into running a huge illegal international drugs and arms dealing empire that has ever been seen. Since his arrest in 2012, he has been spending time in the custody of the DEA, ...
One of the more difficult cybersecurity concepts to understand is Public Key Encryption and how public keys, private keys, symmetrical encryption and asymmetrical encryption all work together. This infographic I found on Facebook does and excellent job explaining how this works.
Hot on the heals on each other, Equifax and Facebook have each settled for large fines in unrelated privacy and data breach cases. All I can say is “about time” and “is that all?”
The FTC has fined Facebook $5 billion for data misuse and other issues related to Cambridge Analytica, the European GDPR, the last US Presidential Elections, and the Brexit campaign. ...
Continue Reading →
First I must confess that I am a huge Capital One fan. As far as I am concerned, they do it right. Good alerting system, great customer service, heck, great products.
So I was a bit dismayed to hear they were the latest victim of a data breach. But as the details were released, it seems the attack was an insider job, and ...
Continue Reading →
Phishing is getting better and harder to detect. One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers. These phishing emails from trusted sources are used to hijack other email accounts in the same company. This ...
From SysAdminDay.com
Your network is secure, your computer is up and running, and your printer is jam-free. Why? Because you’ve got an awesome sysadmin (or maybe a whole IT department) keeping your business up and running. So say IT loud; say IT proud …
Wait… what exactly is SysAdmin Day? Oh, it’s only the single greatest 24 hours on the planet… and pretty much the most ...
Continue Reading →
Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network.. Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and ...
I love hash, especially corned beef hash, with a little salt. Maybe a couple of poached or over-easy eggs perched on top. Wait! This is not a foodie blog! That’s not what I am writing about today. As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.
If your password has been extracted from a ...
Continue Reading →