If you are running a WordPress site, please be aware that the popular site builder and blogging platform is a popular target of cyber-criminals. This is due to it’s popularity as a do-it-yourself design tool, and it’s ubiquity (about 20% of Internet sites are coded in WordPress), and the fact that many WordPress site managers do a poor job of keeping the ...
I’ve been hearing stories about baby cams, nanny cams, laptop cams, computer cams, and inexpensive home security cameras that have been hijacked due to poor or non-existent security setting, and set up for viewing on the camera feed aggregation site www.insecam.org. These feeds are not just nurseries, but bedrooms, living rooms, and a variety of exterior locations. These feds also display GPS coordinates, which makes it trivial to find the exact location of the feed source. See an ...
Continue Reading →As the age of password authentication falls to newer and faster password cracking hardware, software, and list building tools, technologists have been looking at other authentication methods. Many of these techniques we have covered here: two-factor authentication (2FA), secure key, smartphone authentication apps, Google’s USB security dongle, fingerprint readers, and other biometrics.
Recently, Samsung, together with SRI, have started working on an iris recognition authentication methodology called IOM or “Iris On the Move.” The human iris, the colored part of the eye, ...
Continue Reading →Modern cyber criminals are using more sophisticated blended attacks to achieve some pretty spectacular monetary hauls. The Dyre Wolf malware exploits is currently be combined with a spear-phishing approach, a telephone based social engineering middle, and a distributed denial of service (DDOS) attack on the back end to access corporate bank accounts and wire transfer large sums of money. Originally uncovered by IBM’s security team in 2014, this exploit had netted on cyber-crime group over $1 million dollars. The IBM ...
Continue Reading →CryptoLocker and CryptoWall are largely defunct now, but there are new strains of encryption malware at large on the Internet. If you fall victim to any of the new ransomware exploits such as Teslacrypt or Ophionlocker, there is bad news, and there is OK news, and there may be good news.
The bad news is that once the encryption malware has finished encrypting all of your personal files in the Documents, Pictures, Music, and Video folders and other stuff in your User ...
Continue Reading →
A “bot-net” is a robot network comprised of hundreds, thousands, or even millions of “zombie hosts,” as computers that are infected with bot malware are called. Botnets are created by a type of professional cyber-criminal known as a “bot-herder,” and generally rented out to other criminals for sending millions of spam messages daily, running huge parallel processing tasks such as password cracking operation, or used by extortionists, hacktivists, and government ...
Minnesota’s new smartphone “kill switch” law takes effect on July 1, 2015. It requires that all smartphones sold in Minnesota come with a preinstalled kill switch or a free app which provides the same function. A similar law in California takes effect on the same date, but requires all phones come with the app preinstalled. Federal legislation has been proposed, but so ...
Are you using a D-Link wireless router in your home or business, D-Link has released a firmware upgrade for several popular router models to fix a security vulnerability that would allow remote access and DNS spoofing. By changing the DNS settings on a router, an attacker can forward your traffic to a proxy server where your communications could be monitored for useful content, as well as redirecting your to malware-laden ...
I was reading an article on Sophos about the Anthem Healthcare breach, and putting this information together with some other articles I have read recently, and this question came to mind: what personal information is the worst to lose? In the Anthem breach, people lost information that included their “names, dates of birth, member ID/social security numbers, addresses, phone numbers, ...
Is it time to change your password? Now that security researcher Alex Holden, of Hold Security in Milwaukee has uncovered a huge trove of stolen user credentials on the Dark Net, you might as well assume that yours are in this mammoth collection.
Alex Holden was born in the Ukraine, and his current surname is not the one he was given at birth. But he discovered that Russian cyber-criminals had gathered 542 million email addresses and 1.2 billion unique email and ...
Continue Reading →