Lateral Phishing – A New Threat to Business Email

Phishing is getting better and harder to detect.  One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers.  These phishing emails from trusted sources are used to hijack other email accounts in the same company.  This techniques ...

Continue Reading →
0

Don’t Get Emotional!

Social engineers have many tricks up their sleeves, and we have covered many of them in previous articles.  The biggest trick is phishing emails, of course, coupled with replica landing pages on hijacked websites.  Other methods include phone calls, such as fake tech support calls.  There are texting hoaxes, called smishing.  There are fake, cloned, or hijacked Facebook, LinkedIn, Twitter, and Instagram account ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Programmer from hell plants logic bombs to guarantee future work

At some dark moment, have you ever wondered: what if the programmers are adding the bugs deliberately?


Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug:  Yubico is recalling a line of security keys used by the U.S. government due to ...

Continue Reading →
0

Remote Desktop Protocol is Still a Top Attack Vector

Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network..  Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and compromising ...

Continue Reading →
0

Hash and Salt – A Recipe for Password Security

I love hash, especially corned beef hash, with a little salt.  Maybe a couple of poached or over-easy eggs perched on top.  Wait!  This is not a foodie blog!  That’s not what I am writing about today.  As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.

If your password has been extracted from a web ...

Continue Reading →
0

Guest Post – Evolution of Phishing: Spear Phishing and Whaling Scams Explained

Due to the high-profile cases of cybercrime in recent years, including the Facebook-Cambridge Analytica scandal back in 2018, the Equifax data breach in 2017, and the Russian interference with the US presidential election in 2016, cybersecurity is now a top priority for businesses, institutions, and individuals alike.

In order to implement effective countermeasures against cyber attacks, one has to have ...

Continue Reading →
0

The Internet Is Not Killing Newspapers – They are Killing Themselves

The newspaper industry has been blaming the Internet for its immanent and perhaps inevitable demise for decades.  Let’s forget the convenient facts like paywalls don’t work because I can get the information elsewhere for free.  Or that the subscription price of a newspaper I buy at the store or have delivered to my door covers the cost of physical delivery of the physical ...

Continue Reading →
0

Guest Post – What Map Apps Track (and How to Get Them to Stop) – Part 2

A lot of very specific location information is being collected about you, me, and every other smartphone user.  The image at left shows everywhere I have been in the last four years, courtesy of Google location services.  If you would like to find out what is being collected about you, and how to make it stop, the last article and this article will ...

Continue Reading →
0
Page 3 of 74 12345...»