Phishing is getting better and harder to detect. One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers. These phishing emails from trusted sources are used to hijack other email accounts in the same company. This techniques ...
Social engineers have many tricks up their sleeves, and we have covered many of them in previous articles. The biggest trick is phishing emails, of course, coupled with replica landing pages on hijacked websites. Other methods include phone calls, such as fake tech support calls. There are texting hoaxes, called smishing. There are fake, cloned, or hijacked Facebook, LinkedIn, Twitter, and Instagram account ...
A quick Saturday digest of cybersecurity news articles from other sources.At some dark moment, have you ever wondered: what if the programmers are adding the bugs deliberately?
Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to ...
Continue Reading →
Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network.. Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and compromising ...
I love hash, especially corned beef hash, with a little salt. Maybe a couple of poached or over-easy eggs perched on top. Wait! This is not a foodie blog! That’s not what I am writing about today. As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.
If your password has been extracted from a web ...
Continue Reading →
It starts with a text message from a friend or family member. Have you set up a new account on Facebook? Or someone who is already a friend on your social networks asks why you are looking to “friend” them or connect with them again? You quickly check your account, everything seems normal, but you change your password anyway. ...
Due to the high-profile cases of cybercrime in recent years, including the Facebook-Cambridge Analytica scandal back in 2018, the Equifax data breach in 2017, and the Russian interference with the US presidential election in 2016, cybersecurity is now a top priority for businesses, institutions, and individuals alike.
In order to implement effective countermeasures against cyber attacks, one has to have ...
Continue Reading →
The newspaper industry has been blaming the Internet for its immanent and perhaps inevitable demise for decades. Let’s forget the convenient facts like paywalls don’t work because I can get the information elsewhere for free. Or that the subscription price of a newspaper I buy at the store or have delivered to my door covers the cost of physical delivery of the physical ...
A lot of very specific location information is being collected about you, me, and every other smartphone user. The image at left shows everywhere I have been in the last four years, courtesy of Google location services. If you would like to find out what is being collected about you, and how to make it stop, the last article and this article will ...
