It’s April Fools Day, and in honor of those people who are still trading away safety for convenience when working with a computer or online, we have a short list of simple and basic security methods. If you are someone who provides “tech support” for a family member or are the “go-to” unofficial tech support in a small business, this is a good place to start.
This is simple stuff, but important, ...
Continue Reading →
Here’s a kick in the head. Your tax dollars at work in a way that may save you a bunch of money. The National Security Agency has voluntarily released a software reverse engineering tool called Ghidra at the RSA security conference. The NSA has been using this tool internally to take apart and analyze malicious code, and to find vulnerabilities in commercial software ...
If you are running a fleet of virtual machines using popular containerization solution Docker, you may be in for a nasty surprise. A couple of vulnerabilities have been discovered in Docker that has been exploited by cyber-criminals to run the Monero crypto-currency miner on affected Docker containers. This will of course have a serious impact on performance, and in an environment where billing is usage based, this will increase your costs.
Security ...
Continue Reading →
In 2015 and 2016 the winner was crypto-ransomware exploits. In 2017 and 2018 the most common exploit was Business Email Compromise, aka Email Account Hijacking (BEC/EAC). This is year is shaping up to be the year of the crypto-mining exploit.
Here are the crypto-mining malware programs that are the most prevalent:
I have developed some expertise around the area of WordPress security. One of my clients has a WordPress site under development, and recently the web designer changed the name of the login URL from https://clientsite.com/wp-admin to https://clientsite.com/A9u3ycGH37. Basically, the wp-admin page name had been replaced with random characters. I found out when I tried to log in using the usual URL. I wondered ...
Most victims of cyber-crime created the vulnerabilities that allowed their computer, network, email account, website, or other service get hijacked. In many cases, especially in the consumer or small business networking environments, they just don’t know what to do, or what to be looking for. But even in business network environments where IT professionals have been in charge of operations, decisions ...
Thank God this hasn’t happened here in the United States (yet). It is not for lack of trying by US law enforcement agencies, though. What am I talking about? Australia recently passed the controversial and totally STUPID anti-encryption law called Telecommunication & Other Legislation Amendment (Assistance & Access) Act of 2018 (TOLA).
TOLA is supposed to ...
Continue Reading →
Is it a USB cable or a Trojan horse? We have come to consider Trojan horses to be malicious software these days, and part of the virtual world, But the original Trojan Horse was a very physical device. And so is this stunning USB style Trojan.
Called the O.MG Cable by its creator, Mike Grover, whose online handle is MG, this device ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.From the Electric Frontier Foundation (EFF). Do you like what has happened to your cable and Internet service? In December 2017, the FCC voted to roll back the 2015 Open Internet Order, giving Internet service providers (ISPs) free reign to engage in unfair and discriminatory data practices. That decision ...
Continue Reading →
A VPN can provide a way to keep your location private by replacing the IP address of your ISP’s gateway router with an anonymous IP from the VPN provider’s pool. It will prevent your ISP, or Google and other websites from discovering your location, tracking your activity online, or saving your search history. The contents of your communications are changed from plaintext to ...