How Valuable Is Cybersecurity Training?

We are a big proponent of cybersecurity awareness training for your employees. Humans are always the weakest link in the cybersecurity chain, so enlisting your employees in the fight against cyber-attacks has to begin with some basic training, and ideally continue with periodic refreshers, and activities like phishing simulation exercises.

Today’s infographic is a guest post by security training firm Everycloud Technologies.

Continue Reading →

0

The Swiss Army Knife of Hacker-ware

Have you ever wondered just what an attacker can do once they gain access to your computer?  A 21 year old software coder is facing prison time for developing the ultimate Swiss Army knife of an “administrators'” tool-kit.  This tool was sold to over 6,000 people through an extensive affiliate marketing network.  Many of his customers were cyber-criminals who used ...

Continue Reading →
0

Botnet Targets Banks With Phishing Emails

Cyber-criminals are using a botnet to send phishing emails with the apparent purpose to test a new email attachment type.  Over the course of three weeks starting August 10th, this cyber-gang released seven different types of phishing emails to over 3,000 banks around the world.  They appear to be testing which of these several approaches is most successful at tricking recipients into opening the email attachment.

The attachment itself is also something different – Microsoft Excel Web Query files that use ...

Continue Reading →
0

Malware Remediation Comparison – Malwarebytes vs. Hitman Pro

Often, when I am dealing with a malware-infected computer, I find that the malware has compromised the currently installed anti-malware product, and simply scanning the computer with the installed software does not work.  When that happens, my go-to choice for malware remediation has been to download and install a copy of Malwarebytes, and run scans until the Malwarebytes reports the system is clean.

In the course of research for another article, ...

Continue Reading →
0

Inside Iran’s Operation Cleaver

While the US Cyber Command has been focusing on the Chinese, North Koreans, and the Russians, and their respective intrusions into the networks of US companies, energy utilities, our military, and government agencies, Iran has been creating a world-class cyber-ops unit of their own.  Details about what is being called “Operation Cleaver” has been released by security company Cylance.

The ...

Continue Reading →
1

Safe and Legal Places to Exercise Your Pen-Testing Foo

In our last post we looked at a great way to set up a pen-testing lab.  Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites.  Several have been provided by OWASP, and there are other contributors out there with multiple sites.  Here are a bunch of good ...

Continue Reading →
0

Tools for Pentration Testing

I have been fortunate to have had time to pursue a couple of information technology certifications recently.  I have added CompTIA’s Network+ and CASP (Certified Advanced Security Professional), and I am working on the brand new CompTIA Pentest+.  The certification is so new there are no text books yet, and the exam was just released on July 31.  I have been taking ...

Continue Reading →
1

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.


Malicious Cyber Activity Targeting ERP Applications

07/25/2018 07:55 AM EDT  Original release date: July 25, 2018

Digital ...

Continue Reading →
0

Replacing Passwords and Pins with Icons

We have discussed the sorry state of passwords in many recent articles.  There is an alternative to passwords and pins that may be coming to a smartphone near you.  It is called SemanticLock and it uses emoji-like icons to unlock your smartphone.

Most smartphones go unsecured mainly because most people find it difficult to enter a password using the on-screen keyboard.  4 to 6 digit numeric PINs are ...

Continue Reading →
0

Two Easy Ways To Breach Company Networks

Bad news – your small business network is easy for an attacker to access, and for most of you there are two or more exploitable attacker vectors.  A recent report from Positive Technologies analyzed the results of 22 penetration tests on companies from finance, transportation, retail, and even information technology.  All of the companies were breached with little difficulty.  The two easiest methods of unauthorized network access were not terribly surprising:  Wi-Fi networks, and company employees.

Continue Reading →
0
Page 49 of 106 «...2030404748495051...»