SCADA Plus Smartphone Equals Insecure Utilities

What if cyber-criminals or enemy nations could take over the computer control systems that run electric utilities, water systems, or traffic control systems for traffic lights and commuter trains.  The effects could be disastrous.

We have written about these systems before.  These are known as SCADA (supervisory control and data acquisition) or ICS (industrial control systems).  One of the claims of the industries that use SCADA systems is that they are inherently ...

Continue Reading →
0

Typosquatting – When Domain Name Typing Errors Produce Unfortunate Results

Registering common misspellings of popular website domain names is a big business.  A recent study found that 80% of all possible one-character typographical variants of Facebook, Google, and Apple are registered.  Registering close misspellings of domain names is know as “typosquatting.”

Security company Sophos recently analysed all the possible one-letter variations of six popular websites, a whopping 2249 unique site names.  Of the 2249 possibilities, 67% or 1502 domain names were actually registered.  ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tax Identity Theft Awareness Week

File early or an impostor may get your refund.  Especially now that the Equifax credit trove is in the wild.

01/29/2018 08:27 AM EST  Original release date: January 29, 2018

Tax Identity Theft Awareness Week is January ...

Continue Reading →
0

Do You Accept Credit Cards? How Credit Card Breaches Happen

If your business accepts credit cards for payment, then your a subject to the regulations of the Payment Card Industry.  This is known as PCI-DSS Compliance.  PCI compliance company Security Metrics recently released an infographic that shows the main compliance failures that lead to credit card breaches in 2017.  Here are some of the startling take-aways:

  • Businesses that took credit ...
Continue Reading →
0

Phishing Sites Using HTTPS Too

When you see the secure HTTPS protocol at the beginning of a web address, or see the green “secure site” padlock symbol, does this mean that the site is safe?  Unfortunately, the answer is NO.  There is some confusion among computer users about what HTTPS really means.  This confusion is being exploited by cyber-criminals running phishing exploits.

HTTPS or secure hypertext ...

Continue Reading →
0

How Email Accounts Are Hijacked

The most devastating exploit that can happen to you is to have your email account hijacked.  We have spilled a lot of pixels on this subject (see below).  The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.

Google recently released a study that analyzed how Gmail accounts are hijacked.  If you have an Android smartphone, you have a ...

Continue Reading →
0

The End of Passwords?

Every year some pundit declares that the password will soon be dead.  I have been proclaiming for several years now that the password, by itself, is no longer a suitably strong form of security, and have been a champion for two-factor authentication.

Microsoft has recently stated that their Windows Hello facial recognition system is a suitable replacement for passwords.  Windows Hello ...

Continue Reading →
0

Congress Acts To Secure Electronic Voting Machines

As long as we are on the subject of election rigging and tampering, it is notable that Congress has finally weighed in on the subject of insecure and hackable electronic voting machines.  According to a recent TechDirt article, “A new bipartisan bill has been introduced, called the Secure Elections Act, that would actually ...

Continue Reading →
0

Spy vs. Spy vs. Spy – What Countries Are Using Cyber-Espionage Tactics?

The press has been relentless lately in its coverage of Russian cyber-espionage and disinformation campaigns on Facebook and other social networks prior to the last US Presidential campaign.  But is Russia the first to engage in election rigging on this sort?  Hardly.  We thought that looking at the state of cyber-espionage as a tactic in international relations might be interesting, and we were right.  It turns out that cyber-espionage is ...

Continue Reading →
0

What the Heck is a Watering Hole Attack?

We’ve all seen this on National Geographic.  A lion, tiger, or other top predator hides near a water hole and waits for some sort of four-legged lunch to stop by for a drink.  Cyber-criminals and other attackers are using a similar technique to download and install malware from niche or industry specific websites to computer systems at targeted businesses.  Here’s ...

Continue Reading →
0
Page 59 of 107 «...3040505758596061...»