Cybersecurity Tips for the Holidays

cyber-mondayWe have Black Friday coming at the end of this week, and Cyber Monday next week.  A lot of money will be changing hands between now and Christmas.  We want to make sure that you are not a victim of some cyber-criminal’s Merry Christmas purchases with your money.  A safe and secure shopping experience both online and in person can be yours if you follow some simple tips:

  • Make sure your computer is ...
Continue Reading →
0

Cybersecurity Top 10

cybersecurity_436x270As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short.  This was the year, you promised yourself, that we get a handle on computer and network security.

Well it is not too late to get a start, and here is a ...

Continue Reading →
0

Fixing Your Infected IoT Devices

mirai-botnetThe Mirai and Bashlight botnets have caused quite a stir in the cybersecurity and IT realms.  The easy ability to round up and deploy millions of devices in a botnet using automated tools has raised the bar.  How we respond to DDoS attacks will have to change.

Nevertheless, you can remove your IoT devices from the bot-net and keep them from being reacquired.  Here are some easy solutions:

First, as clever as these ...

Continue Reading →
0

Fake Blue Screen Prompts Phone Call

fake-bsodNaked Security recently reported on a new ransomware exploit that looks like the infamous Windows Blue Screen of Death (BSOD).  The tactic this time is to trick you into calling a toll-free number for “support.”  This is another variation of the “Fake Tech Support” scam that we have written about numerous times.

The lock screen feature is similar ...

Continue Reading →
0

Mirai and Bashlight Show the Power of IOT Botnets

mirai-botnetI was tempted to post this article late in October, when Brian Krebs suffered with the DDoS attack on his website, or when the Mirai botnet attack on DynDNS was in full swing, but decided to wait it out until after the election, in case it turns out that the Dyn attack was a precursor to an attack to disrupt the elections.  And as of today, it appears that it was ...

Continue Reading →
0

Call Center in India Busted for IRS Collection Fraud

irs-logoNaked Security recently reported on the raid on a call center outside of Mumbai India that was engaged in defrauding US taxpayers of over $15 million dollars by pretending to be IRS collection agents.  70 people were arrested and over 600 call center operators remain under investigation.  While this is good news, this scam was very successful and is likely to pop up again.  We are reporting on it ...

Continue Reading →
0

CIS Controls Can Help You Stop Cyber Attacks

cislogowebOn of the more hopeful presentations from the Cyber Security Summit was presented by Tony Sager from the Center for Internet Security.  Titled “Making Best Practices Common Practices: The CIS Controls,” Tony provided us with a road map for implementing secure practices in our networks.

There are 20 CIS controls.  Tony said that implementing the first 5 (20%) would reduce your risk by 80%. ...

Continue Reading →
0

Additional Notes from the Cyber Security Summit

cyber-security-summit-2016On Monday we looked at the some of the primary attack vectors used by cyber-criminals.  Here are the rest of the attack vectors that Kevin Thompson from FireEye shared at the Cyber Security Summit.  Many of these are significant twists on old exploits, or more sophisticated exploits.

  • Attacks using legitimate services.
    • Social networks – make friends or connections, gather information.
    • Cloud storage services to host malware downloads.  Link looks legitimate, its from Google Docs or ...
Continue Reading →
0

Scary Notes From the Cyber Security Summit for Halloween

cyber-security-summit-2016Hey, when I spend several hundred dollars and two days of my time to attend a cybersecurity conference, a guy like me hopes he can milk a few blog articles out of it.  Here is the third (so far.)

Most of these nuggets came from a keynote titled “2016 Cyber Attacks By The Numbers” presented by Kevin Thompson, a former CIA analyst and now a threat analysis for the cybersecurity firm FireEye.  Very eye-opening.

Primary Attack Vectors

  • Spearphishing ...
Continue Reading →
0

More Notes from the Cyber Security Summit 2016

cyber-security-summit-2016On Wednesday we looked at several of the important takeaways from this year’s Cyber Security Summit.  Here are a few more.

  • Small businesses need to stop using public email services such as Gmail, Yahoo, or Hotmail for their business email.  User credentials for 500,000 Yahoo email accounts have been stolen, and it could happen to the others.  If you have a domain name you are using for a web site, then you ...
Continue Reading →
0
Page 81 of 107 «...5060707980818283...»