Encryption ransomware can be a devastating event if it happens to your or your company. The three solutions are basically pay the money, restore from backup, or accept your losses and move on. All are expensive, and some can be severe enough to drive a business out-of-business.Monday we gave you several ways to prevent, or at least prepare a response to a crypto-ransomware exploit. Today we are going to look at early ...
This week we will be focusing on preventing, detecting, and recovering from the many variants of the crypto-ransomware exploit. Ransomware attacks, such as CryptoLocker, CyrptoWall, Locky, Chimera, Zepto, and the like, have become one of the best money-making exploits for cyber-criminals, with new variants appearing on the scene every month. These attacks usually start with a phishing email and a ZIP file attachment or a malicious link, so email vigilance can ...
I will be a featured presenter at the MN Blogger Conference, on Saturday October 15, at Concordia University in St.Paul, from 8:15 am to 5:15 pm. Tickets are $20.
My presentation is titled Shields Up For WordPress Websites and Blogs.
In this presentation you will learn why WordPress sites are an attractive target for cyber-criminals and attackers, why they want to hijack your site, and ...
Continue Reading →
Actually there are way more than ten ways, but here are some I see all the time. We can play this like a game, so go ahead and give yourself a point for each one of these that apply to you. This game scores like golf – low score wins.
Should you hire a hacker? Recently, the US Department of Defense did just that in their “Hack the Pentagon” event this spring. This event resulted in the discovery of over 200 vulnerabilities that have been remediated, making our Defense network more secure.
The hackers we are recommending would be Certified Ethical Hackers (CEH) or Offensive Security Certified Professionals (OSCP). These are professional cybersecurity practitioners who have received the specialized training ...
Continue Reading →
Many small businesses are being dragged into the arena of IT risk assessment by larger client companies, suppliers, or regulators. Common scenarios include credit card (PCI) or HIPAA compliance. Since the Target breach, smaller vendors and supplier companies who have a network connection into the IT operations of a larger company are being required to undergo the same sort of vulnerability and risk assessment ...
A recent article in Naked Security caught my eye the other day about a new web site vulnerability called HTTPoxy. This stands for HTTP requests and poisoned proxy settings. Most web site use a technology called Common Gateway Interface (CGI) to run applications such as site search, collect information submitted on web forms, display comments, run a forum, or to display database queries such as pricing in a usable form on a web page.
Cyber-criminals are encrypting your computer files and holding them for ransom. This is one of the most difficult attacks to defend, and once encrypted, impossible to overcome without paying for the decryption key. There are several new tactics appearing on the crypto-ransomware scene that we thought were worth a mention.
Having just discussed phishing on Monday, it makes sense to cover the social engineering practice called “baiting” today. Typically, this involves an attacker leaving removable media such as a USB flash drive or SD Media card lying around in a public location. The exploit depends entirely on the principle of “finders-keepers.” People pick these drives up, and plug them into the first computer ...
We continue to hear from security researchers and professionals that an astonishing 95% of all exploits begin with someone opening an attachment or clicking a link on a phishing email. I have a client where two different employees opened the attachment on an email from “FedEx” and became infected with crypto-malware. These incidents happened nearly a week apart, and you think that the ...
