Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Detecting Credit Card Skimmers

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There’s now an app that can detect them:

The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which ...

Continue Reading →
0

Lateral Phishing – A New Threat to Business Email

Phishing is getting better and harder to detect.  One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers.  These phishing emails from trusted sources are used to hijack other email accounts in the same company.  This techniques ...

Continue Reading →
0

Does Microsoft’s Office365 Cloud Service Have Security Flaws?

Have you recently migrated to Microsoft Office 365 for your company email services?  US-CERT and CISA recently released  Analysis Report (AR19-133A) Microsoft Office 365 Security Observations that described several security flaws or weaknesses inherent in the default deployment of O365.

Here are the findings of that report.  The good news is that these are shortcomings with the default, out-of-box experience.  These issues can be corrected through configuration.  For ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tell Congress to Restore Full Net Neutrality Protections

From the Electric Frontier Foundation (EFF).  Do you  like what has happened to your cable and Internet service?  In December 2017, the FCC voted to roll back the 2015 Open Internet Order, giving Internet service providers (ISPs) free reign to engage in unfair and discriminatory data practices. That decision ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


OUCH! Ransomware Attack Via MSP Locks Customers Out of Systems

If your computer technical support is provided by an outside vendor, you need to know this.  We have warned about this problem before.

Earlier this week, an unidentified threat actor managed to launch a ransomware attack resulting in the encryption of between 1,500 to 2,000 endpoint ...

Continue Reading →
0

It’s Not Just Phishing – Other Ways Email Is Exploited – Part 2

On Monday we investigated five ways that your email account can be used to initiate an cyber-attack against you.  Today we finish up this article with another five email attack vectors.

  • Clickjacking – In traditional click-jacking, a malicious email link actually direct you to a malicious or impostor site.  A new version places something that looks like a dirt spot or hair on the web page and when the user tries to ...
Continue Reading →
0
Page 1 of 2 12