General

We have alerted our readers to many of the approach vectors that are used by cyber-criminals to gain network access, tactics such as phishing and spearphishing, drive-by downloads from compromised websites, installing remote access Trojan horse software, and the like.  Sometimes the easiest way to get the network credentials you need is simply to ask for them.  One of the methods that have been increasing is impersonating IT staff, either by email, or directly via a phone call.   We ...

An unusual confluence of numbers makes this year’s Pi day special.  On 3.14.14 at 9:26:53 am all of the numbers in the string are part of Pi.

For more information see:

Pi Day.org

Wikipedia

We generally delve pretty exclusively in cybersecurity issues here, but I received an email from Marie Villeza of Elder Impact and thought the information was worth posting. Members of my own family have fallen for some of these scams, one lost $16,000 to scammers claiming to be the police, who accepted this payment in lieu of charging a “grandchild” with a crime.  Below is the body of Marie’s email.

From: Marie Villeza <information@elderimpact.org>

Subject: Resource Guides to Help Catch Scammers Before ...

Via Pinterest

Not taking THIS elevator!!!

The Internet has a dark side, the online underground know as the Dark Web.  Inhabited by cyber-criminals, hacktivists, jihadists, terrorists, gun runners, drug-dealers, whistleblowers and freedom fighters, the web sites of the Dark Web are not generally available to the curious without a bit of work and can usually be accessed only by using something like the TOR browser.

AV-TEST, the German independent testing laboratory, has published its award for best security products of 2014.  If you like to use best of breed products, this report is for you.  If you would like to see how the security software you are using stacks up to the competition, this report will provide that insight as well.

The ...

The easiest way for a cyber-attacker to get into your network is through your email.  This can be accomplished a number of different ways, but a successful exploit may use several of these methods together to gain access to your network and control your computer systems.  The great thing, from the attacker’s perspective, is that by using your email, they can get around whatever perimeter defenses you have, such as firewalls and intrusion detection systems, and can even beat the ...

There is another article about the Lenovo/Superfish debacle on Silicon Beat that looks at what this application is supposed to do, and what it actual is doing, and a bit into what it could do if it so chooses.  None of it sounds all that great and some of it is scary.

Superfish is supposed to allow users to take a picture, submit it to Superfish, and Superfish will search the web for a close match and return the results to ...

It has been reported that Lenovo computers have been shipped with a nifty piece of bloatware called Superfish that can break an encrypted session, track users online, and allow malicious attackers to take over an online transaction.  this program needs to be uninstalled TODAY!

Lenovo has apologized, explaining that they were unaware of the negative security aspects of this adware program, and has posted an uninstall program on their website.  There are also great step-by-step illustrated instructions on Sophos.  ...

Google recently announced their intention to become a cellular services provider and compete with ATT, Verizon, Sprint, and T-Mobile.  What they are doing is launching an MVNO (Mobile Virtual Network Operator), which means they will be offering services on another carrier’s network.  In this case, they will be providing phones that will work on two networks, Sprint and T-Mobile’s.  In this way they ...