On May 25 2018, new regulations will go into effect in the European Union called the General Data Protection Regulation (GDPR). If you are doing business in Europe, this will affect your business. If your website collects personal information and other data from European site visitors or customers, this will affect your business.
The Europeans take personal privacy, especially online privacy, much more ...
Continue Reading →
The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.
The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups. But we have ...
Continue Reading →
The House Judiciary Committee’s Encryption Working Group has released a report that comes out in favor of strong encryption, and opposed to the daft notion of creating encryption “backdoors” for law enforcement and government to use. As we have expressed in this blog previously, the concept that the secret backdoor keys could somehow be kept securely, when nothing else seems to be able to be kept secret, is the main ...
This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post. Guess which one this is? I’ve been reading the pundits, and considering my own findings as a cybersecurity professional. I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.
Cybersecurity professionals are in agreement. The Russians appear to have been actively engaged in influencing the outcome of our recent Presidential election. Specifics include compromising and taking over Hilary Clinton’s chief of staff, John Podesta’s personal Gmail account. This spear phishing exploit used a “near-miss” domain name of “accounts.googlemail.com” to trick John into clicking on a link and and entering his email credentials. The real domain name is accounts.google.com.
There was also ...
Continue Reading →
The FBI recently reported on arrests of a number of lottery scammers in what they call “Operation Hard Copy.” We do like to report when cyber-criminals are arrested, prosecuted, and jailed, because it shows that stopping cyber-crime is not impossible. But it is almost always a multi-national, multi-jurisdictional undertaking that requires the cooperative efforts of law enforcement from several countries.
What I found most interesting was the way that this ...
Continue Reading →If you have been the victim of a ransomware scam, or fake tech support scam, or other computer incident, intrusion, or breach, you may be wondering if you should report it to the police.
If you report your crime to the police, it is unlikely that it is going to be solved and the perpetrator arrested. Many local police departments have a computer fraud officer or even a larger group, but there ...
Continue Reading →
It was recently reported in Naked Security that a Seattle television news crew interviewed an Office Depot employee who alerted them to the practice of selling in-store repair scams to customers who came in looking for computer help. This whistle-blower told a story where employees where encouraged and even pressured to run the chain’s “PC Health Check” on evey ...
As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short. This was the year, you promised yourself, that we get a handle on computer and network security.
Well it is not too late to get a start, and here is a ...
Continue Reading →
The Mirai and Bashlight botnets have caused quite a stir in the cybersecurity and IT realms. The easy ability to round up and deploy millions of devices in a botnet using automated tools has raised the bar. How we respond to DDoS attacks will have to change.
Nevertheless, you can remove your IoT devices from the bot-net and keep them from being reacquired. Here are some easy solutions:
First, as clever as these ...
Continue Reading →