Naked Security recently reported on the raid on a call center outside of Mumbai India that was engaged in defrauding US taxpayers of over $15 million dollars by pretending to be IRS collection agents. 70 people were arrested and over 600 call center operators remain under investigation. While this is good news, this scam was very successful and is likely to pop up again. We are reporting on it here ...
Tuesday we get to vote for president again. Worried about the security of electronic voting machines? You are not alone, but you would not find any political or election officials in your group. They think everything is fine! The fact that your next president may be elected by the Russian Cyber Army is OK, I guess. So that means Trump.
Here’s a little humor to make the nightmare seems more acceptable.
Continue Reading →
A couple of weeks ago I attended the Minneapolis Cyber Security Summit 2016 at the J.W. Marriot Hotel in Bloomington Minnesota. There were two days of presentations on cybersecurity issues, and here are a few of the takeaways for small and medium sized business owners.
In the last several days, we have seen big distributed denial of service (DDoS) attacks against DynDNS, an Internet services company that provides domain name services (DNS) to many companies including Twitter and PayPal. DNS is how web sites are found on the web, you enter a web address in your browser, and DNS finds the website you are looking for. When attacked in ...
NIST has created a self assessment tool for companies and organization who are working through the NIST Cyber Security Framework (NIST-CSF). This tool is called the Baldridge Cybersecurity Excellence Bulder and is designed to help companies implement the principles of the CSF.
According to NIST, organizations can use the Baldrige Cybersecurity Excellence Builder to:
US-CERT sent out an announcement in September about a new video from the FTC for people whose personal information may have been breached in a cyber incident. There are tips on reporting, and how to recover with tools such as a credit freeze or fraud alert. There are many links on both the CERT and the FTC websites to ...
I recently read Dave Eggers book The Circle at the recommendation of a friend in the cybersecurity profession. While I don’t do book reviews in this blog very often, I thought I would throw in my two cents about this book.
I was recommended this book during a cybersecurity training class. I do want to say that this book looks unblinkingly at ...
Continue Reading →
Years ago I heard a story about someone on a job interview was asked by the hiring manager for the user ID and password to their Facebook account. My response, then and now, was “sure – but you first.” The idea being if you want to know that much about my personal life, then I want to know the same about you. Maybe ...
We were interviewed again by Sarah Westall on her web radio show Business Game Changers. Our discussion wove together different threads I have been following about cyber warfare and our lack of national preparedness. Since reading Ted Koppel’s book Lights Out and watching the documentary Zero Days, this has become a bigger issue for me, and maybe it should be for ...
We have written about Stuxnet a couple of times. (Here and here) My fascination with this incredible piece of malware writing is that it represents the first documented case of cyber war between nation-states. As we now know, Iran, specifically the nuclear facility at Natanz, was attacked by the United States, and our ally Israel. I recently watched a ...