The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.
The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups. But we have discussed ...
Continue Reading →
As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short. This was the year, you promised yourself, that we get a handle on computer and network security.
Well it is not too late to get a start, and here is a ...
Continue Reading →
Naked Security recently reported on a new ransomware exploit that looks like the infamous Windows Blue Screen of Death (BSOD). The tactic this time is to trick you into calling a toll-free number for “support.” This is another variation of the “Fake Tech Support” scam that we have written about numerous times.
The lock screen feature is similar ...
Continue Reading →
On Monday we looked at the some of the primary attack vectors used by cyber-criminals. Here are the rest of the attack vectors that Kevin Thompson from FireEye shared at the Cyber Security Summit. Many of these are significant twists on old exploits, or more sophisticated exploits.
We have written about Stuxnet a couple of times. (Here and here) My fascination with this incredible piece of malware writing is that it represents the first documented case of cyber war between nation-states. As we now know, Iran, specifically the nuclear facility at Natanz, was attacked by the United States, and our ally Israel. I recently watched a ...
We have been recommending Windows Defender as an acceptable anti-malware program. What we like about it is that it comes baked into the Windows 10 operating system, and gets its malware definitions updates with the other Windows security and feature updates that users are already receiving. And it is free. Plus it keeps your system a little less cluttered than adding a third party anti-malware product.
Sure, it is not top ...
Continue Reading →
You have trained your staff and improved your defenses. In spite of your best efforts, you have an active case of crypto-malware running on a system in your business. How do you recover?
Here are the steps to recovery:
Encryption ransomware can be a devastating event if it happens to your or your company. The three solutions are basically pay the money, restore from backup, or accept your losses and move on. All are expensive, and some can be severe enough to drive a business out-of-business.Monday we gave you several ways to prevent, or at least prepare a response to a crypto-ransomware exploit. Today we are going to look at ...
Having just discussed phishing on Monday, it makes sense to cover the social engineering practice called “baiting” today. Typically, this involves an attacker leaving removable media such as a USB flash drive or SD Media card lying around in a public location. The exploit depends entirely on the principle of “finders-keepers.” People pick these drives up, and plug them into the first computer ...
We continue to hear from security researchers and professionals that an astonishing 95% of all exploits begin with someone opening an attachment or clicking a link on a phishing email. I have a client where two different employees opened the attachment on an email from “FedEx” and became infected with crypto-malware. These incidents happened nearly a week apart, and you think that the ...