Losing control of a major online shopping account like your Amazon account is a huge problem. An account hijacker could purchase all sorts of high end goods, jewelry, electronics, gift cards. Really, almost anything is for sale on Amazon. If you have a Prime membership, an attacker also has access to your video and music streaming account as well. This access can get ...
If you use Google for anything (and who doesn’t), it is a good idea to periodically check your your Google account security settings. If you have an Android phone, then there is a Gmail account attached to the phone, whether you use it or not. This account is tied to the GPS location history generated by your phone. It is also attached to Google Calendar, Google Contacts, Google Photos, any G-Suite ...
I have been predicting the death of the password for several years now, but all of us are still using them, even if they are easily stolen, cracked, or bypassed. A password by itself is not all that secure anymore. But there are several simple steps you can take to make them more secure.
Do not:
Is your computer technology Managed Service Provider (MSP) the weakest link in your supply chain security program? Are they the easiest point of entry for an attacker? Your contracted tech support provider holds keys to your computer network that are coveted by cyber-attackers. MSPs are commonly targeted by cyber-criminal groups and other bad actors because MSPs have ...
A quick Saturday digest of cybersecurity news articles from other sources.From the desk of Thomas F. Duffy, MS-ISAC Chair
It’s that time of year again, holiday shopping has begun! Everyone is looking for those unique gifts, hot toys and cool electronics. Whether it is a hard-to-find toy for kids or the latest 4K smart ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.The idea of hacking back against those who hack you has been called a lot of things. The terms “goofy idea” and “illegal” are some we’ve heard. But for a ransomware victim in Germany, you can add the words “sweet revenge.” And not just ...
Continue Reading →
The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack. Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad. Passwords can ...
We recently wrote about the upsurge in ransomware attacks, and one of the examples in that article was the recent attack on about two dozen governmental and educational networks in the state of Texas. Texas was initially tight lipped about what they were doing to mitigate the attack, in an effort to prevent the attackers from learning about their defensive strategies and systems, and adapting their attack ...
Phishing is getting better and harder to detect. One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers. These phishing emails from trusted sources are used to hijack other email accounts in the same company. This techniques ...
I have been saying for some time now that passwords by themselves are no longer an effective form of security. Too easy to hack, too easy to crack. Currently my go to recommendation is any form of two-factor authentication. Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.
On the horizon there are other authentication options that may replace passwords entirely. Here are a few: