If You Connect It, Protect It

Keeping our connected devices secure has become easier – and harder!  Easier because we have more tools to defend our online assets, and harder because the opposition has grown much larger and become more sophisticated.  And the enemy is not limited to criminals, there are terrorist groups, nation-state sponsored cyber operations teams, hacktivists, and other with malicious intent and nefarious schemes.

When I started writing this blog in October 2006, almost ...

Continue Reading →
0

Tomorrow is World Password Day

I have been predicting the death of the password for several years now, but all of us are still using them, even if they are easily stolen, cracked, or bypassed.  A password by itself is not all that secure anymore.  But there are several simple steps you can take to make them more secure.

Do not:

  • Do not use personal information. Information such as  your name, or the name of your pet, ...
Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


8 Shopping Tips for the Holiday Season

November 2019 Volume 14 Issue 11

From the desk of Thomas F. Duffy, MS-ISAC Chair

It’s that time of year again, holiday shopping has begun! Everyone is looking for those unique gifts, hot toys and cool electronics. Whether it is a hard-to-find toy for kids or the latest 4K ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Ransomware Victim that Hacked Back and Got the Keys to the Kingdom

The idea of hacking back against those who hack you has been called a lot of things. The terms “goofy idea” and “illegal” are some we’ve heard. But for a ransomware victim in Germany, you can add the words “sweet revenge.” And not ...

Continue Reading →
0

Authentication Without Passwords

The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack.  Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad.  Passwords ...

Continue Reading →
0

Ransomware Mitigation – Texas Shows How It Is Done

We recently wrote about the upsurge in ransomware attacks, and one of the examples in that article was the recent attack on about two dozen governmental and educational networks in the state of Texas.  Texas was initially tight lipped about what they were doing to mitigate the attack, in an effort to prevent the attackers from learning about their defensive strategies and systems, and adapting their ...

Continue Reading →
1

Lateral Phishing – A New Threat to Business Email

Phishing is getting better and harder to detect.  One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers.  These phishing emails from trusted sources are used to hijack other email accounts in the same company.  This ...

Continue Reading →
0
Page 1 of 2 12