Is your computer technology Managed Service Provider (MSP) the weakest link in your supply chain security program? Are they the easiest point of entry for an attacker? Your contracted tech support provider holds keys to your computer network that are coveted by cyber-attackers. MSPs are commonly targeted by cyber-criminal groups and other bad actors because MSPs have ...
A quick Saturday digest of cybersecurity news articles from other sources.From the desk of Thomas F. Duffy, MS-ISAC Chair
It’s that time of year again, holiday shopping has begun! Everyone is looking for those unique gifts, hot toys and cool electronics. Whether it is a hard-to-find toy for kids or the latest 4K smart ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.The idea of hacking back against those who hack you has been called a lot of things. The terms “goofy idea” and “illegal” are some we’ve heard. But for a ransomware victim in Germany, you can add the words “sweet revenge.” And not just ...
Continue Reading →
The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack. Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad. Passwords can ...
We recently wrote about the upsurge in ransomware attacks, and one of the examples in that article was the recent attack on about two dozen governmental and educational networks in the state of Texas. Texas was initially tight lipped about what they were doing to mitigate the attack, in an effort to prevent the attackers from learning about their defensive strategies and systems, and adapting their attack ...
Phishing is getting better and harder to detect. One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers. These phishing emails from trusted sources are used to hijack other email accounts in the same company. This techniques ...
I have been saying for some time now that passwords by themselves are no longer an effective form of security. Too easy to hack, too easy to crack. Currently my go to recommendation is any form of two-factor authentication. Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.
On the horizon there are other authentication options that may replace passwords entirely. Here are a few:
A quick Saturday digest of cybersecurity news articles from other sources.It’s Star Wars Day!! May the force be with you. Jedis, Greys, and Sith unite for a day for video watching and beer.
You might want to check your free space on your C drive before Patch Tuesday ...
Continue Reading →
One of the worst things that can happen to you online is when someone hijacks one of your social network accounts. When unauthorized bad-actors get your Facebook or Twitter password, they can use your account to impersonate you, and to send all sorts of friend requests, share requests, spam, and posts with click-bait links that can lead your friends to web pages that will steal their information or silently download and ...
Have you ever wondered why the state of cybersecurity is so screwed up? Why is it so easy for bad actors and cyber-criminals to hijack systems and steal information? Would you be surprised to learn the answer is because we designed it that way? Computers, networks, operating systems and software were designed to work together as easily as possible, and were inherently “trusted” by each other. In the beginning, most systems ...