Your Personally Identifiable Information (PII) is one of the top targets of cyber-criminals. This information is valuable because it can be used for identity, fraud, tax refund fraud, loans and credit card applications, money transfers, phishing and spam campaigns, blackmail and extortion, fraudulent medical insurance claims, online shopping, and so much more. This information is packaged and sold on the Dark Web, and ...
Creating and remembering strong (long) passwords is a chore, and leads to poor security practices such as shorter passwords, reuse of passwords, and writing down passwords in a password list or book that could be stolen. The best way to create strong passwords and store them for use is a password manager.
The easiest password managers are found in popular web browsers such as Chrome, Firefox, and Edge. Safari uses the Apple ...
Continue Reading →
The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack. Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad. Passwords can ...
You might have heard that the founder of Twitter, Jack Dorsey, recently had his Twitter account hijacked. You are probably wondering how a tech-savvy founder of a technology company could possibly lose control of his account at his own company. Personally, I can’t think of anything more embarrassing. It turns out the culprit was his phone. Specifically, the SMS texts that ...
Is your home Wi-Fi router a gateway to invasion by cyber-criminals? According to recent findings by Consumer Reports, it very well could be. They tested 29 popular home routers, and were only able to recommend 6 basic Wi-Fi routers, and 3 more expensive Wi-Fi mesh routers. Mesh routers allow you to install several Wi-Fi access ...
Phishing is getting better and harder to detect. One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers. These phishing emails from trusted sources are used to hijack other email accounts in the same company. This techniques ...
Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network.. Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and compromising ...
I love hash, especially corned beef hash, with a little salt. Maybe a couple of poached or over-easy eggs perched on top. Wait! This is not a foodie blog! That’s not what I am writing about today. As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.
If your password has been extracted from a web ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Apollo 11 was the spaceflight that landed the first two people on the Moon. Commander Neil Armstrong and lunar module pilot Buzz Aldrin, both American, landed the Apollo Lunar Module Eagle on July 20, 1969, at 20:17 UTC. Armstrong became the first person to step onto the lunar surface six ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.A local story made the international press. Why do Twin Cities and Minnesota cops think the driver’s license database is a dating app? Krekelberg alleged that 58 fellow officers broke a federal privacy law by searching for her driver’s license data without any reason.