Lateral Phishing – A New Threat to Business Email

Phishing is getting better and harder to detect.  One new trend is using hijacked business email accounts to pivot further into a business, by using the built in trust of the company’s email domain to send phishing emails that appear to come from coworkers.  These phishing emails from trusted sources are used to hijack other email accounts in the same company.  This techniques ...

Continue Reading →
0

Remote Desktop Protocol is Still a Top Attack Vector

Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network..  Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and compromising ...

Continue Reading →
0

Hash and Salt – A Recipe for Password Security

I love hash, especially corned beef hash, with a little salt.  Maybe a couple of poached or over-easy eggs perched on top.  Wait!  This is not a foodie blog!  That’s not what I am writing about today.  As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.

If your password has been extracted from a web ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


50th Anniversary of Apollo 11 Moon Landing

Apollo 11 was the spaceflight that landed the first two people on the Moon. Commander Neil Armstrong and lunar module pilot Buzz Aldrin, both American, landed the Apollo Lunar Module Eagle on July 20, 1969, at 20:17 UTC. Armstrong became the first person to step onto the lunar surface six ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Cop awarded $585K after colleagues snooped on her via license database

A local story made the international press.  Why do Twin Cities and Minnesota cops think the driver’s license database is a dating app?  Krekelberg alleged that 58 fellow officers broke a federal privacy law by searching for her driver’s license data without any reason.


Continue Reading →
0

Replacements for Passwords

I have been saying for some time now that passwords by themselves are no longer an effective form of security.  Too easy to hack, too easy to crack.  Currently my go to recommendation is any form of two-factor authentication.  Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.

On the horizon there are other authentication options that may replace passwords entirely.  Here are a few:

  • DNA ...
Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Update Your TOR Browser

Update your Firefox to version 66.0.4 and your TOR browser to version 8.0.9 to fix the problem with intermediate certificate verification.


FTC Releases Article on Keeping Children Safe Online

Original release date: April 26, 2019

The Federal Trade Commission (FTC) has released an article with tips for parents to keep their ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tax Identity Theft: Protecting Your Credit and Finances

Check this out from the Simple Dollar.  Tax-related identity theft is a growing problem in America, and the more security breaches, information hacks and digital business we do as a society, the more consumers who fall victim to it. In fact, in 2016 alone, thieves stole more than $21 ...

Continue Reading →
0
Page 1 of 16 12345...»