Almost all cyber-crime is about making money for the crooks. Often this involves stealing valuable information that can be sold. But many criminal gangs are going straight for the cash, and often this involves bank and financial account fraud or financial account access.
Below we have a list of strategies you can use to protect your financial resources.
Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals. The likelihood is that this has already happened to you, and if not, it will happen eventually. And if it has happened, it will probably happen again. Why is this?
Even if you never click on a phishing email, ...
Continue Reading →
As a regular reader of this blog, you are probably using a long, unique, 20 character password with two-factor authentication, and a password manager to keep it all straight. But let’s say that you fall for a phishing scam, and give away the password to your email account. The attacker can now use your email account to request password reset emails from your other online accounts, and you have yourself one ...
Facebook has added USB key security to it’s two-factor authentication options. Previously, Facebook users could add the additional security of two-factor authentication to their account by using the Facebook app to receive a six digit one-time passcode, or by having the code sent to their smart phone via SMS text message. Facebook now supports the open-source Universal 2 Factor (U2F) standard established by the FIDO Alliance, such as the Yubikey from ...
NIST is working on new authentication standards, and there are some surprising changes coming out of this effort. One of the issues that NIST is dealing with is the use of biometrics for authentication. But there are problems with biometrics. Here they are from the NIST Special Publication 800-63b. Emphasis is mine.
For a variety of reasons, ...
Continue Reading →
Passwords are not dead – not yet. But they are on life support. They are no longer enough to truly secure anything on their own.
I just read an sobering, eye-popping article on NetMux that discussed easy ways to crack passwords that are longer than 12 characters.
What makes this so disheartening for me is that I have been telling everyone to increase their password ...
Continue Reading →
On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims. Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.
This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment. The PDF variant uses Windows Powershell to install. ...
Continue Reading →One of these URLs will open your Gmail account. The other will take you to a replica phishing landing page to steal your Gmail password. Can you tell which is which?
If you chose the first one as fake, and the second one as genuine, you ...
Continue Reading →
Early on Jan. 9, about 12,000 MongoDB database servers were compromised. Later the number rose to 28,000 servers. As many as 46,000 servers are vulnerable to this attack.
A cyber-criminal using the alias “Harak1r1” exploited a weakness in the default installation of the popular database solution, MongoDB. He demanded a 0.2BTC ransom ($220) to return the data he exfiltrated from thousands of victim systems. Older installations of MongoDB that were deployed via cloud hosting services in an insecure default configuration ...
Continue Reading →
Cybersecurity professionals are in agreement. The Russians appear to have been actively engaged in influencing the outcome of our recent Presidential election. Specifics include compromising and taking over Hilary Clinton’s chief of staff, John Podesta’s personal Gmail account. This spear phishing exploit used a “near-miss” domain name of “accounts.googlemail.com” to trick John into clicking on a link and and entering his email credentials. The real domain name is accounts.google.com.
There was also ...
Continue Reading →