It seems that hardly a week goes by without some new cyber-attack being attributed to Fancy Bear, Cozy Bear, Grizzly Steppe, or some other cute-sounding Russian hacker collective. One the one hand, we have the DHS, FBI, and US-CERT attributing these attacks to the Russians. There are others, including those working in the cybersecurity profession, that are suggesting that the attackers are not agents of the Russian government, but merely opportunistic ...
A quick Saturday digest of cybersecurity news articles from other sources.
Six routers with serious security flaws are considered end of life (EOL) and may never be updated. The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in ...
Continue Reading →
If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form. This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.
I have been an advocate for password managers. They are part of the solution to creating ...
Continue Reading →
The holy grail of a cyber-attacker is the ability to achieve remote access to a computer on a network. It is even better when the attacker can get administrator privileges. Then they have the ability to do anything they need to do on the compromised computer to cross the network and compromise other computers and servers. Who has this kind of access already? ...
A quick Saturday digest of cybersecurity news articles from other sources.09/14/2018 02:19 PM EDT
NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, ...
Continue Reading →Cyber-criminals are using a botnet to send phishing emails with the apparent purpose to test a new email attachment type. Over the course of three weeks starting August 10th, this cyber-gang released seven different types of phishing emails to over 3,000 banks around the world. They appear to be testing which of these several approaches is most successful at tricking recipients into opening the email attachment.
The attachment itself is also something different – Microsoft Excel Web Query files that use ...
Continue Reading →Bad news – your small business network is easy for an attacker to access, and for most of you there are two or more exploitable attacker vectors. A recent report from Positive Technologies analyzed the results of 22 penetration tests on companies from finance, transportation, retail, and even information technology. All of the companies were breached with little difficulty. The two easiest methods of unauthorized network access were not terribly surprising: Wi-Fi networks, and company employees.
A quick Saturday digest of cybersecurity news articles from other sources.
One of my IT associates got an email that had one of her actual passwords in it, and threatened to reveal information unless she paid a ransom in Bitcoin. This seems to be getting a lot of traction, so beware. Do not pay the extortion demand. First, this is a scam. They got ...
Continue Reading →Cyber-criminals are masquerading as customer service sites on Facebook, luring disgruntled customers to their Facebook page in order to trick them into divulging their user name, password, and other personal information. This is called “angler phishing.”
The way this usually works is this. Let’s say you have a bad experience with your bank. Then you write and post a negative comment on Facebook or Twitter about bad service you received at your bank, for example. A cyber-crime crew will be searching ...
Continue Reading →Did you know that the easiest way for me to get your password is just to ask for it? This is one way that cyber-criminals can get one of your passwords. In our last post we focused on password cracking. Today we will look at all the other ways that an clever attacker can compromise your password.
