If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form. This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.
I have been an advocate for password managers. They are part of the solution to creating ...
Continue Reading →
The holy grail of a cyber-attacker is the ability to achieve remote access to a computer on a network. It is even better when the attacker can get administrator privileges. Then they have the ability to do anything they need to do on the compromised computer to cross the network and compromise other computers and servers. Who has this kind of access ...
A quick Saturday digest of cybersecurity news articles from other sources.09/14/2018 02:19 PM EDT
NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, ...
Continue Reading →Cyber-criminals are using a botnet to send phishing emails with the apparent purpose to test a new email attachment type. Over the course of three weeks starting August 10th, this cyber-gang released seven different types of phishing emails to over 3,000 banks around the world. They appear to be testing which of these several approaches is most successful at tricking recipients into opening the email attachment.
The attachment itself is also something different – Microsoft Excel Web Query files that use ...
Continue Reading →Bad news – your small business network is easy for an attacker to access, and for most of you there are two or more exploitable attacker vectors. A recent report from Positive Technologies analyzed the results of 22 penetration tests on companies from finance, transportation, retail, and even information technology. All of the companies were breached with little difficulty. The two easiest methods of unauthorized network access were not terribly surprising: Wi-Fi networks, and company employees.
A quick Saturday digest of cybersecurity news articles from other sources.
One of my IT associates got an email that had one of her actual passwords in it, and threatened to reveal information unless she paid a ransom in Bitcoin. This seems to be getting a lot of traction, so beware. Do not pay the extortion demand. First, this is a scam. They ...
Continue Reading →Cyber-criminals are masquerading as customer service sites on Facebook, luring disgruntled customers to their Facebook page in order to trick them into divulging their user name, password, and other personal information. This is called “angler phishing.”
The way this usually works is this. Let’s say you have a bad experience with your bank. Then you write and post a negative comment on Facebook or Twitter about bad service you received at your bank, for example. A cyber-crime crew will be searching ...
Continue Reading →Did you know that the easiest way for me to get your password is just to ask for it? This is one way that cyber-criminals can get one of your passwords. In our last post we focused on password cracking. Today we will look at all the other ways that an clever attacker can compromise your password.
In our last post we looked at the frighteningly short amount of time that it takes to crack a typical password. Today we will look at all the different password cracking methods that a clever attacker can use to compromise your password, and how to defend against these attacks.
There are several types of automated password attacks that can be combined to make the process quicker, or to configure for a certain type of password attack.
On May 7, the FBI announced the release of the 2017 edition of the Internet Crime Report, published by the Internet Crime Complaint Center (IC3). This 29 page report outlines what cyber-crimes are most popular and most profitable for the perpetrators. Don’t miss the extensive list of cyber-crimes and definitions in Appendix A. Seriously, I found them kind of interesting. Anyway, these crimes led to $1.42 billion in losses ...
