When you see the secure HTTPS protocol at the beginning of a web address, or see the green “secure site” padlock symbol, does this mean that the site is safe? Unfortunately, the answer is NO. There is some confusion among computer users about what HTTPS really means. This confusion is being exploited by cyber-criminals running phishing exploits.
HTTPS or secure hypertext transport ...
Continue Reading →
The most devastating exploit that can happen to you is to have your email account hijacked. We have spilled a lot of pixels on this subject (see below). The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.
Google recently released a study that analyzed how Gmail accounts are hijacked. If you have an Android smartphone, you have a Gmail ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.A paper at Schmoocon DC over the weekend revealed a delightful cryptogram on William and Elizebeth Friedmans’ tombstone. This is a fun story and will introduce you to the Bacon cypher.
Phishers are using the hot topic ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.Google removed 60 games that contained code to display porn pop-ups and other malicious activities. Click through to see list of bad apps. If you installed any of them, you will need to remove these yourself.
A quick Saturday digest of cybersecurity news articles from other sources.Looking to run a phishing attack against your team? Here’s a article from Infosec institute on the top 9 free phishing simulation products.
Your Nigerian Prince is a 67 year old from LouisianaSure looks like a prince to me. Like Prince Charles. (Those ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.11/28/2017 11:10 PM ESTÂ Â Original release date: November 28, 2017
As part of National Tax Security Awareness Week—November 27 to December 1—the Internal Revenue Service (IRS) is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft.
US-CERT encourages taxpayers to visit the ...
Continue Reading →
 If  you own a small business and this stuff isn’t keeping you awake, it should be.  Thanks to CIT’s new Director of Cybersecurity, Jake DeWoskin, for the list of issues that follows.
Not everyone can hire a cyber security expert. Globally, 70% of employers  plan to increase the size of their cybersecurity staff this year. Not only is there ...
Continue Reading →People often ask me if it is dangerous to simply open an email, if it is possible to get a malware inflection just by reading an email. My answer has been a qualified “not at this time.” Unfortunately, this is no longer true. It is possible to get a malware installation from the new DDE (Dynamic Data Exchange) exploits reveal by Sophos Labs on October 13 2017. This can be accomplished without an attachment or link if the email is ...
Continue Reading →
Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011. Their report on Dragonfly can be found on their website. While they are cautous when providing attribution, reading between the lines indicates that Dragonfly is probably a Russian based group, possibly working on behalf ...
