Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals. The likelihood is that this has already happened to you, and if not, it will happen eventually. And if it has happened, it will probably happen again. Why is this?
Even if you never click on a phishing email, and ...
Continue Reading →
2017 is promising to be another difficult year for cyber-defenders who are protecting company and government networks from attack. Here are what I think will be the top attack vectors this year.
Business Email Compromise
CEOs and other C suite officers will increasingly be targeted for email account hijacking. This is an easy exploit to run because high ranking employees and officers often ...
Continue Reading →
I will start out by admitting that I hate Domain Privacy. But I just read a story in Naked Security on February 9th that is causing me to reevaluate my opinion. It turns out that the new White House press secretary, Sean Spicer, has a personal website at www.seanspicer.com. The website has been turned into a private site, but the WHOIS ...
On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims. Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.
This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment. The PDF variant uses Windows Powershell to install. ...
Continue Reading →One of these URLs will open your Gmail account. The other will take you to a replica phishing landing page to steal your Gmail password. Can you tell which is which?
If you chose the first one as fake, and the second one as genuine, you ...
Continue Reading →
Crypto-ransomware continues to be one of the most popular money making exploits for cyber criminals. The reason for this is simple; its works, and the return on investment is quite high. According to a recent article in Naked Security, the score will reach $1 billion in 2017.
A poll by the IBM company found that nearly 50% of the businesses polled had been hit by ransomware, and of those 70% ...
Continue Reading →
The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.
The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups. But we have ...
Continue Reading →
This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post. Guess which one this is? I’ve been reading the pundits, and considering my own findings as a cybersecurity professional. I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.
One of the hardest types of phishing emails to defend against are those that come from the email account of a friend or trusted business associate, such as your dentist, lawyer, realtor. The sender’s email address is not spoofed, because the malefactor has tricked them into providing their email address password. The bad guys are actually logged into your friend’s email account, and now they are trying to do the same thing to ...
As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short. This was the year, you promised yourself, that we get a handle on computer and network security.
Well it is not too late to get a start, and here is a ...
Continue Reading →