I will be giving this presentation for the first time a Joule. If you are curious about the Dark Web and would like to see what it is all about, sign up for this presentation here.
George Latimer Central Library – Nicholson WIN Center 3rd Floor
90 W 4th Street Saint Paul, MN 55102
Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users). Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users. Sometimes we allow our ...
There are members of the cybersecurity profession who say that Cybersecurity Awareness Training is a waste of time and money, because the average computer user just doesn’t care or can’t retain technical information. To them, I repeat a quote from Eppie Lederer aka Ann Landers – “If you think education is expensive – try ignorance.” I firmly believe that one of the best returns on investment in the cybersecurity realm is Cybersecurity Awareness Training for your employees.
You and your employees are ...
Continue Reading →We are a big proponent of cybersecurity awareness training for your employees. Humans are always the weakest link in the cybersecurity chain, so enlisting your employees in the fight against cyber-attacks has to begin with some basic training, and ideally continue with periodic refreshers, and activities like phishing simulation exercises.
Today’s infographic is a guest post by security training firm Everycloud Technologies.
In our last post we looked at a great way to set up a pen-testing lab. Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites. Several have been provided by OWASP, and there are other contributors out there with multiple sites. Here are a bunch of good options.
Continue Reading →
I have been fortunate to have had time to pursue a couple of information technology certifications recently. I have added CompTIA’s Network+ and CASP (Certified Advanced Security Professional), and I am working on the brand new CompTIA Pentest+. The certification is so new there are no text books yet, and the exam was just released on July 31. I have been taking the ...
A quick Saturday digest of cybersecurity news articles from other sources.The file type used by Windows 10’s settings page can be used to trick Windows into running files it’s supposed to block.
87% of companies experienced an ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.Looking to run a phishing attack against your team? Here’s a article from Infosec institute on the top 9 free phishing simulation products.
Your Nigerian Prince is a 67 year old from LouisianaSure looks like a prince to me. Like Prince Charles. (Those ...
Continue Reading →
Email security company Mimecast recently released its Email Security Risk Assessment, and found that email account hijacking is the fastest growing threat vector. Also known as impersonation attacks, email account hijacking allows an attacker to impersonate the person whose account has been compromised. This is the vehicle used in wire transfer fraud, invoice fraud, and other financial frauds. Some of the statistics in the report were enlightening. From ...
People often ask me if it is dangerous to simply open an email, if it is possible to get a malware inflection just by reading an email. My answer has been a qualified “not at this time.” Unfortunately, this is no longer true. It is possible to get a malware installation from the new DDE (Dynamic Data Exchange) exploits reveal by Sophos Labs on October 13 2017. This can be accomplished without an attachment or link if the email is ...
Continue Reading →