WyzGuys Cybersecurity

Sunday Funnies – Ghost Code

I run into this situation all the time when pen-testing.

Me: “I found this system that is running Windows XP, you need to decommission this one.”

Client: “We can’t, that system is running a custom Access application that was written by a former employee. He left the company 10 years ago and nobody knows to to update his code.”

Later we discover the system has been hijacked for years and is hosting stolen identity documents, and spamming the customers of a French ISP.

Continue Reading →

29
MAR

0

Share

Sunday Funnies

I have been getting this question a lot lately. Quick answer, it is unlikely, so no it won’t break the Internet. But is is changing usage from downtown areas to suburbs. See the map. From Tech Republic.

Remote ...

Continue Reading →

28
MAR

0

Share

certification, critical infrastructure, education, ransomware, training, Weekend Update, Windows 10

coronavirus, COVID-19, Russian election meddling

Reducing Risk When Deploying IoT Devices in Business

The Internet of Things (IoT) has given us a plethora of exciting and helpful computer driven devices. But the state of IoT security remains a dumpster fire. As these devices appear in the workplace, businesses are often failing to consider the impact these poorly secured devices have on their carefully crafted cybersecurity programs. Every one of these devices represents a ...

Continue Reading →

27
MAR

0

Share

cybersecurity, Internet of Things, Security

industrial control systems, SCADA

The Danger of Sub-Domain Hijacking

Here is a frightening twist on your typical domain name spoofing. Attackers have found ways to reuse legitimate sub-domains of well know business entities such as Microsoft and other companies to seed phishing email links with authentic sub-domains.

What is a sub-domain?

Anyone person or business that has a registered domain name can create any sub-domain they would like on the main domain that ...

Continue Reading →

25
MAR

1

Share

account hijacking, cybersecurity, Phishing, social engineering

Fake SpyHunter Phish Example

I got this email, which is most certainly a phishing email, touting the legitimate anti-malware product SpyHunter. The image of the email is below.

Part of safely working from home is to be aware of these types of approaches, and alerting your IT staff to these before you click to open them. Do not belief emails appearing to come from recognized authorities, like the CDC, or event your own company or ...

Continue Reading →

23
MAR

0

Share

Phishing, social engineering

Sunday Funnies – Algorithm and TP

What is an algorithm exactly? They are used in cryptography to encrypt a message. We hear the word used all the time, but what is it?

noun

noun: algorithm; plural noun: algorithms

a process or set of rules to be followed in calculations or other problem-solving operations, especially by a computer.

Continue Reading →

22
MAR

0

Share

Sunday Funnies

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Ethical hackers swarm Pentagon websites

Sounds like cyber-war! Is it the Russians? Hackers are crawling all over the US Department of Defense’s websites – and DoD officials are quite happy about the whole thing. It’s pen-testing, baby.

Adventures in Penetration Testing – Breaking into Prison

Black Hills Information Security, and owner John Strand ...

Continue Reading →

21
MAR

0

Share

account hijacking, cybersecurity, social engineering, Software vulnerability, Weekend Update

pen-testing, penetration testing

Guest Post – Why Should Data Security Be Your Top Priority

Have you or your business been a victim of data theft? Would you even know if you were? In this world where almost everything is accessible online, data security has become a global issue. Many criminal minds have surfaced throughout the years, using their skills in technology to illegally make money at the expense of other people’s information online. In ...

Continue Reading →

20
MAR

0

Share

cybersecurity, Identity Theft

VPN

FBI Reports Email Account Hijacking Is Still Number One

The FBI’s 2019 Internet Crime Report, came out February 25. Email account hijacking, or Business Email Compromise (BEC) is the top money maker for cyber-criminal groups, earning them an estimated $1.776 BILLION with a B. CEOs of companies are top targets for this exploit, and usually it begins with a phishing email.

Even though ransomware is the big noisy topic, in terms of dollar losses, it is not even in the top ten, although a lot of expenses and costs ...

Continue Reading →

18
MAR

0

Share

account hijacking, Computers and Internet, cybersecurity, law and policy, Phishing, ransomware