Is your computer technology Managed Service Provider (MSP) the weakest link in your supply chain security program? Are they the easiest point of entry for an attacker? Your contracted tech support provider holds keys to your computer network that are coveted by cyber-attackers. MSPs are commonly targeted by cyber-criminal groups and other bad actors because MSPs have ...
Tuesday, March 31 is World Backup Day. Wednesday April 1st is “I don’t backup day.” It is also April Fool’s Day. Is there a connection?
In the era of crypto-ransomware attacks, backup is considered one of the cornerstones of a good cybersecurity program. Having a automatic backup system, and full set of recent and tested backups is critical for businesses of any size. Current ransomware exploits often will encrypt network attached backup solutions too. Would your current ...
Continue Reading →I run into this situation all the time when pen-testing.
Me: “I found this system that is running Windows XP, you need to decommission this one.”
Client: “We can’t, that system is running a custom Access application that was written by a former employee. He left the company 10 years ago and nobody knows to to update his code.”
Later we discover the system has been hijacked for years and is hosting stolen identity documents, and spamming the customers of a French ISP.
A quick Saturday digest of cybersecurity news articles from other sources.I have been getting this question a lot lately. Quick answer, it is unlikely, so no it won’t break the Internet. But is is changing usage from downtown areas to suburbs. See the map. From Tech Republic.
The Internet of Things (IoT) has given us a plethora of exciting and helpful computer driven devices. But the state of IoT security remains a dumpster fire. As these devices appear in the workplace, businesses are often failing to consider the impact these poorly secured devices have on their carefully crafted cybersecurity programs. Every one of these devices represents a ...
Here is a frightening twist on your typical domain name spoofing. Attackers have found ways to reuse legitimate sub-domains of well know business entities such as Microsoft and other companies to seed phishing email links with authentic sub-domains.
Anyone person or business that has a registered domain name can create any sub-domain they would like on the main domain that ...
Continue Reading →
I got this email, which is most certainly a phishing email, touting the legitimate anti-malware product SpyHunter. The image of the email is below.
Part of safely working from home is to be aware of these types of approaches, and alerting your IT staff to these before you click to open them. Do not belief emails appearing to come from recognized authorities, like the CDC, or event your own company or ...
Continue Reading →What is an algorithm exactly? They are used in cryptography to encrypt a message. We hear the word used all the time, but what is it?
A quick Saturday digest of cybersecurity news articles from other sources.Sounds like cyber-war! Is it the Russians? Hackers are crawling all over the US Department of Defense’s websites – and DoD officials are quite happy about the whole thing. It’s pen-testing, baby.
Black Hills Information Security, and owner John Strand ...
Continue Reading →
Have you or your business been a victim of data theft? Would you even know if you were? In this world where almost everything is accessible online, data security has become a global issue. Many criminal minds have surfaced throughout the years, using their skills in technology to illegally make money at the expense of other people’s information online. In ...