Corporate Execs Fear the Phish

A recent report says that 75% of corporate executives believe what 100% of cybersecurity professionals know:  phishing emails represent the greatest cyber-threat to business computer systems and networks.  Humans are still the weakest link in the cybersecurity chain.  Cybersecurity awareness training and simulated phishing testing is seen as the most effective way to improve detection and avoidance in employees.  To be truly effective training frequency should happen quarterly, but often ...

Continue Reading →
0

When Penetration Testing Goes Wrong

When I am speaking or training, and the subject turns to penetration testing, I make certain to explain to the class or audience that nearly everything a pen-tester does violates federal laws.  For starters, there is the Computer Fraud and Abuse Act.  There are many other computer laws at both the federal and state levels.

Penetration testing takes a vulnerability assessment to the ...

Continue Reading →
2

Sunday Funnies – Defrag This

Found this on Pinterest.  Did you know that defragmenting a hard drive or HDD ( the old spinning magnetic platter kind) is not necessary?  The newer Windows operating systems since Windows 7 do that automatically in the background when your computer is on but inactive.

And defragging a SSD or solid state drive DAMAGES the flash memory chips.  So just ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Detecting Credit Card Skimmers

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There’s now an app that can detect them:

The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana ...

Continue Reading →
0

Authentication Without Passwords

The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack.  Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad.  Passwords ...

Continue Reading →
0

Ransomware Mitigation – Texas Shows How It Is Done

We recently wrote about the upsurge in ransomware attacks, and one of the examples in that article was the recent attack on about two dozen governmental and educational networks in the state of Texas.  Texas was initially tight lipped about what they were doing to mitigate the attack, in an effort to prevent the attackers from learning about their defensive strategies and systems, and adapting their ...

Continue Reading →
1

Ransom Variants Target Linux Servers

No one is immune from cyber-attacks anymore, and that includes Apple and Linux systems.  Lately there has been a lot of activity around crypto-ransomware attacks against Linux servers.  When you consider that a very large percentage of servers working on the Internet are running Linux under the hood, this is a critical issue.

February 2019 brought us the ransomware variant B0r0nt0k, which encrypted server contents and then demanded as much as ...

Continue Reading →
0
Page 105 of 272 «...8090100103104105106107...»