Replacements for Passwords

I have been saying for some time now that passwords by themselves are no longer an effective form of security.  Too easy to hack, too easy to crack.  Currently my go to recommendation is any form of two-factor authentication.  Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.

On the horizon there are other authentication options that may replace passwords entirely.  Here are a few:

  • DNA ...
Continue Reading →
7
JUN
0

authentication, cybersecurity, multi-factor authentication, passwords

ISSA Survey Results – Cybersecurity Burnout

Recently the ISSA (Information Systems Security Association) released the results of a survey they took in December 2018.  There is a shortage of qualified cybersecurity professionals; not enough people are entering the field, and those with ten or more years of experience may be leaving the field due to stress, lack of a career path, and ineffective mentoring.

The survey ...

Continue Reading →
5
JUN
0

Computers and Internet, cybersecurity, News and politics, training

Anubis Banking Trojan Using Google Play and Telegram App

The powerful Anubis banking Trojan is showing up in the Google Play Store in other apps. Currently, Anubis is masquerading as a battery saver and currency converter.  This Android banking Trojan launches a fake app overlay screen when the user opens the app. The user enters his or her account credentials into the fake overlay, which allows the Anubis malware to steal the data. Anubis can imitate 377 financial apps used ...

Continue Reading →
3
JUN
0

Android, cybersecurity, ransomware, Trojan

Weekend Update

A quick Saturday digest of cybersecurity news articles from Bruce Schneier.

Why We Can’t Give the Cops Encryption Back Doors

Bruce Schneier explains once again why encryption back doors for cops means back doors for crooks too.  “The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists ...

Continue Reading →
1
JUN
0

cybersecurity, encryption, Identity Theft, Weekend Update

North Koreans At It Again with ELECTRICFISH

US-CERT and CISA recently released a warning about a new tunneling malware application that the North Korean cyber operations group is using to move information from one computer to another, in order to exfiltrate that data. You can read about it at Malware Analysis Report (AR19-129A) MAR-10135536-21 – North Korean Tunneling Tool: ELECTRICFISH

“This report provides analysis of one malicious 32-bit Windows executable file. The malware implements a custom protocol that allows traffic to be tunneled between ...

Continue Reading →
31
MAY
0

cybersecurity

Does Microsoft’s Office365 Cloud Service Have Security Flaws?

Have you recently migrated to Microsoft Office 365 for your company email services?  US-CERT and CISA recently released  Analysis Report (AR19-133A) Microsoft Office 365 Security Observations that described several security flaws or weaknesses inherent in the default deployment of O365.

Here are the findings of that report.  The good news is that these are shortcomings with the default, out-of-box experience.  These issues can be corrected through configuration.  For ...

Continue Reading →
29
MAY
0

cybersecurity, email, Software vulnerability

, ,

Guest Post – The Definitive Guide To VPNs – Part 4

Last week we took a deeper look at VPN services courtesy of a guest post from The Gadget Enthusiast.  This article concludes the series.

VPN and Torrenting

Torrents are just the files that contain the information related to other files and folders that are distributed across the computers. For example, if you want to download a movie using torrent, then a ...

Continue Reading →
27
MAY
0

Computers and Internet, cybersecurity, encryption

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Update Your TOR Browser

Update your Firefox to version 66.0.4 and your TOR browser to version 8.0.9 to fix the problem with intermediate certificate verification.

FTC Releases Article on Keeping Children Safe Online

Original release date: April 26, 2019

The Federal Trade Commission (FTC) has released an article with tips for parents to keep their ...

Continue Reading →
25
MAY
0

cybersecurity, NSA, passwords, Weekend Update

,

Page 4 of 161 «...23456...»