Trending Security Topics

Cybersecurity Awareness Basics

How to avoid identity theft, frauds, scams and more. Click below for more information.

Cybersecurity Basics

 

Advanced Phishing Scenarios You Will Most Likely Encounter This Year

Attackers no longer discriminate their targets with such frequency as in year's past. Today, launching an automated phishing campaign requires very little work for potentially very high ROI. So with no decline to email-driven cybercrime in sight, here are some trends we can expect to see. From “Dark Reading” Eyal Benishti (1/14/2019)
 

Understanding The Problem: What Is CEO Fraud?

CEO fraud is a type of business email compromise (BEC) involving impersonation. In these attacks, a criminal assumes the identity of a CEO or other senior executive within an organization and sends out emails to staff requesting payment—usually via international wire transfer—or the release of account credentials or sensitive information. Scammers look for businesses that have foreign suppliers or that regularly make large payments by bank transfer. These attacks are often highly effective because they’re so meticulously targeted. From “Security Boulevard” (1/18/2019)
 

Apple Phone Phishing Scams Getting Better

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line. From “Krebs on Security” Brian Krebs (1/03/2019)
 

Six Cybersecurity Questions Every Board Should Ask

While it is true that organized criminals are increasingly devising new techniques, most attacks— including those at the largest corporations—are relatively unsophisticated. They succeed because organizations do not take key precautions such as encrypting critical data, implementing timely patches, monitoring access controls, segmenting the network, scheduling data backups and implementing strong password management practices. From “Live Mint” Ravi Venkatesan & Nitin Bhatt (1/14/2019)
 

Ransomware Claims To Fund Child Cancer Treatments

Any CryptoMix victim who emails the attackers, using the contact information contained in the ransom note left on their PC, will receive a message back via a site called OneTimeSecret, sharing the bitcoin wallet to which the victim should send their ransom payment, as well as providing more information about the supposed charity, Coveware says. From “Bank Info Security” Mathew J. Schwartz (1/15/2019)
 

Battling Ransomware: How To Prevent A Ransomware Incident

Cybercriminals like the path of least resistance, so failing to guard against ransomware is like an invitation. Here’s a step-by-step guide for how to prevent ransomware attacks from gaining traction on your network and causing real damage. From “Forbes” Michelle Drolet (1/14/2019)
 

What Is IT’s Role In Cybersecurity?

As a business owner or operator, you share a significant portion of the responsibility, and it's up to you to take ownership over many components of cybersecurity. But some parts of cybersecurity, especially the tech-heavy ones, often fall outside of the realm of business management and into the world of IT. It's essential that you give your IT team – whether that's only one or two people, a large team or an external IT provider – the authority, flexibility and resources to protect your company with a strong program of comprehensive, ongoing cybersecurity. The IT role goes far beyond simply setting up firewalls and installing antivirus software – for example, here are some areas where your IT team is a valuable asset in strengthening your organization's cybersecurity posture. From “Business.com” Andrew Rinaldi (1/14/2019)
 

Personalized Scams

Cyber criminals continue to come up with new and creative ways to fool people. A new type of scam is gaining popularity— personalized scams. Cyber criminals find or purchase information about millions of people, then use that information to personalize their attacks. Below we show you how these scams work and walk you through a common example. The more you know about these scams, the easier it is for you to spot and stop them. From “SANS OUCH! February” Lenny Zeltser (2/06/2019)
 

Data Breach Collection Contains 773 Million Unique Emails

Hunt runs the free Have I Been Pwned service, which enables users to register their email address and receive an alert anytime the email shows up in a data dump that Hunt loads into the service. He says that of the 2.2 million email addresses that users have registered with Have I Been Pwned, about 768,000 of them appear in the Collection #1 breach, and thus his service is sending out that many notifications to affected users. From “Bank Info Security” Mathew J. Schwartz (1/18/2019)
 

DNS Infrastructure Hijacking Campaign

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks. From “US-CERT” (1/11/2019)
 

Search Yourself Online

You most likely have heard how important it is to protect your privacy and the information you share online. To demonstrate this, we are going to try something new; we are going to show you how to research yourself and discover what information is publicly known about you. The process is called OSINT, a fancy way of saying Open Source Intelligence. This means researching public resources online to see how much information you can learn about a computer IP address, a company, or even a person like yourself. Keep in mind, cyber attackers are using these very same tools and techniques. The more attackers can learn about you, the better they can create a targeted attack. This concept has existed for years, but the latest online tools make it so much simpler to accomplish. From “SANS OUCH! January” Nico Dekens (1/09/2019)
 

Microsoft Releases Security Advisor For Exchange Server

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. From “US-CERT” (2/06/2019)
 

Data Privacy Day 2019 Reminds Businesses And Consumers About The Value Of Personal Data And The Need To Protect It (Click link to see full article.)

In this new era of privacy, the National Cyber Security Alliance will underscore the value of personal information by informing businesses about the critical need to respect consumer privacy and safeguard data. Last year, worrisome headlines jolted consumers into reality about protecting personal data. A recent survey indicates that 90 percent of those polled were "very concerned" about their privacy. Our always-connected lives require that we understand how our data is collected, used and shared and what actions to take to better manage our personal information. In addition, businesses of varying industries and sizes must recognize that transparency builds trust and it is critical to communicate clearly, honestly and often about what happens to consumers' personal information. From “PR Newswire” (1/16/2019)