Trending Security Topics

Cybersecurity Awareness Basics

How to avoid identity theft, frauds, scams and more. Click below for more information.

Cybersecurity Basics

OUCH! Newsletter: Four Simple Steps To Staying Secure

Making the most of technology safely and securely can seem overwhelming and confusing. However, regardless of what technology you are using or how you are using it, here are four simple steps that will help you stay secure.

From “SANS OUCH Newsletter” Steve Anson (10/02/2019)

New Evasive Spear Phishing Attacks Bypass Email Security Measures

Evasive attacks differ from traditional spear phishing in the attacker's time- and resource-intensive techniques. Adversaries "typically spend months and months researching and gathering intelligence to make sure their attack is going to be as under the radar as possible," Henderson said. And by under the radar, he means by users and security technology.

From “Search Security” Katie Donegan (09/18/2019)

‘Vendor Email Compromise’: A New Attack Twist

A newly discovered cybercriminal gang is putting a twist on business email compromise scams by initially targeting vendors or suppliers with phishing emails and then sending realistic-looking invoices to their customers in order to steal money.

From “Bank Info Security” Scott Ferguson (10/02/2019)


Small Business Cyber Security Guide

This Australian Small Business Cyber Security Guide has been specifically designed for small businesses to understand, take action, and increase their cyber security resilience against ever-evolving cyber security threats. The language is clear, the actions are simple, and the guidance is tailored for small businesses.

From “Australian Cyber Security Centre” Jim Kreidler (10/10/2019)


Alexa And Google Home Devices Can Be Exploited To Eavesdrop On Users, Phish Passwords

The app plays a phishing message which requests sensitive information. For instance: “An important security update is available for your device. Please say start update followed by your password.” Amazon and Google’s digital assistants would never ask you to say your password out loud, of course, but it’s easy to imagine how some users might find this convincing.

From “Bitdefender” Graham Cluley (10/21/2019)


FTC Refunds: The Real Deal Or Not?

If you lost money in a scam, you might get a call or email from someone claiming that they can help you recover your funds – if you pay them, hand over personal information, or allow them remote access to your computer. Don’t do it!

From “Federal Trade Commission” Nicole Christ (10/08/2019)


What Is A Zero-Day Vulnerability?

A zero-day vulnerability is a flaw in a piece of software that is unknown to the programmer(s) or vendor(s) responsible for the application(s). Because the vulnerability isn't known, there is no patch available. In other words, the vulnerability has been discovered by someone who isn't directly involved with a project. The term zero day refers to the days between the time the vulnerability was discovered and the first attack against it. After a zero-day vulnerability has been made public, it is then referred to as an n-day vulnerability.

From “Tech Republic” Jack Wallen (10/18/2019)


New Attack Convinces Receiver To Retrieve Junk Or Quarantined Emails

New York City-based cloud security platform provider Avanan discovered a new attack so convincing, users are pulling phishing emails out of the junk folder or asking IT to unquarantine them. Typically, the hacker selects an email chain where there is an attachment or a request to respond. Impersonating that user, the hacker then hijacks the email thread, replies to the earlier messages, and attaches a malicious .DOC file that appears to relate to the subject of the thread.

From “Credit Union Times” Roy Urrico (10/07/2019)


Cybersecurity At Work Is Everyone’s Business! (Click link to see full article.)

According to the 2018 Verizon Data Breach Investigations Report, 58% of cyberattack victims were small businesses (organizations with fewer than 250 employees). Many small and medium-sized businesses (SMBs) think that the data they have or have access to does not have value. Nothing could be further from the truth. All data is valuable.

From “National Cyber Security Alliance” (10/21/2019)