There are a ton of computer scams targeting all types of people. Some come in the form of emails claiming to provide something in exchange for a small sum with the goal of stealing that small sum. Others come as a instant message from a friend’s compromised account asking for financial help due to some bogus emergency. There are too scams many to prevent however we can all come together and start investing efforts to waste spammers time. This way they are not using their time to trick another person. One group that has come together with this goal is the 419 Eater found HERE.
In this post, I’ll show you how I like to have fun messing with spammers. Continue reading →
Comparitech.com wrote a helpful post about Ransomeware. This continues to be a hot security topic hitting many of my customers. For those that don’t know, Ransomware is malware that encrypts your files and holds them for ransome requiring a bitcoin payment to unlock them. The original post can be found HERE.
While ransomware has existed since around 1989, in the form of the “AIDS” trojan which encrypted files on a hard drive and then demanded a payment of $189 to unlock them again, it is only in the last few years that it has become a significant and global threat. Continue reading →
Social engineering is all about abusing trust. Many of the phishing attacks found online have the goal of stealing money using tactics such as requesting money for some bogus lost relative. The average “Millennial” has seen this spam however the people behind these scams are taking a all time low approach by targeting elderly family members who are more likely to fall for these tricks.
This post will cover a scam that some of my coworkers have claimed was targeted at their family. In summary, attackers are levering social media to identify relatives of people, reaching out to their grandparents and asking for money while pretending to be a grandchild in trouble. Continue reading →
If you are in the IT industry, most likely you will need to keep up with technology by obtaining a certification, attending a product training, attending a boot camp or a combination of these. I’ve gone through many different programs and have a few lessons learned that could help you with your future education planning. Continue reading →
Social Engineering is all about tricking somebody into acting a way you want them to act. A common tactic is having them click a link using a phishing attack such as a fake UPS delivery link around Christmas or cloning a popular website such as Facebook. Sometimes a target may question the authenticity of the source attempting to contact them. One way to fake your identity is to use listyourself.net by listing your phone or burner phone as a fake identity used in your social engineering scam. That website is http://www.listyourself.net/ Continue reading →
The Center for Internet Security (CIS) released a new version of their critical security controls white paper. You can download it for free HERE. Topics include best practices for network access control, having a inventory of authorized and unauthorized software, system configuration, vulnerability assessments, administrating role based access controls, email and web best practices, breach detection and so on. This is a really good document to evaluate your current state of security as well as learn some methods to improve your security posture. Continue reading →
Cisco very recently acquired OpenDNS. For those that are not familiar with OpenDNS, they see around 80 billion DNS records a day meaning they can be pretty effective at determining what is a possible threat from a reputation perspective. Customers can point their devices at OpenDNS and enable content filtering along with different threat blocking features. Cisco also just announced that they have integrated other threat intelligence research from ThreatGrid and AMP making the OpenDNS offering much more effective.
I have tried out the free version in the past and now running the Umbrella upgrade. This post will cover my experience with both the free and paid Umbrella offering. Continue reading →
Jai Vijayan from darkreading.com wrote a great article covering the Logjam Encryption Flaw. The original post can be found HERE.
Most major browsers, websites that support export ciphers impacted
More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers. Continue reading →