Let LastPass manage your passwords (you have other things to think about today).
We have too many passwords. Keeping track of them mentally or on Post-It notes does not work. Keeping them in a Microsoft Word document is also troublesome. If you change a password and fail to update the document, then the record becomes wrong. Next time you go to that website and use the password in your Microsoft Word document, it won’t work. You did not update the document. Let me introduce LastPass.
Several companies have solutions. I use LastPass, which lets you create a vault that holds all your passwords. You don’t have to remember what LastPass stores in the vault. You only have to remember the master password to access the vault. The ... Read More
2-factor Authentication helps protect your identity.
You should deploy 2-factor Authentication. This increases your security and reduces your chances of becoming an identity theft victim. Most services encourage 2-factor Authentication and let you deploy it at no additional cost.
Here's a quick question for you.
When attempting to access a website, the website can challenge you based on:
A) What you know (e.g. password).
B) Who you are (e.g. fingerprints).
C) What you have (e.g. phone).
D) All of the above.
Correct answer: D.
How it looks in real life.
Daisy runs a dental office in Folsom, CA. Keeping the practice up and running is her top priority. She runs most of her patient, insurance and vendor communications through her Gmail account. She deploys 2-factor Authentication with the steps at https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome. She keeps her smartphone nearby. ... Read More
Did you know your multifunction printer has its own backdoor WIFI?
Allen called me one day and said his printer was printing nonstop garbage. He wasn’t printing anything, but somebody was printing through WIFI. This print job was consuming his toner and paper. How did this happen?
I told Allen that in addition to joining your multi function printer to your office or home WIFI, you’ll find the printer broadcasts its own WIFI signal. You, or anybody close enough to the printer, can hop on that printer through that WIFI. A hacker could then cause mischief, including changing the printer’s IP addresses or printing large print jobs that consume paper and toner. I am showing you how to identify your printer’s WIFI, and how to secure it.
Assumptions
... Read More
Extortionists demand money even though no agreement made
Anyone who depends upon good public opinion can be vulnerable to orchestrated bad word-of-mouth, especially in the form of online reviews.
Podcasters are being targeted by extortionists who threaten to swamp their shows with negative reviews, according to Mark Asquith at Rebel Base Media. Asquith cites one recent case in which a scammer reached out to a podcaster on social media and offered to promote their show.
When the podcaster expressed interest, the scammer didn’t respond for several days. After that, the scammer sent a message informing the target that they’d been promoting the target’s podcast for the past few days. The scammer then demanded hundreds of dollars in payment for this supposed service. “No agreement had even been discussed, ... Read More
New Cybersecurity best practices
In December 2018, the Department of Health and Human Services (HHS) published the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. This new directive offers cybersecurity best practices that healthcare organizations of any size can implement. Originally posted by Fred Langston CISSP, CCSK at CI.Security.
I’ve been doing health industry cybersecurity for a long time, which has led to my involvement in helping to craft cybersecurity policy for the healthcare industry. One of my first experiences was back in 1996, when I was part of the working group that provided guidance on the proposed HIPAA Security Rule. That rule established certain standards for security moving forward. The resulting risk-based approach was meant to allow the vastly different types and sizes ... Read More
Water utilities are popular targets
It wasn't the first time the Fort Collins-Loveland Water District and its wastewater counterpart had been hit by "ransomware," a type of malware that encrypts victims' computer files and demands online payment to unlock them.While operations weren't harmed, the infection prompted the water district to switch out its information technology service provider and call in the FBI. The case, first reported by the Coloradoan, remains under active investigation. FCLWD and the South Fort Collins Sanitation District treat and distribute water to 45,000 customers in northern Colorado.Colorado water officials aren't alone in their cybersecurity woes. The nation's nearly 70,000 water and wastewater utilities are struggling to keep their heads above a rising tide of online threats, based on interviews with security experts ... Read More
Social engineering led to potential kidnapping
Social engineering and impersonation attacks can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.
Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.
“That individual is very, very close to ... Read More
Malicious links on otherwise honest web pages
Webroot revealed the results of their 2019 Threat Report, showing that tried-and-true attack methods are still going strong, but new threats emerge daily, and cybercrime is highly innovative. This includes adding malicious URLs (web page addresses) as links on legitimate sites.
Hal Lonas, Webroot's CTO said: “We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, ... Read More
Robocall scams more prolific than ever
Robocall spam has surged to 12 billion calls per month globally. Bank account, credit card and extortion are common scams, according to Hiya, a company that makes apps to fend off unwanted calls.
According to Hiya's first Global Robocall Radar Report, global spam calls grew 325 percent from a year ago to 85 billion. Hiya's estimate is based on an analysis of 12 billion calls per month globally.
UK, Spain, Italy, France and Argentina were the countries with the most robocalls. Like spam, robocalls have proliferated because scammers get just enough victims to rake in profits. The Federal Communications Commission and Federal Trade Commission have been looking at ways to curb robocalls, which are one of the top consumer complaints in the U.S.
The ... Read More
Cyber attacks are dirt cheap
Deloitte says the cost of committing a cyber attack is so surprisingly low that anyone can afford to be a bad guy. When you picture a cybercriminal organization today, you should be thinking about a group of individuals who run their operations like a business; concerned with profit and loss, looking for ways to execute as inexpensively as possible, while yielding the largest return. But what you don’t necessarily need to have in that vision is an organization with a large cash reserve.
According to Deloitte’s newest report, Black-market ecosystem: Estimating the cost of “Pwnership”, the cost of running a campaign is so low, it’s downright reasonable as a business model for even the smallest cybercriminal business.
Some cyber attack examples from the report ... Read More