Archive for the ‘Cyber Security Breach’ Category

 

The Insanity of Your Network – Storing Keys in the Same Place as Everyone Else

Imagine that you have a fleet of dozens of expensive vehicles, and you keep all of their keys in a locked cabinet. There is a master key that opens the cabinet.

You assign your IT team Continue reading ‘The Insanity of Your Network – Storing Keys in the Same Place as Everyone Else’


About Half of All Breaches are Caused by a Contractor or Service Provider

In our experience of auditing after breaches have happened, about half were caused by a service provider working for the company that gets breached. Continue reading ‘About Half of All Breaches are Caused by a Contractor or Service Provider’


Wireless Security is Broken & What You Need to Do

Many organizations rely on a wireless password to protect their Wi-Fi networks. Behind the scenes, that password is used as part of a security protocol called WPA2. An attack, dubbed KRACK, has been announced that breaks that security. Continue reading ‘Wireless Security is Broken & What You Need to Do’


Your Software, such as CCleaner, May Have Backdoors

Can you trust programs you download? Millions of users, including outsourced computer firms, use a program called CCleaner on their own and on customers’ computers. CCleaner just announced that some of its software was compromised and has been stealing data from users’ computers. Continue reading ‘Your Software, such as CCleaner, May Have Backdoors’


Credit Monitoring is Not Enough – You Must Place Credit Freezes to Protect Yourself

Regarding the Equifax breach, the breach affects about half of America’s population, so take action. Experts agree that one of the best things you can do to protect yourself is to place a credit freeze on your credit reports. Continue reading ‘Credit Monitoring is Not Enough – You Must Place Credit Freezes to Protect Yourself’


What You Need to Do to Protect Yourself after the Equifax Breach

You may be one of the 143 million people affected by the Equifax hacking breach that was announced yesterday.

Data stolen may include contact information, dates of birth, driver’s license information, and Social Security numbers. Attackers can make money selling the information to people who could steal your identity and take out loans in your name.

Place a credit freeze on your credit report. To do so, contact all four: Experian, Innovis, Trans Union, and, you guessed it, Equifax. In total, you’ll spend less than $75 to place the freeze.

A credit freeze stops people for gaining access to your credit report. It is difficult for an imposter to borrow money if a lender cannot check a credit report first.

Remember, credit monitoring, though good, sometimes only catches bad things when it is too late.

A security freeze is more effective, and lasts longer, than a fraud alert.

Additionally, watch out for anything odd or abnormal on your bank statements. Download your credit reports every quarter to see what is on them. One way to see your credit reports is to use a service such as annualcreditreport dot com

The FTC gives suggestions about avoiding and handling identity theft at consumer.ftc dot gov/features/feature-0014-identity-theft

Equifax has set up a website equifaxsecurity2017 dot com for people to see if their information was part of the breach. However, many people have been experiencing problems with that website.

Executives – FYI: Reports say that the attack did not result from social engineering. In other words, nobody clicked a bad link in an email. The attackers got in because an Equifax website was insecure. Have you had someone check the security of your website lately? If your site simply displays static information, you are at a much lower risk than if your site has a place for someone to login and/or look up information via your site.

Reports say that the breach may have happened as early as May, and Equifax discovered the breach on July 29. The time between when attackers compromise a system, and when it is discovered, is called dwell time. The best thing to do is to stop hackers from getting in to begin with. Keep security a top priority at your organization! The attackers are counting on you to overlook important steps.

Please forward this to anyone you care about…


Protect Yourself and Your Organization – New Ransomware Outbreak with Added Poison

A new strain of Ransomware, dubbed P e t y a, is gaining momentum infecting companies and home users. Worst of all, in addition to holding files ransom until you pay up, it appears to be infiltrating corporate networks to steal usernames and passwords too. Be sure that you: Continue reading ‘Protect Yourself and Your Organization – New Ransomware Outbreak with Added Poison’


Patching – 10 Steps to Seal the Holes in Your Armor

You’ve likely heard of the massive ransomware attack that has taken down so many organizations, including hospitals, around the world. The ransomware appears to have exploited a bug for which Microsoft released a fix a little over a month ago. Follow these 10 steps to help protect your organization from this, and from future attacks: Continue reading ‘Patching – 10 Steps to Seal the Holes in Your Armor’


The Google Scam Shows How, If someone You Know Gets Hacked, it can Make You Look Bad Too.

The Google scam: If anyone receives an email that contains a link to Google Doc, do not click on the link. Even if the email appears to be from someone they know and trust. Google did not get hacked, but someone else who has your email address in their contact list probably did. Anyone who clicked on that link needs to go to https://myaccount.google dot com/permissions and remove the one called Google Docs

This kind of stuff happens all the time, not just to Google, but to other unsuspecting people.

If someone receives an email that appears to have been sent by you, and the email contains a malicious link, lots of people would think it was your fault. There is a good chance that you did not get hacked, just like Google did not get hacked, but you may get blamed anyway. What probably happened is that one of your friends, or at least someone who has you in their contact list, got hacked. Then the attacker chose to send the malicious message, that appeared to be from you, to all the other contacts stored in that person’s contact list.

Spread the word encouraging the people you know to be sure they are secure, since, if someone you know gets hacked, it can make you look bad too.

And, tell others that, when they receive a malicious email message that appears to be from someone they know, that person they know may not have been hacked.

For your own protection, forward this message to everyone who may have you in their address book.


Attackers Are Using Mobile Devices as a Bridge into Your Network

A newly discovered virus, called Milky Door, permits attackers to connect to your organization’s network through apps on mobile devices. The users have no idea their mobile device is being used in this way. Continue reading ‘Attackers Are Using Mobile Devices as a Bridge into Your Network’