Archive for the ‘Security Breach’ Category


773 Million Passwords Exposed – Were You Exposed?

Today Troy Hunt announced that a collection of 773 million usernames and passwords were released. This release of passwords, dubbed Collection #1, contains usernames and passwords
Continue reading ‘773 Million Passwords Exposed – Were You Exposed?’

Watch for Threatening Email Messages that Contain Your Actual Passwords

You may receive a threatening email message that shows you your actual username and password. The attacker may demand you pay them 2900, or some other significant amount. They threaten horrible things if you do not pay. Continue reading ‘Watch for Threatening Email Messages that Contain Your Actual Passwords’

Protecting and Restricting iPads, iPhones, and Android Devices

Because many families, and business professionals, received new tablets for the holidays, it is important to consider security. Families, as well as businesses, may choose to restrict permissions on devices. Here’s how: Continue reading ‘Protecting and Restricting iPads, iPhones, and Android Devices’

About Half of All Breaches are Caused by a Contractor or Service Provider

In our experience of auditing after breaches have happened, about half were caused by a service provider working for the company that gets breached. Continue reading ‘About Half of All Breaches are Caused by a Contractor or Service Provider’

Your Software, such as CCleaner, May Have Backdoors

Can you trust programs you download? Millions of users, including outsourced computer firms, use a program called CCleaner on their own and on customers’ computers. CCleaner just announced that some of its software was compromised and has been stealing data from users’ computers. Continue reading ‘Your Software, such as CCleaner, May Have Backdoors’

What You Need to Do to Protect Yourself after the Equifax Breach

You may be one of the 143 million people affected by the Equifax hacking breach that was announced yesterday.

Data stolen may include contact information, dates of birth, driver’s license information, and Social Security numbers. Attackers can make money selling the information to people who could steal your identity and take out loans in your name.

Place a credit freeze on your credit report. To do so, contact all four: Experian, Innovis, Trans Union, and, you guessed it, Equifax. In total, you’ll spend less than $75 to place the freeze.

A credit freeze stops people for gaining access to your credit report. It is difficult for an imposter to borrow money if a lender cannot check a credit report first.

Remember, credit monitoring, though good, sometimes only catches bad things when it is too late.

A security freeze is more effective, and lasts longer, than a fraud alert.

Additionally, watch out for anything odd or abnormal on your bank statements. Download your credit reports every quarter to see what is on them. One way to see your credit reports is to use a service such as annualcreditreport dot com

The FTC gives suggestions about avoiding and handling identity theft at consumer.ftc dot gov/features/feature-0014-identity-theft

Equifax has set up a website equifaxsecurity2017 dot com for people to see if their information was part of the breach. However, many people have been experiencing problems with that website.

Executives – FYI: Reports say that the attack did not result from social engineering. In other words, nobody clicked a bad link in an email. The attackers got in because an Equifax website was insecure. Have you had someone check the security of your website lately? If your site simply displays static information, you are at a much lower risk than if your site has a place for someone to login and/or look up information via your site.

Reports say that the breach may have happened as early as May, and Equifax discovered the breach on July 29. The time between when attackers compromise a system, and when it is discovered, is called dwell time. The best thing to do is to stop hackers from getting in to begin with. Keep security a top priority at your organization! The attackers are counting on you to overlook important steps.

Please forward this to anyone you care about…

Fix A Computer in Minutes and It Works Almost Every Time

I was stranded in the Portland airport last night because of a mechanical failure on the first flight. You’ve had similar situations for sure. What would your travel experience be like if the airlines could immediately reset a plane to be brand new if it breaks? Continue reading ‘Fix A Computer in Minutes and It Works Almost Every Time’

Patching – 10 Steps to Seal the Holes in Your Armor

You’ve likely heard of the massive ransomware attack that has taken down so many organizations, including hospitals, around the world. The ransomware appears to have exploited a bug for which Microsoft released a fix a little over a month ago. Follow these 10 steps to help protect your organization from this, and from future attacks: Continue reading ‘Patching – 10 Steps to Seal the Holes in Your Armor’

The Google Scam Shows How, If someone You Know Gets Hacked, it can Make You Look Bad Too.

The Google scam: If anyone receives an email that contains a link to Google Doc, do not click on the link. Even if the email appears to be from someone they know and trust. Google did not get hacked, but someone else who has your email address in their contact list probably did. Anyone who clicked on that link needs to go to dot com/permissions and remove the one called Google Docs

This kind of stuff happens all the time, not just to Google, but to other unsuspecting people.

If someone receives an email that appears to have been sent by you, and the email contains a malicious link, lots of people would think it was your fault. There is a good chance that you did not get hacked, just like Google did not get hacked, but you may get blamed anyway. What probably happened is that one of your friends, or at least someone who has you in their contact list, got hacked. Then the attacker chose to send the malicious message, that appeared to be from you, to all the other contacts stored in that person’s contact list.

Spread the word encouraging the people you know to be sure they are secure, since, if someone you know gets hacked, it can make you look bad too.

And, tell others that, when they receive a malicious email message that appears to be from someone they know, that person they know may not have been hacked.

For your own protection, forward this message to everyone who may have you in their address book.

Your iPhone and iPad are in Danger

If you use Apple products, here is what to do to protect yourself. By now, you’ve probably heard that attackers have told Apple that they have access to millions Continue reading ‘Your iPhone and iPad are in Danger’