Data Limitation Laws?

Data Limitation Laws?

It is usually not a good idea for lawmakers to get involved in cybersecurity beyond a certain point.  The reason for this is that lawmakers do not have an understanding of the technology that they are legislating. Case in point:  Australia is quickly enacting legislation that will require companies like Apple and Facebook to provide a way for law enforcement to read encrypted data.  This sounds nice on the surface because law enforcement can go after the bad guys easier.  But this law will be a boon for hackers because the encryption will be less secure.  There will be a … Read more

Passwords Suck and Will Go Away - Here's How

Passwords Suck and Will Go Away – Here’s How

Why Passwords Suck Usernames and Passwords are not secure by nature.  Usernames and Passwords are controls that rely on “Something you know.”  Knowledge is easily transferable, and therefore, passwords are not secure. No amount of security training will eliminate or overcome human nature.  It is human nature to make passwords we can easily remember.  Passwords that are easy for us to remember are also easy for people to guess.  Passwords are also used over and over again on multiple accounts – bank accounts, email accounts, work accounts, etc. Worse yet, passwords our often openly shared among trusted individuals like family … Read more

Are Dark Web Scans Effective?

Are Dark Web Scans Effective?

The Dark Web is Anonymous The dark web is a scary place.  It is a network of websites teeming with illegal activity.  It is a secret place where visitors protect their identity by using techniques to keep identifying information (Like their IP address) hidden. There are several methods that people use to keep themselves anonymous when accessing the dark web.  You need to use the TOR browser to access the dark web. What can be Found on the Dark Web? As far as illegal stuff – you name it, and it can be found on the dark web.  Related to … Read more

Hardware Encryption

Why Hardware Encryption is Not Secure

Hardware Encryption is not Secure A Little History… In the past, it was assumed that hardware encryption is far more secure than software encryption.  Many people, including security experts, still believe this to be true.  And in the past, it was true. But recent history has proven that hardware encryption is highly vulnerable.  The widely published recently discovered hardware encryption vulnerabilities include Spectre and Meltdown.  Both Spectre and Meltdown exploit flaws in processors. Our good friend Steve Gibson has also outlined severe security vulnerabilities in a hardware-encrypted solid-state drive (SSDs).  Every SSD that researchers have examined has been found to … Read more

Murder By Hacking

Murder by Hacking

When Hackers Kill Hackers have already – perhaps many times- have contributed to death by hacking into secure systems and releasing information.  This information has lead to the loss of life in many different ways, including suicide and murder. But hacking has now evolved to the point that cybercriminals can use computers to negatively affect and damage the physical world, including the murder of individuals and groups. Hackers have the power of mass-murder in their hands right now. Using malware to affect the physical environment is nothing new.  One of the most famous cases is the Stuxnet virus that was … Read more

What is Zerodium?

What is Zerodium?

Zerodium is a reputable place where you can sell zero-day exploits. Hackers and security researchers know that Zerodium is a way to cash in on vulnerabilities that they discover in operation systems, software and hardware, and devices. There are several ways that you can make money from discovering vulnerabilities.  You can disclose the vulnerability to the software or hardware vendor.  Many companies offer a “Bug Bounty” program where they pay for such discoveries.  It is the “White Hat” thing to do.  You can sell the exploit on the black market.  If you do this, your exploit will undoubtedly be used … Read more

What is Persian Stalker?

What is Persian Stalker?

Persian Stalker is targeting Iranian social media accounts. The “group” has been around since 2017, and they have been observed targeting social media accounts.  Specifically, this group focuses on gaining access and control of Instagram and Telegram accounts. Telegram is a popular service with about 40 million users.  Telegram is a communication app that has been used to organize protesters in Iran.  Of course, the Iranian government is not a fan of this service.  The Iranian government has actively requested that certain services and channels be shut down.  As far as we know, the Iranian government has not engaged in … Read more

Avoid data breach Phishing

Phishing attacks up by 300% in 2018

According to “The Retail and eCommerce Threat Landscape Report” from October 2018, there is a 297% increase in the number of phishing websites that target online retail businesses and customers of these businesses.  There is an average of 23 phishing sites for each retail company included in the study.  In 2017 the data showed that there were only 5.9 phishing websites per company. A report illustrates how cybercriminals are increasingly targeting retailers and their customers through digital and social channels as retailers leverage new channels  for increased revenue opportunities “The Retail and eCommerce Threat Landscape Report” (October 2018), notes a … Read more

More data shows that Americans are lackadaisical about security.

More data shows that Americans are lackadaisical about security.

A new research report Published by cybersecurity specialists, BestVPN.com, shows the state of online privacy in the United States. BestVPN surveyed 1,000 U.S. consumers to comprehend the state of online privacy in 2018. The report reveals a significant knowledge gap and suggests that, despite their fears, US citizens are not protecting themselves against the ever-growing amount of cyber-threats. In light of the 2018 information breaches and revelations, consumers were asked to detail their cyber hygiene habits. There is a significant distrust of social media platforms; 45% of consumers report feeling uncomfortable about using platforms that track and sell their information. … Read more

North Korean Cryptocurrency Scam Efforts - Marine Chain

North Korean Cryptocurrency Scam Efforts – Marine Chain

Experts think that the infamous North Korean hacker group Lazarus accounts for targeted strikes against five cryptocurrency exchanges. North Korea’s burgeoning cyber military seems to have especially honed its assault abilities to attack cryptocurrency-related organizations. In the face of mounting and crippling international sanctions, Pyongyang’s many hacker groups have adopted cryptocurrency-focused malicious attempts as an effective way of generating income to the reclusive country. Security specialists at Group-IB consider that the infamous North Korean Hacker group Lazarus accounts for targeting strikes against five cryptocurrency exchanges. According To security researchers in Recorded Future, even as Pyongyang’s ruling elite have gotten better … Read more

City of Westhaven Connecticut Pays $2K in Ransomware Extortion

City of Westhaven Connecticut Pays $2K in Ransomware Extortion

Another successful ransomware attack…. The City of West Haven, Connecticut made the tough decision to pay hackers $2,000 in ransom money after a ransomware attack halted all their operations. The city contacted the Department of Homeland Security who discovered the attack originated outside of the U.S. West Haven mayor Nancy Rossi said the attack disabled around 23 servers last week which led their local officials deciding to pay the $2000 in Bitcoin to unlock their servers.

Hackers are Unstoppable?

Hackers are Unstoppable?

According to research by Kaspersky Lab, 86% of Cybersecurity professionals think that hackers are not stoppable and will eventually succeed at compromising the systems that the cyber pros are hired to protect. In my opinion, this awareness of the seriousness of the threat is admirable.  Such an attitude should keep us all on high alert. On the other hand, the view may also become a self-fulfilling prophecy. The most significant risks come from two groups:  criminal gangs and insider threats. Criminal gangs of hackers are generally motivated by financial gain. These types of breaches happen every day. Most of these … Read more