Four threats to be aware of this holiday season
When thinking about the period between November through the end of December, joyful thoughts of mouth-watering turkey, ham, mashed potatoes and (my personal favorite) stuffing, tend to come to mind. Let’s not forget about those Black Friday, Cyber Monday and holiday deals we are anxiously awaiting and hunting for. Once the deals are found, shoppers create stampedes at local stores to buy the intended items by swiping away at every credit/debit card system needed.
If you like to avoid the chaos, maybe you prefer entering your credit/debit card’s 16-digits, expiration date and CSV code into online shopping sites during Cyber Monday? Either way, with cybercrime on the rise and recent research making cyber news headlines, we should take a step back to ensure that our shopping process does not have negative results by reviewing a little bit of what has been going on, and how it could impact you during or after holiday shopping. Four scams to watch out for during this... read more >
Social Media Scrooges
I recently had the pleasure of providing security guidance for a news story presented by the local Fox® affiliate. Since the reporter took a few liberties with what I actually said, I thought I would give you, the reader, these tips directly. So, here we go!
Some of what I’m about to say may seem like common sense but to the excited traveler anxiously awaiting a getaway weekend for the upcoming holidays, maybe not. There seems to be a common theme lately of people posting images of their boarding pass on social media sites, unaware of the dangers this actually poses. If we take a moment and examine the various boarding documents of the major airlines, we see a common occurrence of information, all of which when used together can pose pretty serious risk to the unaware holiday traveler.
Delta Airlines® Boarding... read more >
CMU and Advocacy for Strong Security Review Policies
At a high level, Tor is a privacy focused technology that routes traffic to hide the identity of its users. Tor became a favored technology by political activists and whistleblowers who need such protection, as well as cyber criminals and other unsavory types who want to abuse this protection. It isn’t a surprise that a government agency would be interested in breaking the veil of anonymity. The FBI supposedly used research from CMU to help bring down an illegal marketplace known as the Silk Road, which offered services ranging from normal legal goods, to forged documents, and a... read more >
Next week many of us will gather to sit down for Thanksgiving dinner with family and friends to express gratitude and to give thanks. Many of us will overstuff our bellies and catch a football game. Whatever you and yours do, cybersecurity will – and probably should – be the last thing on your mind that day.
But that doesn’t mean enterprises can’t take some time to take note and express gratitude for significant security achievements this year.Be Thankful For:
An accurate baseline of enterprise IT assets and data.
You know your business-technology environment. You know what systems manage your most critical data, and what public and private clouds and software services support those systems. When it comes to your network, you know your network devices and applications online, including desktops, servers, operating systems, applications, routers, firewalls, wireless devices and... read more >
A rise in cyber extortion causes OCC and FFIEC to issue an alert
Two weeks ago today, on November 3, the Office of the Comptroller of the Currency (OCC) passed on a warning issued by the Federal Financial Institutions Examinations Council (FFIEC). The warning was essentially issued to the financial community, but applies to pretty much any business. The notice warns of cyber attacks, which include extortion, and points out that the FFIEC has seen in increase in both the frequency and quality of those attacks.
Without context, warning about “extortion” is pretty broad. The OCC notice is related to an FFIEC press release issued on November 3 of this year.
Ultimately, this extortion refers to holding some part of the target organization for ransom. These extortion attempts have typically come in the following scenarios:
- The attacker demands payment to have the attacker stop from proceeding with a denial of service (DoS) attack on the...
AppSec USA 2015 Follow Up
This blog is a continuation of the AppSec USA 2015 blog, “Web Application Testing with Python” and “Web Application Testing with Python – Part 2”. To follow along, please download the virtual machine and scripts that I’ll cover in these series of blogs (the files are posted on an OWASP-controlled Google Drive. See Resources below for the full URL).
In the previous blog post, “Web Application Testing with Python – Part 2”, we wrote two scripts to attack the login form of our vulnerable application in order to enumerate valid users. In this blog, we’ll continue attacking... read more >
Protecting Yourself and Your Company
Nowadays, security awareness training (SAT) is a top priority for organizations of any sizes. Thanks to SAT, management and employees can understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Many companies invest heavily in cybersecurity education programs for employees to learn how to protect their computer and personal information and how to be aware of the many hacktivists and cyber-criminals that scour the Web in search of targets and vulnerabilities.
Apart from employing corporate risk managers, IT managers, and also making use of security defense solutions (firewalls) and protection systems (IDPS), it has become necessary for companies to conduct training for everybody as part of the security strategy to reduce exposure to data integrity attacks and other threats. As breaches become more common, to take security awareness on board in an organization can reduce risks. Educating users... read more >