Microsoft took the unusual step to release a critical security update for unsupported operating systems, including Windows XP and Server 2003.Read More
When a new hire comes aboard, all great businesses have this in common: comprehensive training. It's the mark of a great business because it shows the attention and care that goes into equipping employees with the tools they need to succeed at the company.Read More
Does your organization accept credit cards? If you do, your organization needs to follow the PCI-DSS compliance standards. PCI-DSS stands for Payment Card Industry Data Security Standards; they were adopted as a shared set of data security standards by the major US credit card companies in 2005. Complying with these standards protects your organization from liability in the event of a breach.Read More
The National Cybersecurity and Communications Integration Center (NCCIC) has issued an alert regarding security vulnerabilities, known as Meltdown and Spectre, that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.Read More
In April 2017, The Automated Reporting Management Information System (ARMIS) contacted Microsoft, Apple, Samsung, and Linux to report eight zero-day vulnerabilities related to connections via Bluetooth, designated as Blueborne.
Blueborne endangers millions of unpatched devices by spreading through the air, across a wide variety of platforms: mobile, desktop, and IoT operating systems which includes Android, iOS, Windows, Linux; and all related devices that use these operating systems.
What is Blueborne?
Blueborne is a vulnerability by which attackers take advantage of Bluetooth connections to remotely control a device. The attack itself does not require the attacker's device to be paired with the target device, or require it to be in a discoverable state. It does, however, require the attacker to be within proximity of the device for the initial connection.Read More
Equifax, one of the three major credit reporting agencies, disclosed a data breach on September 7 that affects 143 million people in the US. The stolen data included the consumer’s name, address, date of birth, and social security number. In addition, credit card numbers and other personally identifiable information was also stolen for about 200,000 of the 143 million individuals. The “unauthorized access” was reported to have occurred on July 29, and the investigation is ongoing.Read More
- Must be at least 6 characters
- Must contain upper and lowercase letters, a number, and a symbol
- Must change every 60 days
Sound familiar? These have been standard rules for password creation for decades. The National Institute of Standards and Technology (NIST) is the government organization behind these familiar password rules, and just earlier this year they annouced that their official standards and recommendations are going to be undergoing a major re-write. They've sought advice from cybersecurity experts and have been open with their development of a new standard for passwords. While not yet official, here is a look at the major cybersecurity themes in the drafts of the new regulation:Read More
Gaining clear visibility into what is happening on your network is necessary to detect the nefarious activities of cybercriminals and to understand your users’ day-to-day activities. Security Incident & Event Management (SIEM) is the solution that can take detection of malicious and anomalous activity to a higher level. SIEM tools have historically been thought of as enterprise or carrier-class products, but as the need for better visibility has expanded to businesses of all sizes, SIEM tools have become less costly and more accessible.Read More
If you received a message today with the subject, “A document on Google Docs has been shared with you,” it is very likely that your email address is on the contact list of someone’s account that was hacked. This ploy was meant to convince you that someone you know sent you a document, and by entering your Google email address and password, you would be able to open the attachment. In reality, entering your credentials would provide a hacker access to your Gmail mailbox from which they could harvest your mailbox and attack your contacts.
Google has reported that they have taken down the offending accounts and system updates are underway to prevent future attacks. Google is also encouraging users to report the email as a Phishing attempt within Gmail.
If you received one of these messages, your account would have been compromised at the point of entering your email address and password. Opening the message, or even clicking on the link that opens the login page would NOT compromise your account.
If you clicked on the link and entered your credentials, immediately complete the following steps:
- Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions
- Remove permissions for “Google Docs,” the name of the phishing scam (if the page says, “You haven’t granted any apps or websites access to your Google Account,” your documents were not compromised).
- Change your Gmail password
When setting passwords, consider using a passPHRASE made up of three or more common words, and add a number or special character to increase complexity. Even the longest dictionary word is easily hacked, but passPHRASES are much more difficult to pick. Try something like “I-Like-Tomatoes22” or “I-Dr1ve-A-Boat” rather than using a common word or pet’s name. The length and use of multiple words provide added protection.
This is only the latest of several new email attacks. Always pay attention to the TO, FROM, and SUBJECT LINE before clicking on a link or opening an attachment. The “TO” line on this Google Docs message says, email@example.com. It is also important to be very suspicious anytime you are asked to enter your password from an email request. Credential phishing is big business for cybercriminals.Read More