Between The Hacks is long overdue for a makeover. Redesigning an active website takes a lot of time and effort and one thing that this global pandemic offered most of us, is time. I am still very busy, but not flying around the world has giving me some much-needed cycles and it’s time to take advantage of that. Below is the three-phased plan for the site makeover that I’m sharing so that these changes aren’t a surprise.
This week on Between the Hacks, breachstortion joins the family of phishing attack methods, a teen surfer and influencer’s Instagram account is hacked and used to share sexually explicit material, attackers are using MFA to lock people out of their hijacked accounts, an Isreali cybersecurity firm discloses zero-day vulnerabilities that affect hundreds of millions of devices, and a great deal on cybersecurity e-books.
A breachstortion attack consists of a malicious email which claims that the sender has breached the victim’s website or company network, copied data from their databases and moved that data to an offshore server. The email then threatens to post the data publicly unless the victim pays the ransom.
Unlike sextortion, a breachstortion attack does not…
This week Between the Hacks reports on a cyberattack that shuts down Honda factories worldwide, a global vishing campaign attacks almost 100,000 inboxes, a UPnP vulnerability exposes millions of Internet-connected devices, update your Windows 10 systems now, and how to protect your digital privacy while protesting.
Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a categorized list of many of these reports…
This week Between the Hacks reports on two critical vulnerabilities patched in Zoom, 80% of data breaches leverage compromised credentials, attackers are targeting your mobile device to get access to your company network, a 64 year-old man pleads guilty to a business email compromise charges, and use HTTPS Everywhere to better secure your browsing.
Backing up data is something we have been told to do for decades but it is not exciting nor fun and very easy to forget. Additionally, situations requiring the need to restore a file from backup can be rare so it’s easy to understand why many people don’t back up their files even though it’s an important part of life with computers. Think of backups like an insurance policy. You do it in case you need it and hope that you never need to use it.
As consumers and general computer and Internet users, we all have to be our own IT manager and system administrator which means that backups are an important part of our job. While we all know that we should back up our data, some of you may not know why we need these backups.
This week Between the Hacks reports on phish-testing remote employees, 70% of mobile and desktop apps contain open-source security flaws, the Red Cross calls for governments to band together to stop cyberattacks against hospitals, updates on BlackHat USA 2020’s virtual event, and tips to better secure your Gmail account.
I don’t understand why companies, even tech companies, send email to employees and customers with links that use domain names that don’t match their normal, publicly known domain name. I have seen this happen in companies for years, where a department like HR finds a cloud vendor to do some training or to register for benefits. Instead of sending an email to employees from an internal email address, they let the vendor send email to employees with a link to an external, unfamiliar site. When you tell employees to not click on suspicious links, and then send them suspicious links, it undermines the whole security education program.
This week in Between the Hacks, Apple adds contact tracing to the iPhone, a new LogMeIn phish, Windows 7 use is increasing, Verizon releases their 13th annual DBIR report, and Mikko Hyppönen’s Disobey keynote from February, 2020.
Reports released annually by cybersecurity companies are rich resources for cybersecurity professionals, academics, journalists and really anyone who is interested in cybersecurity. Among the dozens that are released each year, arguably the most famous of these is the Verizon Data Breach Investigations Report, also known as the DBIR. This week, Between The Hacks eagerly reviewed the newly released 2020 Verizon Data Breach Investigations Report. At 119-pages, this is the 13th edition of the DBIR and it is the most extensive with more than 32,000 incidents, 3,950 of which were confirmed breaches. If you’re strapped for time, or if you’re more of a TL;DR person and the thought of 119 pages of security stats turns your eyelids into weighted blankets, fear not, there is also a 19-page DBIR Executive Summary available for download.
This week Between the Hacks reports on a 238% increase in cyberattacks against the financial sector, Windows 10 quietly gets a packet sniffer, Google plans to unload resource-hogging ads, a Nigerian crime ring files fraudulent unemployment claims, and a browser plug-in that helps prevent websites from tracking you online.
The decades old joke that “DEF CON has been cancelled”, is now a reality. Well, not cancelled as much as moved online to become a virtual conference for the first time.
On Friday May 8th, 2020, DEF CON tweeted “The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19. In early March we had hopes that things would be stable by August. That is no longer realistic.”
This week Between the Hacks reports on a data breach of 28,000 GoDaddy accounts, Firefox alerts you if you use a leaked password, a new IoT botnet, and a critical vulnerability in all Samsung phones for the past 6 years. Also, to stay up to date on cybersecurity news daily, try out our tip of the week, the Cyberwire podcast.
Phishing is the attacker’s dependable, longtime friend. Around since at least 1995, phishing is used to trick people into providing credit card information, login IDs and passwords, and to gain access to your computer, protected systems and/or networks.
Today, Between The Hacks arms you with the following: phishing background, practical advice, realistic visual examples, and links to reliable resources.
This week Between the Hacks reports on movies infected with malware, the NSA shares tips for teleworkers, a gif hijacks Microsoft Teams, and for the third time in 7 years, the iPhone has a word of death! Also bolster your security and privacy by changing DNS servers and a proof that robots can lie.
The world of cybersecurity is a constant cat and mouse game where attackers find new and creative ways to attack and the defenders discover those methods and figure out how to stop the attacks. The latest wrinkle in this spin around the hamster wheel was revealed by researchers at Barracuda Networks, who discovered that threat actors are now using, “reCAPTCHA walls to block URL scanning services from accessing the content of phishing pages.”
This week the U.S. AIr Force invites hackers to try and hack into an orbiting satellite, your employer may be infecting your home network, Sextortion pays big for scammers, an iOS vulnerability may have silently infected your device just by receiving an email and this week’s tip will help you secure your home network.
Your work computer might be the device that lets a threat actor into your home network. According to research conducted by cybersecurity companies, Arctic Security and Team Cymru, more than 50,000 U.S. organizations have sent their employees to a work from home environment with malware-infected computers.
On a corporate network, firewall rules and cybersecurity tools block certain types of traffic…
Another week of Zoovid-19 news as Zoom and COVID-19 dominate the cybersecurity headlines. Two Zoom zero-day exploits go up for sale. Zoom faces another class-action lawsuit. It’s not all bad news though, Zoom has been busy patching and making strides to regain trust. COVID-19 help is a click away. Social media companies battle Coronavirus misinformation. Home routers are compromised and this blog was selected by Feedspot as one of the Top 100 Cyber Security Blogs on the web. Thanks to all of the readers.
