inspection

Why an Inspection?

Technology assessments are a smart place to start to make sure your organization’s infrastructure continues to run smoothly.

And just like there are emissions and mechanical inspections for your car, different kinds of assessments reveal different types of gaps … [4 min. read]

Invading via email

Email Compromise Is Insidious and Costly

1 Request, 2 Follow-up, 3 Urgent, 4 Important

These are the top Email Subject lines in Business Email Compromise attacks, the costliest cyberattacks. There were 19,369 reported incidents at a loss of $1.8 billion in 2020, the most recent published data from the FBI.

A typical Business Email Compromise attack is the result of a credential breach. With stolen email credentials a crook poses as an established vendor, and uses this trusted position to ply company data or funds from you or a colleague. … [4 min. read]

Holiday cards

Elves at Work

Wishing that all your days are happy … [1 min. read]

Santa?

Hacked for the Holidays (ain’t no ho ho ho)

In an ongoing effort to elude this year’s frustrating shipping delays, more consumers are turning to the web for what they may see as easy answers to the holiday hassle. Vasu Jakkal VP Microsoft Security said that with “headlines about supply chain issues, worker shortages and costs rising … it’s no surprise that … at least sixty-three percent of holiday shopping will be done online.”

Perpetual Motion

If Not Now, When?

“Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a widely-used logging library ‘is one of the most serious I’ve seen in my entire career, if not the most serious.’

“‘We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,’ she said of the Apache Log4j flaw. The issue is an unauthenticated remote execution vulnerability that could allow an intruder to take over an affected device.

“Hundreds of millions of devices are likely to be affected, said Jay Gazlay of CISA’s vulnerability management office in the [same] call” –as reported by Tim Starks, cyberscoop.com, Dec. 13, 2021

Because of how widespread this vulnerability is, affecting everyone from Microsoft to Apple to Amazon to Google (in fact it affects millions of pieces of software, it is time to make sure your business is as protected as possible. You may not hear bullets, but that doesn’t mean we not are in a war … [5 min. read]

2FA!@$%

Thunder and Botheration!

“If there’s 2FA, enable it,” said Bryley’s Garin Livingstone when asked for his baseline recommendation for everybody for computer security.

2FA or MFA (two- or multi-factor authentication) is adding a second (or more) proof of your identity before being granted access to a machine or software.

2FA may also rank among the biggest pains in the neck … [4 min. read]

Can Machine Learning Save Us from Us?

Among the top headlines in Google News’s Technology section today was criminal hackers use of AI (Artificial Intelligence) and its subset, ML (Machine Learning)1. Opening the article, I found a synopsis of a Tech Republic report, “Cybersecurity: Let’s Get Tactical,” in which the authors give ten ways cybercriminals are attacking with AI2 including

  • phishing attacks, in which, upon gaining credentialed access, automatic scripts can wreak havoc, including draining bank accounts
  • credential stuffing and brute force attacks, in which AI systems try passwords — and password possibilities — on many websites
  • bulletproof hosting services that use automation to hide the tracks of malicious websites, so they can’t be stopped by law-enforcement, or often flagged by network scanning tools

The fact is, it’s an arms race. Both malware and criminal sites would be pretty quickly and easily identified on a network by the nature of their activity. So the criminals try to disguise their malware in benign code and their sites in bulletproof hosting schemes. The way they keep the ruse going is through machine learning adapting to changing circumstances.

Cybersecurity Risk Assessment Becoming a Must for Investors

In July the World Economic Forum (WEF) delivered a paper1 that argued for putting the muscle of investment into shifting the cybersecurity landscape. WEF/Marsh & McLennan reports2 that among weapons of mass destruction and natural disasters, cyberattacks are seventh in likelihood and eighth in impact as the greatest threats to global prosperity.

UPS Store Breach Included Rhode Island Customers

UPS Store headquarters issued a letter1 to possible “victims of a phishing incident” that included Rhode Island UPS Store customers. Based on the letter, which hides the particulars, it looks like a criminal convinced an employee or employees in the UPS Store system to provide store email credentials. Once these credentials were had, customers emailing the store were also (or maybe only) sending their documents to the criminal. And possibly any data that had been kept in the email accounts were accessed.

Cyber Liability Risk…protect your business

While there are many publicized hacking attacks against large companies reported in the news, smaller companies face increasing computer liability risks, too. Almost every business uses technology in some way, and your business can be held liabile if certain types of information are compromised. It doesn’t have to be a hacking attack; it could be the loss or theft of a smartphone or laptop that could expose your business to liability…