This week on Between the Hacks, hacked Twitter accounts used in a bitcoin scam, a critical Windows server vulnerability, the UK proposed IoT security standards, the Internet goes down on Friday and a riveting book about how wormable malware created an enormous botnet. | Continue reading
Pharming is a type of cyberattack that redirects a website’s traffic to a malicious site that appears to be the real site. Pharming is used frequently in phishing attacks to trick a victim into sharing login credentials, banking information, or other sensitive data with the attac … | Continue reading
This week on Between the Hacks, billions of leaked credentials found on the dark web, home routers found to be vulnerable, Instagram star extradited to the U.S. to face charges for BEC attacks, more news about clipboard snooping and The Internet’s Own Boy. | Continue reading
This week on Between the Hacks, Netgear vulnerabilities, U.S. police data leaked, Lucifer malware targets Windows, 80% of people don’t delete data from their car before selling, and find out if your accounts have been part of a data breach. | Continue reading
This week on Between the Hacks, breachstortion joins the family of phishing attack methods, a teen surfer and influencer’s Instagram account is hacked and used to share sexually explicit material, attackers are using MFA to lock people out of their hijacked accounts, and an Isrea … | Continue reading
Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a categorized list of many of these reports. 2020 Cybersecurity Reports and StatisticsDat … | Continue reading
This week Between the Hacks reports on two critical vulnerabilities patched in Zoom, 80% of data breaches leverage compromised credentials, attackers are targeting your mobile device to get access to your company network, a 64 year-old man pleads guilty to a business email com … | Continue reading
This week Between the Hacks reports on phish-testing remote employees, 70% of mobile and desktop apps contain open-source security flaws, the Red Cross calls for governments to band together to stop cyberattacks against hospitals, updates on BlackHat USA 2020’s virtual event, and … | Continue reading
Domain Name Confusion is neutralizing much of the work that cybersecurity professionals do to educate people on how to prevent becoming the victim of a phishing attack. Domain name confusion can happen in different ways. Many companies, even tech companies, send email to employee … | Continue reading
This week Between the Hacks reports on a 238% increase in cyberattacks against the financial sector, Windows 10 quietly gets a packet sniffer, Google plans to unload resource-hogging ads, a Nigerian crime ring files fraudulent unemployment claims, and a browser plug-in that helps … | Continue reading
This week Between the Hacks reports on a data breach of 28,000 GoDaddy accounts, Firefox alerts you if you use a leaked password, a new IoT botnet, and a critical vulnerability in all Samsung phones for the past 6 years. Also, to stay up to date on cybersecurity news daily, try o … | Continue reading
The world of cybersecurity is a constant cat and mouse game where attackers find new and creative ways to attack and the defenders discover those methods and figure out how to stop the attacks. The latest wrinkle in this spin around the hamster wheel was revealed by researchers a … | Continue reading
This week the U.S. AIr Force invites hackers to try and hack into an orbiting satellite, your employer may be infecting your home network, Sextortion pays big for scammers, an iOS vulnerability may have silently infected your device just by receiving an email and this week’s tip … | Continue reading
Another week of Zoovid-19 news as Zoom and COVID-19 dominate the cybersecurity headlines. Two Zoom zero-day exploits go up for sale. Zoom faces another class-action lawsuit. It’s not all bad news though, Zoom has been busy patching and making strides to regain trust. COVID-19 hel … | Continue reading
These days it seems that all news stories are related to COVID-19, and that’s also true in the cybersecurity community. I realized I hadn’t seen many lists of resources for COVID-19-themed cybersecurity incidents. So, Between the Hacks spent part of this week researching and star … | Continue reading
This week we have more updates to the Zoom and COVID-19 sagas (now coined Zoovid-19). More than 2,300 Zoom credentials are found in an underground forum. Sixteen malicious coronavirus mobile apps are discovered, a sextortion campaign takes on different themes, and phishers preten … | Continue reading
Zoom sees rapid growth with lots of growing pains, the FBI warns of teleconference hijacking, a data breach exposes GE employee data, for the third week in a row, we saw a rapid increase in COVID-19 Coronavirus phishing and cyberattacks, and Marriott reports a data breach…again. | Continue reading
For the third week in a row, COVID-19 is not only the top story in international news, it is also the theme of many attackers on the Internet. We cover four COVID-19 themed attacks, learn of some cybersecurity heroes who are fighting against those attacks, and another kitchen pro … | Continue reading
It’s Friday the 13th, we are in the midst of a global pandemic, threat actors leverage public fear in phishing attacks, and data breaches and critical vulnerabilities make the news! | Continue reading
As the COVID-19 Coronavirus becomes a global pandemic, Internet criminals are leveraging this tragedy to spread their own kind of virus and digital attacks to prey on the fears and generosity of people around the world. | Continue reading
Celebrity ‘Shark Tank star Barbara Corcoran loses nearly $400K in email scam, Phishing is a $12 billion business for scammers. | Continue reading
This is the time of year when many of us wind down our busy work schedules and focus a little more on family and giving. In the spirit of giving, here are six cybersecurity gifts that you can buy for family, friends, or yourself. Obligatory Disclaimer: I will not benefit in a … | Continue reading
With the rapidly changing world of connected devices, known as the Internet of Things (IoT), many people do not realize that these “things” are actually computers. The smart light bulb, the IP video camera, and possibly your new car, are all computers. They have operating systems … | Continue reading
Almost every day we see headlines about some sort of data breach. The public is not almost numb to this news and the reaction by the end users whose credentials were lost, is typically to reset their password and move on. This is likely not enough for most people, because, accor … | Continue reading
In part 1 of the Password Conundrum, we talked about how we all hate passwords and how the crazy cybersecurity wonks tell us that we have to do unreasonable things like: Make passwords that are so complex that you can’t possible remember (long and multiple character sets) M … | Continue reading
Long Passwords, Short Memories The password is something we all love to hate. Many of us have to create hundreds of passwords and we are told by the paranoid cybersecurity experts to make them long and use all of the character sets on your keyboard so that they are not easy to … | Continue reading
In honor of cybersecurity awareness month , today I’m going to write, at a high level, endpoint security and how to stay safe online. This is such an incredibly broad topic that I think I could write a book about it. The only problem with writing a book is that the threats chang … | Continue reading
Phishing is the use of social engineering to obtain personal information for the purposes of identity theft. Phishing typically comes in the form of an email, disguised to look as if it was sent by a trusted source, and requesting personal information or authentication credential … | Continue reading
Over my career, in addition to teaching computer science at the undergraduate and graduate levels at numerous universities, I have also created and managed some corporate cybersecurity education programs. In both I've found that getting the more critical concepts across to people … | Continue reading
Phishing attacks have long been an effective way for attackers to trick people into divulging sensitive information or infecting a system with malware. Malware can give an attacker remote access to protected systems and networks, encrypt a user’s data and charge a ransom to decry … | Continue reading
FBI Router Reboot Recommendation By: Chuck Davis @ckdiii www.ckd3.com As I am sure you have heard, the FBI is recommending that anyone with a home router or small office router, reboot them. If you are not familiar with this FBI recommendation, then there are a few links at … | Continue reading