By Wassef Masri When the accounting manager at a major retail US company received an email from HR regarding harassment training, he trustingly clicked on the link. Had he looked closer, he could’ve caught that the source was only a look-alike address. Consequently, he was spear-phished. The hackers emailed all company clients and informed them […]
From the Trenches: 3CX Security
This past month one of our clients experienced a security compromise with their phone system, where 3 extensions had their credentials swiped. Among the information taken was the remote phone login information, including username, extension and password for their 3CX phone system. Our first tip off of the attack was the mass amount of international […]
Critical Windows bug fixed today is actively being exploited to hack users
“Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users.” — Ars Technica Read the full article here
Guard Your Data from New Cloud Threats
“While established cyber-attack vectors, such as malware and ransomware, continue to be a challenge for IT security pros, a panel of experts at the SANS Institute detailed new and emerging threats.” — (eWeek) Read the full article HERE
Forensic Readiness: Setting the Foundation For Cybersecurity
I’ve been involved in addressing many different cyberattacks in 2017 and early 2018, with some attacks being more successful than others. My involvement was usually in identifying the nature of the attack in a post mortem fashion or thwarting the advancement of an attack in progress. One common thread among all of them was the […]
A Pocket Guide to Password Security
A strong password is one of the most important lines of defense to prevent hacking. At a time of widespread cyberattacks, hacking and identity theft, here are a few simple password security tips: Never share your passwords with anybody, even if you trust them. You can trust your friends with other sensitive information. Don’t use […]
Why Hackers Will Target Your Cell Phone to Access Your Company’s Data
A client sent me a question recently asking whether two factor authentication or password resets using a cell phone is safe? My initial reaction was yes. Two factor means 1. something I own and 2. something I know, similar to an ATM card. But is your cell phone that secure? Let’s go through some of the ways we’ve made our cell phones proof of our identity: Two […]
Should We Stop Expiring Passwords?
As I read through the new guidelines from the US National Institute of Standards and Technology (NIST) about only changing passwords for a valid reason or condition, I thought these people were nuts. But then I kept reading…I realized that they could be onto something for improving password management without compromising security. This blog is […]
10 Ways to Protect Yourself from Cyber Attacks
In the Aftermath of WannaCry There are thousands of ways a hacker could gain access to your system to exfiltrate data or deploy malware. The recent widespread infection of the ransomware virus, WannaCry, should serve as a reminder of how vulnerable a computer can be. Ransomware and other infections are usually due to carelessness. The […]