Monthly Archives: June 2021
LinkedIn Breach Exposes 92% Of Its Users Data
I’m shocked and upset about this LinkedIn breach. This is their second massive LinkedIn breach. It was reported that 700M users were effected in this breach, which is more than 92% of the total 756M users. The database is found for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries.
What Happened?
According to the RestorePrivacy website, the hackers were able to abuse the official LinkedIn API to download the data.
On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. We examined the sample and found it to contain the following information:
-
Email Addresses
-
Full names
-
Phone numbers
-
Physical addresses
-
Geolocation records
-
LinkedIn username and profile URL
-
Personal and professional experience/background
-
Genders
-
Other social media
Employee Guide To Spot Phishing Emails
If you didn’t know already, phishing is a social engineering attack that lands in your inbox with the intention of stealing personal info. Often times, phishing emails appear to come from a known contact (friends, family, co-workers) or an organization, such as a bank or credit card company. Attacks often feature malicious links or attachments that compromise the victim’s device with malware.
POPULATION
Over 280 billion emails are sent each day. If you imagine that even a small percentage of them are phishing attacks, you can see why this threat is so pervasive.
APPEARANCE
You can identify phishing emails by a variety of distinct markings: bad spelling and poor grammar, odd phrasing or awkward sentence structuring, impersonal greetings such as “Dear Customer” instead of using your name, and web addresses that resemble a legitimate business but are slightly misspelled.
BEHAVIOR
Phishing emails typically come with a sense of urgency. They … Read the rest
Learn More About Social Engineering
Social engineering is a tactic used by attackers that takes advantage of people’s emotions in order to access sensitive or confidential information. It is very important to know who we are talking to and why the person needs the data. Always remain calm, do not respond immediately, and talk to your manager or the security team if something happens.
Phishing
Phishing attacks are messages that look legitimate, but are actually scams to access your account or device. Pay attention to who forwards the message, if the subject is relevant, if the message text has syntax and semantic errors. Most important: always think before you click! And do not download any unexpected file.
Vishing & Smishing
Scams also happen via telephone (vishing) or text (smishing). If you receive a call, make sure you know the person, and wait for a face-to-face meeting to talk about confidential information. If you receive a … Read the rest
Cybersecurity Without Paranoia
Not many people bring to light and discuss that there is a difference between paranoia and preparedness in cybersecurity. Due to many breaches and the various headlines we tend to promote 24/7 security awareness, although it is a simple understanding that scammers are everywhere and target everyone, this can cause paranoia.
Prepare for security threats without paranoia:
Paranoia: Never using a public WiFi network.
Preparedness: Always using a Virtual Private Network (VPN).
VPNs encrypt your internet connection making it difficult for cybercriminals to intercept and steal your data. Never connect to public WiFi without a VPN, and even then, avoid accessing highly sensitive information.
Paranoia: Refusing to install apps on your smart device.
Preparedness: Researching and downloading apps from trusted sources.
Malicious apps are an ongoing security issue with app stores. Do your research before installing anything and carefully review permissions and security settings after installing. Routinely uninstall apps you … Read the rest
Cybersecurity Tips For Parents
Parenting is hard enough even before considering the challenges of online security. In this article I will give you five tips to help you with those challenges. Obviously, every household has different needs, so view these as a generic starting point, and make adjustments as necessary!
Establish a culture of trust.
Create a safe space where honesty won’t be punished and where kids feel comfortable sharing their experiences. If they witness cyberbullying or inappropriate behavior online, or accidentally share something they shouldn’t have, we want to make sure they’ll speak up before it’s too late. Establishing a culture of trust is the best way to gain and maintain a healthy digital presence in your household, and it needs to start at a young age.
Explain the risks of social media and online behavior.
Just like in real life, children should be taught that their online actions come with consequences. Posting … Read the rest
The Future Of Identification And Authentication
IN THE BEGINNING…
Passwords have been around since ancient times, back when you needed to know the correct word to pass or enter an area, and have evolved over the course of history to meet specific demands. The military developed a challenge and response system that required not just a password, but also a counter-password. For example, the challenge would be Mango, and the response to Mango would be Peach. This form of authentication verified both sides.
The first computer password was born out of necessity in 1961 at MIT for use with their CTSS—one of the first time-sharing systems, which is a computing resource used by multiple individuals. Since there were multiple people who had private sets of files, it made sense that each person should be given their own login and password. The rest, as they say, is history.
PASSWORDS AREN’T DEAD
To this day, the debate over … Read the rest
HIPAA For Business Associates
HIPAA defines business associates as a person or entity that provides services to a covered entity that involves the disclosure of PHI.
What is HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act, was enacted in 1996 primarily to simplify the flow of healthcare information, and to make sure that all PHI (Personal Health Information) is kept confidential and private and is only used in the way for which it was intended. This means that medical information can only be collected, shared, stored, and used for legitimate purposes, and must be properly protected.
Who must follow HIPAA?
Business associates who work for HIPAA-covered entities must comply with HIPAA. Business associates are people who work with, or provide a service to, a covered entity and, in doing so, have access to PHI. They could be attorneys, accountants, or transcriptionist’s. HIPAA-covered entities include healthcare providers (pharmacists, doctors, hospitals, and labs), healthcare plans … Read the rest
Vulnerability in Cisco Small Business Switches
Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches.
These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the interface is enabled by default. In an advisory released a few days ago, Cisco said Jasper Adriaanse found a few types of security holes in the small business switches.
One of them, tracked as CVE-2021-1542 and rated high severity, can be exploited by a remote, unauthenticated attacker to hijack a user’s session and gain access to the switch’s web interface. Depending on the privileges of the targeted user, the attacker could gain admin-level access to the management interface.
Another high-severity issue is CVE-2021-1541, which allows a remote attacker with admin permissions on the … Read the rest
How to direct Unifi VLAN traffic to OpenDNS
In this tutorial you will be shown how to direct UniFi VLAN traffic to OpenDNS. Many companies love using OpenDNS due to it ease of use but sometimes it can be tricky to deploy on UniFi since the GUI keeps changing. This tutorial guides you through Unifi Controller Version 6.1.71.
OpenDNS is a Internet security company based in San Francisco that provides easy-to-implement Internet navigation and Web security solutions for families, schools, governmental organizations and businesses of all sizes. The services provided by OpenDNS increase the speed of navigating websites and prevent unintended access to phishing and malware sites as well as to any Web content that you configure to be restricted.
Lets Get Started
In this tutorial I will be using a UniFi UDM Pro on Controller Version 6.1.71. Please update your controller as needed as some times may vary if your not up to date. I will be … Read the rest
Ransomware Risk Management
The National institute of Standards and Technology (NIST) has released a new document called: cybersecurity framework profile for ransomware risk management. The document contains detailed steps that you can take to reduce the risk of infection and it has was to prevent ransomware attacks.
They outline these basics
NIST has provided the basic and best approach to preventing, mitigating and protecting critical data against ransomware events and they recommend the following:
- Use Antivirus Software to scan your system, emails and flash drives.
- Keep Systems up to date and all software fully patched.
- Use a services or products that blocks access to ransomware sites.
- Put a policy in place that only allows authorized apps to be used in computers.
- Restrict personal devices to internal network access resources.
- Do not provide users with local administrative privileges.
- Block use of personal apps on work computer for example: email, chat, social media.
- Provide
Loading ...