search
top

Attending the BCAware Security Conference


Meeting Brian Krebs at the BCAware Conference

One of the most exciting parts of the BCAware conference was getting to meet Brian Krebs live in person!

During his talk he shared some interesting topics such as how cyber criminals are using websites similar to https://haveibeenpwned.com/  

Except, that these “other” websites will actually list out the users leaked password(s) in plaintext. And, with this method attackers can now attack various social media, banking and other commonly used services online to possibly find valid emails/passwords to accounts.

Another topic was related to how cyber criminals determine how much money to ask for during a ransomware attack. The typical amount seems to point at about 10% of total revenue a business makes from the previous year. This way, they do not ask for too much or too little. It gets close to an amount that the organization can afford, and finds would be cheaper than to recover from backups or rebuilding the environment.

Read The Full Post

NCIX Data Breach

NCIX Data Breach

One of the biggest news items around recently has been the NCIX Breach. I was notified of it through a colleague prior to the media finding out about it through the following blog –> (https://www.privacyfly.com/articles/ncix_breach/). The blog details events that took place where a person uncovered hard drives left by the now bankrupt NCIX computer retailer. The warehouse housing these drives, and left over computers that belonged to NCIX were being sold off by the warehouse landlord. The information based off privacyfly’s blog seems to point towards the landlord illegally selling the data on the drives to recuperate lost rent. The big question here is how NCIX, or the team taking care of their assets after bankruptcy could allow this information to be sold. And, this also goes to show how NCIX has very weak security procedues in place to safeguard their most vital data (customer and employee data). Read The Full Post

When Organizations Do Not Use Email Encryption

When Organizations Do Not Use Email Encryption

For this article, I had originally written it a few months ago. However, I didn’t get the chance to post it at that time. And, in a fortunate and positive way it turns out that my post will be some what less relevant than originally intended for the readers. When I initially had started this article, I had noticed an issue which seems to crop up anytime I am working with an organization. Many important organizations still lack basic security tools and options. In the example of this article, it looks into the lack of use of email encryption and secure email systems.

Now before I get into the nitty gritty stuff I want to list out a disclaimer. Everything I conduct, list, and discuss on my blog is and has always been for educational purposes. None of my articles are made or should be used to attack machines out there. All information on my blog is for the better purpose of learning better security methods.

Disclaimer

Now this article is not meant to bash government organizations in any way what so ever. This article is here to teach that any and all types of organizations can easily lack basic security measures. (more…)

top
Secured By miniOrange