Cyber insecurity

[+ FrankR]

According to multiple sources (PwC, WSJ, NY Times) Cyber is a top concern for CEOs in industries depending on data and tech. Not just Facebook and the like, but Financial Services (your bank) and Retail too (think Amazon, Ebay).

 

Do you worry about security of your devices and your data? The City of New York just released a free app that can monitor your personal devices for security threats. It is called NYC Secure (https://secure.nyc). I am thinking about installing it on my devices...

[+ Keith30309]

According to multiple sources (PwC, WSJ, NY Times) Cyber is a top concern for CEOs in industries depending on data and tech. Not just Facebook and the like, but Financial Services (your bank) and Retail too (think Amazon, Ebay).

 

Do you worry about security of your devices and your data? The City of New York just released a free app that can monitor your personal devices for security threats. It is called NYC Secure (https://secure.nyc). I am thinking about installing it on my devices...

Absolutely

 

This is what I do:

If secure communication is a concern - one should be using an app such as Signal/Telegram or an encrypted email service such as Protonmail.

 

No app can replace good communication hygiene (and opens yet another door). I think about installing apps like a Craigslist hookup. It looks like fun and feels really good at the time but I may regret it a week later.

[rvwnsd]

I don't "worry" per se, but I do take precautions to keep my data secure. For example, I am very careful about actioning emails. Here's a good example: Today I received an email from Amazon stating that the price of a Subscribe and Save item had increased. It also listed the other items I subscribe to and contained a link to modify my subscription. The email did not look exactly the same as other emails I receive from Amazon (different fonts, mainly) but the sender was an Amazon email address. Instead of clicking the link, I opened Amazon, checked the subscription, and saw that the price listed was the same as it was before. I reported the suspicious email to Amazon.

 

Additionally, I look for wording that portrays a sense of urgency (You must do this today!) or is odd or out-of-pattern when purportedly set by a known sender.

[KeepItReal]

My digital addiction does worry me a bit. I am cautious about installing apps (yes, including those carrying the blessing of the government) and if I have to use a public wifi network, I always use a Virtual Private Network. It gives me some comfort, but still, I worry...

 

I was watching an interview with Jamie Dimon, the CEO of JP Morgan on CNBC the other day. They asked him what kept him up at night; without hesitation he replied "cyber attacks". We know our power grid here in the USA is fragile, we know we have enemies.. 1+1=2

[+ Keith30309]

10 Tips on How to Identify a Phishing or Spoofing Email

Tip 1: Don’t trust the display name

A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name.

 

Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

 

 

Since My Bank doesn’t own the domain “secure.com,” DMARC will not block this email on My Bank’s behalf, even if My Bank has set their DMARC policy for mybank.com to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.

 

Tip 2: Look but don’t click

Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

 

Tip 3: Check for spelling mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

 

Tip 4: Analyze the salutation

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

 

Tip 5: Don’t give up personal information

Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

 

Tip 6: Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

 

Tip 7: Review the signature

Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

 

Tip 8: Don’t click on attachments

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

 

Tip 9: Don’t trust the header from email address

Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

 

Tip 10: Don’t believe everything you see

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it

[RM]

Cyber security is expensive. We pay $30 per month for an alarm system. They just added $20 per month for security on the alarm system. We're going to decline it.

[+ FrankR]

Cyber security is expensive. We pay $30 per month for an alarm system. They just added $20 per month for security on the alarm system. We're going to decline it.

Wait, what? That is just crazy! Who is your provider? I want to paste their logo into wikipedia under the heading of ‘that’s cray-cray’...

[+ Keith30309]

Alarm system as in some mechanism which audibly and/or visually alerts upon forced or unexpected entry into a structure?

 

And the alarm system isn’t secure from unauthorized electronic tampering, for example to disable remote alerting to some central monitoring center (like ADT)? That seems oxymoronic.

 

I guess that I think of cyber security as relating to the accidental or malicious acquisition of any data about me, including communications to others, on both equipment I own & control as well as infrastructure which I don’t.

[RM]

Alarm system as in some mechanism which audibly and/or visually alerts upon forced or unexpected entry into a structure?

 

And the alarm system isn’t secure from unauthorized electronic tampering, for example to disable remote alerting to some central monitoring center (like ADT)? That seems oxymoronic.

 

I guess that I think of cyber security as relating to the accidental or malicious acquisition of any data about me, including communications to others, on both equipment I own & control as well as infrastructure which I don’t.[/quote

 

Yes... that kind of alarm that makes a lot of noise and contacts the service that contacts us in case it's a false alarm and then contacts the police. They want to increase the cost by 2/3 in order to secure it from electronic tampering.

[+ sync]

I was stunned again when Trump proposed a space force when it is so obvious that what we need is a cyber force. I'm guessing Putin wants U.S. resources focusing on outer space while he continues to overtake U.S. cyber space.

[samhexum]

He was porn star and didn’t even know it.

 

A New York man who likes anonymous, online-only sex claims scammers hacked his computer and demanded cash after one amorous 2015 episode of internet intercourse — then plastered hot and heavy videos of him on Pornhub, iPornTV and XVideos without his knowledge.

 

The man didn’t find out he was a sexy screen star until August, he claims in an $11 million Brooklyn Federal Court lawsuit, which identifies him only by the pseudonym “Victor Voe.”

 

His “private images and videos likely have been accessed by millions of users of these websites” before the victim was able to get them taken down, he said in the litigation filed against his unknown, unnamed tormentors.

 

At the time, the man claims he worked “in a position of trust whereby the revelation of compromising videos and images of a sexual nature would be damaging to his employment and professional status.”

 

The man’s sexy screen habits began five years ago when he went to sites like chatroulette.com and omegle.com for what he described in court papers as a “modern form of ‘safe sex’ — anonymous, consensual and conducted entirely through video chat.”

 

Then one meeting with what he thought was a woman also seeking sex went south.

 

The victim claims he moved their interaction to Skype in a bid to be more private, but the “woman” sent him a link to a website he didn’t know, a link the man now believes infected his computer with a virus and allowed hackers access to his files and personal information, including his home address, job and bank info.

 

At the end of their session, the “woman” told him she’d recorded him, had gotten into his computer, knew who he was and said she’d release the clip if he didn’t pay up, he said in court papers.

 

Virtual sextortion surging as more men stay home during coronavirus lockdowns

The man refused and “deleted all information he could think of that may trace back to him,” according to the legal filing.

 

The scammers made good on the threat and even posted the victim’s social media pics on gay porn sites, said the man, who is heterosexual.

 

When he realized what happened, the victim said he spent $5,000 to “wipe” his digital record and increase his cybersecurity.”

 

The sextortion scam, in which con artists threaten victims seeking online sex with public exposure if they don’t pay up, has been on the rise with the onset of the coronavirus pandemic, and the lockdowns and shutdowns which followed.

[samhexum]

Top US cybersecurity firm FireEye falls victim to foreign hackers

 

Hackers turned the tables on one of the country’s biggest cybersecurity firms on Tuesday, making off with a suite of powerful hacking tools.

 

FireEye said that its security system was breached, possibly by hackers working on behalf of a foreign government, with the cyber criminals pilfering software that the firm uses to test its clients’ defenses.

 

The hackers were also interested in information FireEye had on its government clients, though the company said it did not believe the hackers were able to get their hands on any of it.

 

The company disclosed the hack in a blog post written by CEO Kevin Mandia, who said FireEye went public about the hack in hopes of helping another company avoid falling victim to the same attackers.

 

“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia wrote. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”

 

FireEye has business contracts across the national security space in the US and with its allies.

 

There is no evidence yet that FireEye’s hacking tools have been used. The FBI is investigating the hack, and FireEye has also accepted help from Microsoft to identify the culprits.

 

“This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques,” a Microsoft spokesperson said.