You are here
Home > Posts tagged "Tech Republic"

How to run an SSH connection through Tor

For the internet-facing servers I administer I usually lock down the IPs that can access ssh (banning by country), also install fail2ban, and run sshd on a port other than the default of 22. This technique goes the other way, using Tor to obfuscate the connection but allowing anyone with the '.onion' hostname to attempt to connect. I'm going to file it under 'might be useful'...: SSH is, by design, a fairly secure means of gaining shell access to remote machines. However, th

86% of data breaches are conducted for financial gain

When I started in the infosec game (last millennium) only a few of the incidents we worked on were driven by criminal intent. Hacktivism (remember that?), and "for the LOLZ" were big drivers for the relatively unsophisticated stuff we had to deal with. The one thing that hasn't changed is that most incidents start with someone screwing up (reusing passwords/no password, public shares, ANY/ANY/ANY "testing"...)...: [...] "Criminals are going to go the path of least resistance

COVID-19 contact tracing: The tricky balance between privacy and relief efforts

For any of these apps to be useful, there has to be widespread take-up. If more than 2 billion devices are unable to run the apps being developed that means an even higher take-up rate is required. If the technorati can't gain the trust of most users, then these projects will fail. I see two versions of app being developed. The first creates a central database of all person-person interactions for later querying; the second holds all data on an individual's device until they

Coronavirus-related digital fraud: 22% of Americans targeted

One of the things that's remarked on in the startup community is the ability of a company to 'pivot' (no, I don't like the anthimeria of words but hey-ho) to meet changing conditions. The criminal fraternity seem to be especially adept at this...: [...] "It is clear that social distancing has changed consumer shopping behaviors globally and will continue to do so for the foreseeable future," said Greg Pierson, senior vice president of business planning and development at Tra

Almost half of mobile malware are hidden apps

Fake reviews are as much a part of the malware distributors armoury as any scammer on Amazon...: [...] Using the authorized app stores [such as the App Store and Google Play] is very important, "but also don't necessarily rely on reviews as an example of legitimacy," Samani advised, adding that there are examples detailed in the report with some malicious apps writing fake reviews. One way to tell is by looking for reviews that reuse the same simple phrases, as they are p

Mac attacks on the rise

Ever since the Mac and PC ads, and for quite a while before that, there's been a smugness exhibited by certain Mac users about "there's so much more malware that affects Windows users". No longer true...: For the first time ever, Macs saw more cyberthreats per endpoint than Windows PCs, according to the 2020 State of Malware Report. "We saw a significant rise in the overall prevalence of Mac threats in 2019, with an increase of over 400% from 2018,'' the report by Malware

How to report a phishing or spam email to Microsoft

I've been through adding this to my Outlook client (yes, it works on a Mac) for one of my customer Office 365 accounts. I do find it mildly irksome that the user has to install something (an inherently risky activity) in order to be able to help train Microsoft's spam filters...: You receive an email that you find suspicious--potentially a phishing email--so you ignore or delete it. Another option is to report the email to Microsoft for analysis via the Outlook add-in called

Okta ranks the most popular and fastest-growing apps in the enterprise

An interesting comparison is between the CIS top controls and what organisations are actually spending money on. The top two CIS controls are inventories for hardware and software. Knowing what you want to protect and whats attached to your network are where it all starts. That's not relected in the IDC list below...: [...] According to International Data Corporation, "worldwide spending on security-related hardware, software, and services is forecasted to reach $106.6 bil

How to protect your organization against targeted phishing attacks

It's not complicated, just difficult...: [...] At a minimum, answer these three first: 1) Who in my organization is being targeted by attackers?The answer is not as simple as looking at the top tiers of your org chart; 2) What types of attacks are they facing?Knowing the lures and traps attackers are using can help you better position your defenses; and 3) How can I minimize risk if these attacks get through?The answer is to use the information you've gathered to deliver the

How MIT researchers use machine learning to detect IP hijackings before it occurs

This smacks of Minority Report pre-crime. I like it...: [...] To zero in on serial IP hijackings, the team grabbed information from network operator mailing lists and from historical BGP data taken every five minutes from the global routing table. By analyzing that information, they were able to detect specific traits of hijackers and then train their system to automatically identify those traits. Specifically, the machine learning system tagged networks with three key tr