Doug Bedell — August 4, 2021, 11:31 am

Getting Advised About Telephone Scams


Paul Ducklin on the naked security site advises about vishing, “a phone-based scam in which cybercriminals leave messages on your voicemail in the hope that you’ll call them back later to find out what’s going on.

“In fact, if you have a long-standing phone number, like we do, you may well get more of these scam calls (perhaps even many more of them) than genuine calls, so you’ll know the sort of angle they take, which often goes along these lines:

“[Synthetic voice] Your Amazon Prime subscription will auto-renew. Your card will be billed for [several tens of dollars]. To cancel your subscription or to discuss this renewal, press 1 now.”

Read on to learn more about a scam you may not be familiar with.

Doug Bedell — August 2, 2021, 4:48 pm

Food and Agriculture Aren’t Exempt from Insider Risks: Here’s How to Protect Them


Security threats can exist in any sector. So it is with food and agriculture. Two federal agencies – the National Counterintelligence and Security Center (NCSC) and the Department of Defense’s Center for Development of Security Excellence (CDSE) “have collaborated to publish ‘Insider Risk Mitigation Programs: Food and Agriculture Sector Implementation Guide‘.”

Food and agriculture workers are advised that “As a member of the Food and Agriculture Sector, you play a significant role in national security by protecting public health and safety, the nation, and its economy from contamination, economic espionage, food adulteration, and terrorism.”

The underlying premise: Alertess pays wherever we may be active.

Doug Bedell — July 30, 2021, 12:45 pm

Video Security Surveillance is Headed for a Home in the ‘Cloud’


Johanna Santander on SecurityInfowatch.com is predicting that cloud solutions, a metaphor for the Internet, “will eventually become the default storage method for video surveillance in the professional security industry. What’s more difficult to judge is when this change will take place.”

“Accelerating demand for cloud solutions in the professional security market,” Santander explains, “stems from their popularity in other industries, and the growing need for remote access to security systems due to COVID-19. To put it simply, cloud-based security solutions are becoming more popular due to their convenience and flexibility compared to traditional systems.

“As previous barriers to the adoption of cloud such as cost, bandwidth and cybersecurity issues are broken down, it’s to be expected that cloud security solutions will become widely adopted. However, this won’t happen instantaneously; it will take time to change ingrained industry habits and for familiarity with cloud systems to grow.”

So in some aspects of security, the more things change, they change.

Doug Bedell — July 28, 2021, 12:25 pm

Scaming Terms of Our Times: Phishing, Smishing and Vishing


Danny Randell on the helcim.com site takes on the task of explaining the difference between phishing, smishing and vishing as web actions to watch out for. They’re related to fishing, we presume, because fraudsters applying them are looking for personal information in the web’s swift-flowing currents.

“If you haven’t heard of phishing,” Randell explains, “it is essentially when a fraudster impersonates a trustworthy source in a digital communication (such as an email) to obtain information of a sensitive nature. This can include login credentials for social networking and banking websites and even credit card information. Phishing is most commonly perpetrated by scammers over email.”

Smishing, on the other hand, “is a form of phishing that relies on text messages to retrieve information. While many of us have become used to seeing unsavory-looking emails on a regular basis; untrustworthy text messages are something we are not so well conditioned to look out for.”

“Vishing,” for its part, “is a scam whereby fraudsters call your personal phone number and threaten you with serious consequences if certain conditions are not met. While it used to be easier to avoid telemarketing and scam calls, nowadays, many of these calls appear to come from a local number so you are more likely to answer it.”

There are more nuances to master, but it all comes down to let the potential responder beware.

Doug Bedell — July 26, 2021, 12:06 pm

APIs: A Growing Element in Web Security


As we move deeper into the digital age, it’s advisable, indeed necessary, to become acquainted with new digital security-related concepts, like application programming interfaces, or APIs

Liad Bokovsky instructs us on the nature and use of APIs on the HelpNetSecurity.com site.

“Application programming interfaces (APIs)” Bokovsky explains, “are at the core of nearly every digital experience – whether that is the delivery of mobile apps that enable consumers to monitor and personalize their exercise routines using an IoT connected device, or making it easy for car owners to track and share their in-vehicle driving behaviors with an insurer, or enabling remote monitoring services that allow patients with chronic conditions to record and report their daily stats and receive important guidance that helps them better manage their health.”

On the darker side, Bokovsky adds that “API security and performance are critical for engaging customers and increasing revenue, but recent news stories about security vulnerabilities that expose private data has brought the issue of API management into sharp focus. In many cases, simple failures to treat API security with respect have resulted in some significant data breaches affecting millions of users.”

Oh dear, something else to learn to be reasonably assured of security on the web.

Doug Bedell — July 23, 2021, 9:37 am

Internet Scammers Targeting the Olympics


Watch the Olympic Games on television, but don’t be taken in by a host of computer scams preying on the games. Veronica Combs, writing on TechRepublic, advises that “Kaspersky Lab experts analyzed Olympic-related phishing attacks and found fake pages offering streaming services, tickets to events that won’t have spectators, and even a fake Olympic Games virtual currency.”

“Olga Svistunova, a security expert at Kaspersky, said that cybercriminals always use popular sports events as bait for their attacks…For example, this year, we discovered an interesting phishing page selling an ‘Olympic Games Official Token.’ There is no real equivalent of such a thing. That means that cybercriminals are not only faking already existing baits but also coming up with their own new sophisticated ideas.

“Security experts found a website selling a virtual currency that is supposed to be a support fund for Olympic athletes. The lure is financial help for an athlete in need but there is no official Olympic token. The only person who benefits is the scammer.”

Hackers and scammers can rise to any occasion to take advantage of the internet public Now it’s the Olympics turn.

Doug Bedell — July 21, 2021, 11:21 am

Solar Power Buildout, It’s Said, Would Add Energy Security


Solar power is a key to energy security, Audrey Carleton advises on Vice.com. “Making one-in-four American homes use solar energy would generate millions of jobs and billions in utility bill savings, a new report from the Institute for Local Self-Reliance (ILSR) found.

“Published last week in collaboration with the Initiative for Energy Justice and the nonprofit Solar United Neighbors,” the post continues, “the report outlines the benefits of a proposal to offer solar power to 30-million homes in the US within the next five years, an idea ILSR has championed alongside 225 other organizations since February. ILSR is a group that promotes small business and local jobs around the United States.”

Maybe we should be looking at our rooftops in a new light.

Doug Bedell — July 19, 2021, 1:00 pm

China Accused of Cyber Hacking by U.S. and Its Allies


Hot off the press, via Mashable: “The United States, European Union, UK, and NATO have jointly accused China of malicious cyber activities, including a massive hack involving Microsoft.

“In an official statement published Monday (July 19), the U.S. and partners claim that China has used contract hackers to conduct unsanctioned cyber operations globally, including cyber espionage operations and ransomware attacks.

“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world. Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security,” the U.S. and partners say in the statement.

“The hack of Microsoft’s Exchange email server software, widely reported on in March, affected thousands of companies.”

No sanctions have been imposed as yet on China. China’s initial response has been to call the accusations “groundless”.

Doug Bedell — July 16, 2021, 9:27 am

Dangers We Face on the Internet


From the CSO website comes an advisory on “The 5 types of cyber attack you’re most likely to face”. Roger A. Grimes, a CSO columnist, lists and discusses them:

1. Socially engineered malware
2. Password phishing attacks
3. Unpatched software
4. Social media threats
5. Advanced persistent threats

Grimes discusses each in turn – a good way to get up to speed on perils of the Internet.

Doug Bedell — July 15, 2021, 11:40 am

Wanted: U.S. Offers a Bounty on Hackers


The U.S. State Department “is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)…

“Violations of the statute,” the announcement continues, “include transmitting extortion threats as part of ransomware attacks; intentional unauthorized access to a computer or exceeding authorized access and thereby obtaining information from any protected computer; knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer. Protected computers include not only U.S. government and financial institution computer systems, but also those used in or affecting interstate or foreign commerce or communication.”

This might be called getting real with hackers.