Less than 3 minutes, and there were 60 attempts blocked by the firewall. This goes on 24/7. Here’s the edited report and explanation.
One of my clients wanted me to block IP addresses from all but five countries.
The firewall is passive. In other words, it logs the event, but it returns no response to the IP address in the other country. A response would trigger additional activity.
If you make occasional online purchases from a retailer (as opposed to scheduled monthly recurring payments), don't check the box to allow them to save your credit card information. It's less convenient, but more secure, to enter your CC information for every single purchase.
Note to large companies: after you do the credit check, there's almost never a reason to keep the customer's Social Security number.
Delete them. Delete them all. Do it now.
Your password, no matter how complex, is never safe from a brute force attack.
Assume a password chart that says a password with your complexity criteria will take 30 days to crack. That means half of all passwords with your complexity criteria will be cracked in the first 15 days.
3.33% will be cracked on Day One.
And some passwords with your complexity criteria will be cracked in under 10 seconds.
SOLUTION
Use 2FA as well as a complex password.
The #Cybercriminal's #Thanksgiving List:
Unpatched #servers
Older operating systems
Companies with no commitment to #Cybersecurity Awareness Training
Companies that haven't implemented #2FA
Users that don't activate 2FA
Users that over share personal details on social media
Weak #password policies
Single Sign-On for lateral movement
#Centralized data storage
Saved #RDP credentials
#CEOs who say no to the #CISO's budget requests
Understaffed security departments
It's important that you understand the difference between a VPN and an IP address obfuscator ("anonymizer").
They are not the same thing. Unfortunately, the people who offer free or inexpensive VPNs to consumers won't explain it to you.
In fact, they profit from the confusion.
I’m getting more spam email from domains ending in .co.uk that from gmail.com. There are several compromised domains, it’s not just one.
Defense: I created a rule in Outlook that sends all email with .co.uk in the header to a separate folder. I can look through that folder rapidly for any legitimate email, and then delete everything else. Sorry, UK friends!
I am now getting replies and retweets about #ItalianNetworkDesign on the bird site.
Most recent post: "At the highest implementation of the #ItalianNetworkDesign model, workers have no access to the data, only data results. Example: call center employee can’t look at your SSN, but they can enter your SSN and the system will confirm, 'Yes, that’s correct.'”
I'm having the pleasure of teaching new skills to some of the I&C team at the Southern Power Training Center this week.
The rain stopped long enough for me to get my picture taken. It is RAINING here!
#scada #networks #ics #cybersecurity #training
So, what happens if you create the MD5 hash of a common password, and then use the hash as a Google search term?
#cybersecurity #pentesting #encryption #deepweb #darkweb #hacking
A Laptop With 6 Of The Most Destructive Malware Threats Ever Is Up For Auction
#cybersecurity #malware #art
https://www.forbes.com/sites/curtissilver/2019/05/15/malware-laptop-auction-chaos/
Netgear router log message:
"Self2WAN ICMP type b Detected!"
Does anyone know what it means? I can find all kinds of forums where people are guessing, but I can't find any definitive documentation.
#cybersecurity
FIFO Networks is pleased to announce that we don't use the ConnectWise remote connection software. Our clients were never at risk.
#Ransomware #ransomwareprotection #Malware #cybersecurity
https://www.zdnet.com/article/gandcrab-ransomware-gang-infects-customers-of-remote-it-support-firms/
It was very nice of @Google to send me this security alert - on November 16, 2018. Notice the date in the message.
#FAIL #cybersecurity #Sarcasm
The number one attack vector is social engineering.
The number one vulnerability is authentication.
"Any change in a digital business process will introduce one or more new security vulnerabilities."
--Young's Axiom of Cybersecurity
This means that the process of creating business change must include a process for identifying new risks.
#businessstrategy #cybersecurity #changemanagement https://counter.social/media/Kx_FUQMlLmHGArkHtrc
The most important attributes of a Cybersecurity worker? Never stop learning. Insatiable curiosity. Interest in a variety of business topics: finance, law, medicine, HR, automated systems, psychology. What would you add?
#business #finance #automation #cybersecurity
Computer and network services. Small business and SOHO remote tech support. Data and account recovery when a loved one dies. Licensed and insured.