CIA Director and Homeland Security Secretary Hacked – No Malware Needed

The FBI and Secret Service are investigating reports that the private email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson were "hacked." So, how did the hacker do it?  Hacking is malware, right? This case demonstrates that hacking is not malware.  Hacking is the theft of credentials.  Credentials can be stolen with malware. However, credentials can be stolen in other ways. This hacker is talking to the press. He told The New York Post that the way he stole the credentials was "social engineering." Rather than attacking systems, social engineering manipulates people. The hacker wanted the login credentials. In order [...]

2017-01-07T17:35:10+00:00October 19th, 2015|Cybersecurity - General, SP Guard, spear phishing|

Compromise Monday – Now What?

Last week saw an inauspicious beginning to Cybersecurity Awareness Month with user data compromises announced at: The American Banker Association, number undisclosed T-Mobile, 15 million, over 2 years ending Sept. 16, 2015 Scottrade, 4.6 million during late 2013 and early 2014 Patreon, the crowdsourcing website, 2.3 million users Now you are aware of Cybersecurity. What next?  You can't fix your vendors. You can have some more free credit monitoring to augment the free monitoring you got when Anthem lost your records, or Target, or Neiman Marcus, or The Office of Personnel Management, or [fill in the blank]. Let's look at how credit monitoring [...]

2017-01-07T17:35:10+00:00October 5th, 2015|Consumers and Email, Cybersecurity - General|