Newsletter Archives

• You clicked on that phish?

  Posted on November 11, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  It happens. You fell for it. You clicked on something you shouldn’t have. You followed a link. You entered your password on a site that wasn’t legitimate.

  In these instances, you didn’t suffer an intrusion to your computer. Instead, your login credentials were impacted. What should you do?

  First, don’t panic. In the case of many attacks these days, your operating system is still intact — not impacted in any way. The once standard reaction “I got hacked, so I’ll restore my computer from a clean backup or reinstall from scratch” probably isn’t necessary. In fact, it may be irrelevant to your response.

  Read the full story in our Plus Newsletter (21.46.0, 2024-11-11).

  On Security Adversary-in-the-middle, CISA, Credentials, Exchange, Microsoft Compliance Portal, Microsoft Purview portal, Multifactor Authentication, Newsletters, Passwords, Patch Lady Posts, phishing, Security, Trusted Devices, Two-factor authentication

• Extra security for all your devices

  Posted on February 28, 2022 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  These days, I don’t have just traditional PCs that I must protect — I have iPads, iPhones, Kindles, Chromebooks, and others. And these don’t run Microsoft operating systems.

  Not to pick on her, but my sister used to randomly surf with her Windows PC and, after searching, would end up with some sort of infection or malicious browser plugin. But when she did the same on her iPad or iPhone, I was spared the chore of cleaning up those devices — they were less targeted and less likely to end up compromised.

  Read the full story in the AskWoody Plus Newsletter 19.09.0 (2022-02-28).

  On Security Microsoft Defender, Newsletters, Patch Lady Posts, phishing, Security

• Falling for the click

  Posted on February 21, 2022 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  After watching the technology-related advertisements from this year’s Super Bowl, my takeaway was that we are a gullible population that will absolutely and utterly click on anything without verification.

  For Super Bowl LVI, cryptocurrency companies were a major advertising presence. Coinbase ran an ad with a floating QR code moving around the screen. So many people scanned the QR code that Coinbase couldn’t handle the load, crashing the website and the app.

  Read the full story in the AskWoody Plus Newsletter 19.08.0 (2022-02-21).

  On Security Advertising, Newsletters, Patch Lady Posts, phishing

• Don’t click those pop-ups that say you’ve been infected!

  Posted on May 31, 2021 at 01:03 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  It’s been said before, but it bears repeating — when you see a pop-up window on your desktop, laptop, or smartphone screen that says you’ve been infected with a virus and must act immediately, don’t click it!

  These frightening warnings are invariably “bad ads” that use advertising networks to insert these pop-ups into websites and phone networks. Their goal is to get you to click a link and download malware, whether it’s a fake “antivirus program,” a malicious “virtual private network,” or some other backdoor into your personal life.

  Read the full story in the AskWoody Plus Newsletter 18.20.0 (2021-05-31).

  AskWoody Plus Newsletter, Public Defender AskWoody Plus Newsletter, phishing, Public Defender, Security

• The web has a padlock problem

  Posted on November 30, 2019 at 13:29 CST by Kirsty • Comment in the Forums

  Danny Palmer (ZDNet) has just written about recent changes to websites showing “security padlocks” in browser bars, in a very easy-to-digest article.

  Internet users are being taught to think about online security the wrong way, which experts warn might actually make them more vulnerable to hacking and cyberattacks.

  HTTPS encrypts that information, allowing the transmission of sensitive data such as logging into bank accounts, emails, or anything else involving personal information to be transferred securely. If this information is entered onto a website that is just using standard HTTP, there’s the risk that the information can become visible to outsiders, especially as the information is transferred in plain text.

  Websites secured with HTTPS display a green padlock in the URL bar to show that the website is secure. The aim of this is to reassure the user that the website is safe and they can enter personal information or bank details when required. Users have often been told that if they see this in the address bar, then the website is legitimate and they can trust it.
  …
  “This is why phishers are using it on phishing sites, because they know that people who use the websites think that means its OK when it’s not,” said (Scott) Helme. “The padlock doesn’t guarantee safety, it never has, that’s just a misunderstanding of the interpretation of what this actually means.”

  …the (cybersecurity) industry needs to improve its messaging, because cybersecurity can be complicated for the average web user and changing advice all the time isn’t going to help, especially if people stick to adhering to the first thing they were told – like believing the padlock automatically means the website is safe.

  I’m sure many of us will have seen information by Troy Hunt and Scott Helme in recent months, on browser security. Changes are afoot in how browsers indicate websites’ security; e.g. Firefox’s recent changes on how padlocks work is related.

  WSJ indicate the depth of the problem here:

  The use of security certificates, once a badge of authenticity for the internet, among phishing websites has almost doubled, rising to 15% in 2019 from 8.5% in 2018

  Even CASC (Certificate Authorities Security Council) recently published, in a very interesting article:

  The padlock is putting users in danger

   
  We all need to get used to these changes, for our own safety.
   

  On Security, Security Browser security, phishing

• Patch Watch: Office 365 – The trendy new phishing target

  Posted on March 25, 2019 at 06:48 CDT by woody • Comment in the Forums

  

  Here phishy, phishy, phishy…..

  Attacking Windows 10 is so yesterday. Malicious hackers have known for some time that phishing is a fruitful and cheap method for stealing data. And the bigger the mark, the better the returns. So it should be no surprise that Office 365 has become a tempting target.

  Patch Lady Susan Bradley offers the first in a series of articles about Office 365’s vulnerable underbelly, and what you can to do protect yourself and your organization.

  Details in this week’s AskWoody Plus Newsletter 16.11.0, out this morning to AskWoody Plus Members.

  Office Patches/Security AskWoody Plus Newsletter, Patch Watch, phishing

• Microsoft targeted by phishing attack

  Posted on January 27, 2014 at 20:34 CST by woody • Comment in the Forums

  Probably by Syrian Electronic Army.

  Man, if MS can’t protect itself, how can any organization?

  InfoWorld Tech Watch

  Microsoft News phishing, SEA, Syrian Electronic Army

• How well does IE’s phishing filter work?

  Posted on April 25, 2012 at 12:23 CDT by woody • Comment in the Forums

  This will undoubtedly change shortly, but…

  In the past hour I’ve received several messages from people here in Thailand saying that they’re receiving phishing mail from their bank, SCB. The mail instructs people to click  on a link and log in. The link goes to the site new11010scb dot com (no, I’m not going to link to it).

  If you go to that location with either Firefox or Chrome, you get the standard phishing warning message. But if you go there with either IE 9 or IE 10 (on Windows 8), you sail right on through to an ad…

  #Fail IE Smart Screen.

  Windows Patches/Security phishing, Smart Screen, SmartScreen
• « Older Entries