According to a recent article in The New York Times, hackers have begun targeting mobile phone carriers in an attempt to circumvent 2FA and compromise victims’ accounts that have this feature enabled. Read more to find out how they are doing it and what you can do to protect your accounts.
“Our Uber driver told us to turn off the Bluetooth and WiFi on our phones while we’re out here this week. He said not to connect to anything or we’ll be hacked.” Two women shared this with me as the three of us waited to ride the SlotZilla Zipline in downtown Las Vegas late Friday night. I told them I was in town attending DEFCON and that their driver gave them good advice.
Americans are inundated daily with scam calls and many may not know there are options available that help reduce the chance of receiving or answering a fraudulent phone call. This blog highlights one analyst's frustrations in receiving several of these nuisance calls every day and her effort to stop them by exploring various options provided by major US cell phone carriers.
Time synchronization is not something many people may consider to be a critical component of a properly functioning enterprise; however, it is vital for managing, securing, debugging, and investigating security incidents on a network. Desynchronized timekeeping across distributed servers in a corporate network can cause serious headaches for IT staff trying to diagnose network issues or investigators trying to get to the bottom of a data breach.
With Black Friday, Cyber Monday, and the rest of the holiday shopping season upon us, the NJCCIC compiled the following tips and best practices to help all of our members stay safe in stores and online. The holiday shopping season is one of the most attractive times of the year for money-hungry criminals and fraudsters to take advantage of eager shoppers and unsuspecting victims.
“I can’t believe this many people want to hack into computers,” the elderly woman said to her friend as they tried to navigate past the throng of DEFCON attendees at Bally’s Las Vegas Hotel and Casino, “there’s something wrong with that.” I heard this comment in passing and nodded slightly in subtle agreement.
Over the weekend, an “augmented reality” game called Pokémon GO took America’s mobile phone users by storm and soared in popularity practically overnight. Created by video game giant, Nintendo, and mobile game developer, Niantic, the Pokémon GO game app became an instant hit on both the Android and iOS platforms as people downloaded it in record numbers. Its usage quickly surpassed that of the popular dating app, Tinder, and social media platforms such as Instagram, Facebook, and Snapchat.
One year ago today, Governor Christie signed Executive Order 178 establishing our State’s Information Sharing and Analysis Organization (ISAO), the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Our goal has always been to elevate the barriers to entry for those seeking to nefariously exploit New Jersey’s cyberspace. We do this by promoting statewide awareness of cyber threats and the adoption of best practices.
Given the steady uptick in ransomware across the country, and right here in our State, we simply cannot overstate the importance of maintaining good backups that are stored offline (physically off of the network) and regularly tested to ensure you can fully recover in the event of a data loss incident. But what, specifically, does that mean to you and how do you go about implementing a sound data backup and recovery strategy?
The US Government is currently drafting a 'green paper' in preparation of presenting a formal policy on the Internet of Things (IoT), acknowledging the highly insecure technologies that have hit the market in recent years. Demonstrating the growth of this market, the research and consulting firm Gartner, Inc. forecasts that 6.4 billion connected devices will be in use worldwide in 2016, increasing to 20.8 billion by 2020.
The first-ever power outage caused by a cyber attack occurred in Ukraine on December 23, 2015, causing many to reevaluate the risk to critical infrastructure and ask, could this happen in the United States and what can be done to prevent it?
Imagine you wake up one day to find that your company’s website no longer displays your logo, products, or contact information. Instead of providing an online presence for your business, your website is now promoting a hacking group or terrorist organization. Your customers are angry and your employees are confused.
Disclaimer: If technical jargon makes you queasy, proceed with caution!
When downloading new software or updating existing software, how do you ensure that what you are installing is safe, unaltered, and from a reputable source? The simple answer is to compare the checksum of the file you downloaded to the hash of the original source file.
The 25th annual RSA Conference was held last week in San Francisco, California, and while many topics were carried over from last year’s conference, one topic seemed to be at the forefront – Apple v. FBI. Unsurprising, considering the event attracts mostly hackers and cybersecurity professionals, was the overall sentiment in support of Apple’s pro-encryption stance.
The NJCCIC has been talking a lot about the topic of cyber extortion lately, and with good reason. Just two months into 2016, there have already been a number of cyber extortion attacks across the country, impacting all kinds of individuals, businesses, and organizations.
By now, you should have received all of the necessary forms and paperwork required to complete your 2015 tax returns. This year, though, you may not want to wait until the last minute to file your taxes, lest an identity thief tries to beat you to the punch and steal your refund.
Unlike phishing attacks which cast a wide net in the hopes of catching as many victims as possible, whaling is a term used to describe carefully crafted emails designed to target or spoof specific people within an organization – usually top level executives, upper management, and other corporate decision-makers.
If the past two years have taught us anything, it’s that the frequency and impact of data breaches will continue to grow if organizations do not do more to implement effective cybersecurity practices. The theft and sale of personal data is big business for profit-motivated hackers, while state and non-state actors clamor to get their hands on sensitive and potentially damaging information for various intents and purposes, from extortion to espionage.