Security Threat - Intentional vs Unintentional

The Biggest Security Threat to an Organization

The Biggest Security Threat to an Organization When we think about threats within an organization we always refer to an outside attacker, or natural disasters such as, fire, flood, earthquake, hurricane, tornadoes, etc. Below we will discuss which group of people are the biggest threats of an organization in more depth. The biggest threat within an organization is the insider; a threat can be intentional and unintentional. The bad news is that you don’t know who can intentionally harm your organization or not. Therefore, it is important to train your employees and give them something called Least Privilege. Least privilege is when you give someone no more and no less… Read More

Continue Reading

Handling Employees To Prevent Corporate Espionage

Handling Employees To Prevent Corporate Espionage  By Victor Joel Harvey Companies today must remain vigilant in order to prevent their trade secrets and other confidential information from being compromised by both outside sources and by sources inside the organization.  Increasingly common, employees often intentionally or unintentionally “leak” confidential information stored on company computers, laptops, or networks.  The following is a listing of measures that should be taken by companies in an effort to prevent breaches of data made by employees:   Education of employees regarding their responsibility to keep non-public company information confidential is essential. Monitoring of all electronic devices used to access information, including company computers, cell phones, and… Read More

Continue Reading
Types of Malware

User Awareness: Baiting, Vishing, and Social Engineering Attacks

User Awareness: Baiting, Vishing, and Social Engineering Attacks.  By David Pierre   Firewall, Antivirus, Patches, Intrusion Detection System (IDS), Intrusion Protection System (IPS) are not helpful if a user is not trained. Therefore, it is good to have a clue of the basic ways to protect yourself against the above mentioned attacks. With Baiting, Vishing and Social Engineering an attacker does not need any computer knowledge. Below is the definition of these attacks. Baiting is when an attacker leaves an infected device such as a USB thumb drive, a cell phone, or a memory card somewhere on purpose.  If you find one of these devices you may think that you… Read More

Continue Reading

Krack Attack and the History of Wireless

A History of Wireless Network Protocols By David Pierre We can’t get started with the history of WPA2 without talking about its predecessors, WEP and WPA.  In the following article, we are going to talk more about these wireless networking protocols. First, what is the reason a wired or wireless network needs to be encrypted?  Whenever you send a message or any data over the Internet, you have no power over it once you send it.  This means anybody can access the data while it is in transit.  As a result, you need a way to make your data unreadable to unauthorized users. WEP In September 1999, WEP was ratified… Read More

Continue Reading

Facebook Denies Possible Outbreak of Ransomware, LinkedIn Also at Risk!

Facebook Denys possible outbreak of Ransomware, LinkedIn also at risk! Out of all the possible malware and viruses you can get on your system, ransomware has the potential to be the worst. Ransomware is especially nasty due to the damage it can do to your system. This is especially true in enterprise level environments. I can speak from personal experience, that when the IT department finds a possible Ransomware infection we take it very seriously.  I have personally witnessed on multiple occasions a company bring an entire department offline to keep an infection from spreading. Ransomware can be identified through its trademark method of infection. A Ransomware program will encrypt… Read More

Continue Reading

Dumpster Diving Low Tech Hacking at its Finest

Social Engineering Awareness Part 1: Dumpster Diving Dumpster diving remains a prevalent security risk for almost every organization. Dumpster diving is a form of Social Engineering that takes very little technical knowledge. A potential hacker’s goal while dumpster diving is to look for any information hidden within the trash to help penetrate a network. A quick list of potential targets containing worthwhile information would look something like this. Hard Drives CD Drives Flash Drives SD Cards Floppy Disks Instruction Manuals Receipts Invoices Old Software Old Magazines from vendors like cisco Company Directory page or book Old Business Cards Diagrams of building or Network Anything with signatures Usernames and passwords Anything… Read More

Continue Reading

Replacement Note 7’s Still Exploding Samsung Recall

Samsung’s ongoing struggle  In the latest setback for Samsung it has been reported that yet another one of their Galaxy Note 7’s decided to explode during the boarding process of a plane at the Louisville international airport last Wednesday. Samsung has known for a while about its phones dangerous fault in its hardware and has recalled these devices sometime last month. The problem is that this phone happened to be one of the replacement devices. Nobody has been injured during this incident. However, smoke from the device caused more than 75 people to be evacuated from the plane. Samsung released a statement stating the following. “Until we are able to… Read More

Continue Reading

Yahoo’s New Big Breach 500 Million Accounts Hacked

Yahoo’s new breach 500 million accounts hacked Ever since the security breach in 2014, Yahoo has been having an ongoing investigation into the incident.  Last Thursday Yahoo has released a statement about yet another setback for the internet company. Yahoo admits they are not sure what information is stolen, however, there is an estimated 500 million accounts that were targeted. Among this stolen data can be email addresses, telephone numbers, birth dates, hashed passwords, and security questions. Who is to blame There have been talks that the people to blame for the attack were state sponsored actors under the orders of the Russian or Chinese government. Although it’s hard to… Read More

Continue Reading

Cyber Security’s Weakest Link is Human Beings

  The Weak Link In Security Often times when a company looks into becoming more secure, they typically look to add devices, software or settings in place to help defend their network. It’s hard to convince them that the weak links in there network is the employees on them. Convincing employers about the importance of user awareness is an ongoing struggle for tech professionals. In the world of Information Security, we like to think that all the firewalls, antivirus and security settings we put in place keep us safe. Last year in 2015 there was an estimated 781 reports of data breaches. These breaches only account for one spectrum of… Read More

Continue Reading

Phishing attacks that take advantage of tragedy – Cyber Protection Group

  The new scam on the streets The Federal Trade Commission has issued an alert on a scam that is using the recent floods in Louisiana to its advantage. These scams take the form of a charity that ask readers to donate money to them. They of course keep this money for themselves. They can also send links or attachments that direct users to malware-infected websites. Attacks like these are commonly referred to as “Phishing attacks”. These attacks are sent out in mass to users in hopes that anyone will fall for the bait. Much like when you throw a fishing line out into a lake they often do not… Read More

Continue Reading