Category: Best Practices Weekly Summaries

Russia’s Cyber Strategies

(By: William Beard on November 4, 2021) Executive Summary There has been an uptick in fourth and fifth-generation warfare in the last few decades and a major player in that has been Russia.  It is no secret that Russia has always wanted to be the dominant world power and has often geared its war fighting …

The Next Generation and Cyber Security

(By: William Beard on October 21, 2021) Executive Summary According to research recently published by the National Cybersecurity Alliance (NCSA), lack of cybersecurity training and education might be Millennials and Gen Z’s biggest threat to their future.  The research titled “Oh, Behave!” published in late 2021 shows some gaps in the cybersecurity education and training …

Syniverse Short Message Service (SMS) Hack and Two Factor Authentication

(By: William Beard on October 5, 2021) Executive Summary Syniverse a Short Message Service (SMS) routing company based out of Hong Kong disclosed on September 27th, 2021, that it had been hacked for over five years.  Reportedly the intrusion affected over 200 of Syniverse’s customers.  SMSs are often used for two factor authentication (2FA) and …

Agricultural Supply Chain Attack

(By: William Beard on September 30, 2021) Executive Summary The agricultural sector has been hit with yet another cyberattack in 2021. New Cooperative a Iowa based grain collective was hit with a $5.9 million dollar ransomware attack by a Russia based group known as DarkMatter.  The DarkMatter team is made up of hackers from another …

Apple Zero Click iMessage Exploit

(By: William Beard on September 17, 2021) Executive Summary Citizen Labs, a research group at the University of Toronto recently discovered a vulnerability in all of Apple’s operating systems for their devices.  The vulnerability dubbed FORCEDENTRY by the research group was used to deploy the NSO Groups (named for its founders Niv, Shalev, and Omri) …

Responding to a Cyber Security Incident

What is a Cyber Security Incident? A Cyber Security Incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Events happen all the time in a network. It is the adverse events, ones that violate the policies and standards that is created to protect a …

Romance Scams: True Deception

On February 12, 2019, The Federal Trade Commission (FTC) release an article warning of the dangers of the Romance Scams.  In a Romance Scam, cyber criminals gain the confidence/trust of their victim and trick them into sending money. Data collected from the members of the Consumer Sentinel Network show a reported 21,000 incidences in 2018, …

Domain Name System(DNS)

DNS allows a user to type a Uniform Resource Locator (URL) into the browser which sends the user the requested website. In the background, DNS servers are communicating with each other to resolve that URL into an Internet Protocol Address (IP). Sounds good, but what could go wrong? Attack on DNS Malicious actors use a …

Email: Don’t Pass Go!

Businesses are highly affected by email scams. One scam reaching critical level is the W-2 scam.  The scam is aimed toward the HR department of an organization using sophisticated phishing technique and pretexting via email.  Attackers can gain access to company information, specifically an employee’s W-2 and file taxes in their name. The money will …

Access Control Models

Background – Considered one of the most crucial assets in a company, access control systems hold significant value. The term ‘access control’ refers to “the control of access to system resources after a user’s account credentials and identity have been authenticated and access to the system has been granted.” Access control is used to identify …