October is Cybersecurity Awareness Month

In two weeks, the 2020 National Cybersecurity Awareness Month (NCSAM) will begin and Between The Hacks is a Cybersecurity Awareness Month 2020 Champion. Cybersecurity Awareness Month Champion organizations, which include companies, schools, school districts, colleges and universities, nonprofits and government entities, represent those dedicated to promoting a safer, more secure and more trusted Internet according to the National Cybersecurity Alliance.

For the month of October, Between the Hacks, along with hundreds…

Time To Push The Pause Button

Between the Hacks is taking a short break. There is a lot going on in the world right now and many of you may feel overwhelmed. Please remember to take some time to focus on your health, life and family, for only then can you be your best.

I want to thank all of the readers and supporters of Between The Hacks and promise that BTH will soon return to sharing cybersecurity tips, news and reviews with the inter-webs.

Cheers,

Chuck Davis

BTH News 08August2020

This week on Between the Hacks, Black Hat keynote addresses election security, more fallout from the Blackbaud breach, the NSA warns of location tracking abuse, 20 GB of Intel data is leaked and watch the DEF CON YouTube channel.

Breach Week

It’s August 2020 and many families take this time to go on vacations. COVID-19 has caused many people to delay or cancel those plans so instead of Beach Week, here at Between The Hacks, we are dubbing this week as Breach Week.

Why? Because there was an unusually large number of data breaches made public this week. Avon, Drizly, Dave.com, Havenly and many others had data breached publicly online this week. So if you didn’t make it to the beach this year, put on your swimsuit, grab a frozen, fruity drink and relax as you learn which companies were breached, check if you were impacted, and learn how to be alerted if you are impacted by data breaches in the future.

Vulnerabilities Part 1: What Are Vulnerabilties?

About three months ago I started drafting a blog about vulnerabilities. This is a topic that I speak about frequently and is often misunderstood so I thought it would make for an easy and informative blog.

What I discovered is writing about this topic demands a lot more work than just speaking about it and this one blog has turned into many. So this week I am finally going to start a blog series on vulnerabilities where I will explain vulnerabilities at a level where the average computer user can understand the topic…

BTH News 18July2020

This week on Between the Hacks, hacked Twitter accounts used in a bitcoin scam, a critical Windows server vulnerability, the UK proposed IoT security standards, the Internet goes down on Friday and a riveting book about how wormable malware created an enormous botnet.

Pharming

Pharming is a type of cyberattack that redirects a website’s traffic to a malicious site that appears to be the real site. Pharming is used frequently in phishing attacks to trick a victim into sharing login credentials, banking information, or other sensitive data with the attacker…

BTH News 10July2020

This week on Between the Hacks, billions of leaked credentials found on the dark web, home routers found to be vulnerable, Instagram star extradited to the U.S. to face charges for BEC attacks, more news about clipboard snooping and The Internet’s Own Boy.

Vishing

Phone scams are almost as as old as the telephone itself. In fact, most of us have likely been the target of a vishing attack but were not aware of the term, vishing. According to Proofpoint’s 2020 State of the Phish Report, only 25% of those polled were able to accurately define the term, vishing.

What Is Vishing?

The term, vishing is a combination of the word voice, and the word, phishing (voice + phishing = vishing).

Vishing is a form of phishing that uses voice calls rather than email, to trick a victim into divulging personal, sensitive or confidential information to an attacker...

BTH News 04July2020

This week on Between the Hacks, July 4th Edition, voting vulnerabilities, Roblox hacked to promote Trump, a new bill that threatens encryption and free speech, the NSA shares VPN security strategies, and a book (and upcoming documentary) that reveals details of global cyber tension.

What Is Smishing And How To Spot This Attack

Smishing is not a new tactic but given that worldwide mobile device traffic is up 222% in the past seven years, it’s no wonder we’re seeing an increase in attacks targeted at mobile devices.

The term, smishing is a portmanteau that combines the term, SMS (text messaging) and the word, phishing (sms + phishing = smishing). As you may have guessed, smishing is phishing that uses SMS and similar types of text messaging.

What Is Smishing?…

BTH News 26June2020

This week on Between the Hacks, Netgear vulnerabilities, U.S. police data leaked, Lucifer malware targets Windows, 80% of people don’t delete data from their car before selling, and find out if your accounts have been part of a data breach.

Between The Hacks Makeover

Between The Hacks is long overdue for a makeover. Redesigning an active website takes a lot of time and effort and one thing that this global pandemic offered most of us, is time. I am still very busy, but not flying around the world has giving me some much-needed cycles and it’s time to take advantage of that. Below is the three-phased plan for the site makeover that I’m sharing so that these changes aren’t a surprise.

BTH News 19June2020

This week on Between the Hacks, breachstortion joins the family of phishing attack methods, a teen surfer and influencer’s Instagram account is hacked and used to share sexually explicit material, attackers are using MFA to lock people out of their hijacked accounts, an Isreali cybersecurity firm discloses zero-day vulnerabilities that affect hundreds of millions of devices, and a great deal on cybersecurity e-books.

Breachstortion

A breachstortion attack consists of a malicious email which claims that the sender has breached the victim’s website or company network, copied data from their databases and moved that data to an offshore server. The email then threatens to post the data publicly unless the victim pays the ransom.

Unlike sextortion, a breachstortion attack does not…