All tagged cybersecurity

Hacking Humble Bundle

Last year, Humble Bundle teamed up with the great tech publisher, No Starch Press, to offer deeply discounted hacking ebooks for as little as one dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks. This year, on Giving Tuesday, No Starch Press has a new Hacking Book Bundle. The regular cost for the ebooks is more than $800 but you can get all of these ebooks for thirty dollars or just a few of the ebooks for as little as one dollar.

2021 Top Cybersecurity Leaders

The March 2021 issue of Security magazine, partnering with (ISC)2, featured their inaugural list of the Top Cybersecurity Leaders for 2021. As the author of this blog, I am both humbled and honored, to not only be part of the inaugural team, but also to be recognized with these accomplished cybersecurity professionals.

The U.S. IoT Cybersecurity Improvement Act Becomes Law

An important step toward securing the Internet was achieved on December 4, 2020, when President Trump signed an IoT security bill into law. The Internet of Things Cybersecurity Improvement Act of 2020 has been in the works since 2017 and was passed by the U.S. House of Representatives in September 2020 and the U.S. Senate in November 2020.

The bi-partisan team that backed the IoT bill included…

October is Cybersecurity Awareness Month

In two weeks, the 2020 National Cybersecurity Awareness Month (NCSAM) will begin and Between The Hacks is a Cybersecurity Awareness Month 2020 Champion. Cybersecurity Awareness Month Champion organizations, which include companies, schools, school districts, colleges and universities, nonprofits and government entities, represent those dedicated to promoting a safer, more secure and more trusted Internet according to the National Cybersecurity Alliance.

For the month of October, Between the Hacks, along with hundreds…

Breachstortion

A breachstortion attack consists of a malicious email which claims that the sender has breached the victim’s website or company network, copied data from their databases and moved that data to an offshore server. The email then threatens to post the data publicly unless the victim pays the ransom.

Unlike sextortion, a breachstortion attack does not…

DEF CON Is Cancelled? Sort Of

The decades old joke that “DEF CON has been cancelled”, is now a reality. Well, not cancelled as much as moved online to become a virtual conference for the first time.

On Friday May 8th, 2020, DEF CON tweeted “The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19. In early March we had hopes that things would be stable by August. That is no longer realistic.”

COVID-19 Cybersecurity Resources

These days it seems that all news stories are related to COVID-19, and that’s also true in the infosec/cybersecurity community. Over the past month, I have read many insightful articles about COVID-19 phishing attacks and scams, and I’ve weighed in on the topic myself. While “top ten” and other lists are popular news items, I realized I hadn’t seen many lists of resources for COVID-19-themed cybersecurity incidents. So, Between the Hacks spent part of this week researching and starting to compile a compendium of pandemic-specific cybersecurity resources. The goal it to raise awareness, to share tips to prevent becoming a victim, resources to get help if you, or someone you know does become a victim, and also, some ways to help others during this global pandemic. As I learn of new resources, I’ll add them to this page.

Zoom Security & Privacy Tips

Zoom has made a lot of headlines recently as it has become the video conferencing tool of choice for many companies and individuals who found themselves suddenly quarantined at home due to the COVID-19 pandemic. Zoom’s daily active users jumped from 10 million to over 200 million in 3 months. The appeal of Zoom is that it’s easy to install, easy to use, has some fun features like virtual backgrounds, and its basic version is free. The free version allows for up to 100 participants to meet for a maximum of 40 minutes. This is certainly enough time for quick meetings with colleagues or catching up with friends and family. And if you need more time, just…

Juice-Jacking: Trading Your Data for Power?

There are few things in everyday life that instill panic in us more than seeing the low battery indicator on our mobile phone. This is especially troubling during travel, when your mobile device might be frequently switching between cell towers and Wi-Fi and chewing up more battery than usual. To help us with this problem, charging stations have graciously been made available for free, in many public places. While this free charge can breathe life back in our digital existence, it can also be the point at which your device becomes victim to a cyber attack called juice-jacking.

What is Juice-Jacking?

Juice-jacking happens when someone connects their mobile device to a USB charging station that has been modified to not only charge the device, but to also copy data from…

Multi-Factor Authentication: The Password Conundrum Part 3

In part 1 of the Password Conundrum, we talked about how we all hate passwords and how we can never remember a strong, unique password for every website, system, and application that we use.

In part 2, we talked about how a password manager can solve this problem and make your digital life much easier and more secure.

In part 3, I’ll explain multi-factor authentication and how to use it.

You don’t need an MFA (Master of Fine Arts) degree to use MFA (multi-factor authentication). Sorry for the acronym humor. MFA requires a user to provide an additional means of authentication or verification, in addition to entering a username and password. 

Before we delve into MFA, let’s talk quickly about authentication.

The Password Conundrum: Part 1

Long Passwords, Short Memories

The password is something we all love to hate. Many of us have to create hundreds of passwords and we are told by the paranoid cybersecurity experts to make them long and use all of the character sets on your keyboard so that they are not easy to guess. This also makes them difficult to remember, so what do most people do? They re-use passwords—which is also a big no-no.

While we all know these general rules, most people don’t know why they exist and what the real risks are. In this blog, I will help you understand the importance of following the rules when developing your list of passwords. 

Three Tips for Creating a Good Password

Below are three tips for creating complex and hard-to-hack passwords. 

  1. Make them long: There is some debate over the best minimum length of a password. Analysis from security expert, Troy Hunt, has shown that many of the sites we use, do not require very long passwords. However, research from Georgia Tech Research Institute (GTRI) shows that the

General Cybersecurity Tips to Prevent Malware Infection

Use firewalls and firebreaks (network segmentation): Place devices behind firewalls to protect them from untrusted networks, such as the Internet. And, use network segmentation—splitting a network into separate networks that are isolated, not connected—so a compromise in one part of the network won’t compromise the other (i.e. human resources and finance). This works much like a firebreak, which is…