Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

By Ryan C. Nerney

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances.

Related: Russia takes steps to radicalize U.S. youth

Individuals who possess security clearances are not prohibited from traveling to foreign countries; however, there are certain acts and behaviors that may raise foreign influence and/or foreign preference concerns.

Under Guideline B of the security clearance adjudicative guidelines, the United States government is concerned with any potential for foreign influence. This includes contact with foreign nationals or obtaining financial or property interests in a foreign country, that could create a heightened risk for foreign exploitation.

First, there are reporting requirements which indicate that any foreign travel, aid, logistics, obtaining property in a foreign country, or other such activity must be reported to one’s security officer.

It is common for people to want to expand their financial portfolios, sometimes including investments overseas; however, that possesses a security concern as any foreign assets may be used to exert pressure or influence over individuals who possess a security clearance. in order to persuade them to divulge U.S. national security secrets.

BEST PRACTICES: Blunting ‘BEC’ capers that continue to target, devastate SMBs and enterprises

By John WIlson

It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes.

Related: Deploying human sensors

But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always

The reason is the rise in business email compromise (BEC) schemes. This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. Here are a few examples of how these insidious campaigns use the power of human relationships to defraud businesses via email:

Scenario 1. A CFO receives an urgent email request from the CEO asking her to pay a supplier invoice immediately. The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers.

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

By Don Boian

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases.

Related: Cyber espionage is in a Golden Age

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate.

Each of these organizations performs cyber operations for various reasons. The Russian government, military, and intelligence service may wish to achieve some operational effect, for example, disrupting the power grid or interfering with telecommunications infrastructure, which may be part of a larger war plan. Some Russian cyber actors may gather intelligence while others are financially motivated.

Cybercrime is big business as global losses to ransomware are projected to reach $42 billion within the next two years.The economic sanctions that many nations have put in place to influence Russia will most likely trigger an increase in the illicit business of cybercrime to help offset losses to what was legitimate trade.

Cyber attack targets

Russia isn’t the only cyber actor increasing its pace of cyber operations during this time. While the world focuses on Ukraine, other state actors have increased actions to penetrate government and private sector organizations. While you might think that these actors are interested in government and defense information, their operations prove they are interested in much more – including software development and information technology, data analytics, and logistics.

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

By Toby Lewis

As the dust settles following the recently disclosed hack of NewsCorp, important lessons are emerging for the cybersecurity and journalism communities.

Related: How China challenged Google in Operation Aurora

The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. These are the foremost reasons China is ranked fourth worst globally regarding press freedoms.

China has enclosed its national internet servers within what is colloquially called ‘the Great Firewall.’ This firewall even goes as far as to block the latest versions of the encryption service TLS (v1.3) because it puts mechanisms in place to prevent third parties from decrypting traffic.

Internationally, there is no doubt that this predominantly serves to facilitate the detection and blocking of topics sensitive to the Chinese Communist Party, such as the events of June 4, 1989, in Tiananmen Square. The recent Western reporting on the Uyghur internment camps in Xinjiang triggered further sensitivity around how the international community views the Chinese Communist Party’s domestic policies.

In a recent statement, the Foreign Correspondents Club of China (FCCC) commented, “Covering China is increasingly becoming an exercise in remote reporting, as China cuts off new visas and expels journalists.” Only 4 percent of respondents to an FCC poll said their organization received a new J-1 visa in 2021, and 46 percent said their bureaus were understaffed because of a lack of visas.

SHARED INTEL: A foolproof consumer’s guide to creating and managing bulletproof passwords

By Robert Siciliano

It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. However, this isn’t a good idea. In fact, it’s terrible.

Related: Kaseya hack exacerbates supply chain exposures

You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. And once the bad guy finds his way in, especially logging into your email, it is game over. From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too.

All it takes is a cracker to find this password, and now every account you have is compromised. And finding that password is even easier. Some studies show as many as 40 billion records were compromised in 2021. Many of those records are passwords.

At ProtectNowLLC.com, we have a tool that has access to over 12 billion compromised records where you can search your username aka your email address to find out if your username and associated password have been compromised on a variety of breached accounts.

Thankfully, there is an easy solution: use a password manager. I’ve had a password manager in place since 2004.

GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

By Ognjen Ikovic

When was the last time you read an online privacy policy in its entirety? Perhaps, never?

Yet our world has moved online. We have on average 67 applications on our mobile phones, seven social media accounts and more than 120 online accounts. But these accounts are not all about networking and games.

Related: What happened to privacy in 2021

COVID crisis has forced us to work remotely. Our children now take classes online. Financial services, health, home security, governance and all other mission critical services are now provided online. The question is at what price?

All these activities leave a massive digital footprint comprising our private data. With the prospect of metaverse and other completely immersive online worlds, our data becomes us. Any misuse of this data can have incomprehensible consequences for us.

Each time we subscribe for an online service or install a mobile application, we are introduced with a document which explains in detail how our private data will be handled. This document is called a privacy policy. We are supposed to read through the privacy policy before proceeding with using the app or service.

Few folks bother. A few years back a small company from Iowa added a clause to their privacy policy offering a reward of 1000 USD to anyone who contacted them.

SHARED INTEL: Data breaches across the globe slowed significantly in Q4 2021 versus Q1-Q3

By Vytautas Kaziukonis

After a gloomy start with its first three breach intensive quarters, 2021 has finally ended, and on a positive note.

Related: Cybersecurity experts reflect on 2021

This conclusion is derived from an analysis of data taken from our data breach detection tool, Surfshark Alert, which comprises publicly available breached data sets to inform our users of potential threats.

Our analysis looked into data breaches that occurred from October to December 2021 (Q4) and compared them with the numbers from July through August 2021 (Q3). Breached accounts were analyzed according to the country’s origin, and the actual time the breach was recorded.

All information either stolen or taken from a system without the authorization of the platform’s owner (in other words, proactively hacked or scrapped) is considered a data breach. Data associations to specific breach instances are only stipulated. Full study data is available here.