Link: The Year of Online Extortion

catena d'oroAccording to one security expert, “2016 is proving to be the year of online extortion.” Attackers, he says, are no longer interested in just your credit cards: they want your personal information so they can hold it for ransom — or even sell it to the highest bidder. Continue reading

Network Forensics 101

elektronischer FingerabdruckBy John Mounteer, NYSTEC Information Security Consultant

A cybercriminal has just wiped all traces of an attack from your server. Now you’ll never know the source of the attack or the extent of the damage, right?

Not if you have a network forensic investigator on the trail.

The ability to interpret the data in log and capture files and recognize malicious activity in the data is a special skill that requires in-depth knowledge of network and application protocols. This article provides a short introduction to network-based forensic investigations of suspected criminal activity related to information technology systems.

Continue reading

The Internet of Everything: What Are the Risks?

The Internet of things market connected smart devices tag cloudBy Paul Romeo, NYSTEC Information Security Consultant

I recently attended a training class where, during the break, one of the instructors told me how excited he was about the new refrigerator he’d just bought, which was going to be part of the Internet of Everything (IoE). From his smart phone, he said, he would be able to inventory the items in his refrigerator and know when he ran low on key items such as milk, eggs, and, of course, beer.

I said he might want to rethink putting beer in the new refrigerator, because he might not be the only one with deep insight into his dietary purchases. His health insurance company could have access and observe his sugar, fat, and sodium intake by monitoring his purchases—and even potentially raise his health insurance rates based on that data.

The instructor replied, “I never thought about that. I’ll have to keep my old refrigerator for my beer and junk food.”

What is the IoE? Is it something great, or should we be worried? The answer is likely a little of both. Continue reading

Link: Do You Trust That Phone Number?

catena d'oroCaller ID spoofing occurs when scammers deliberately falsify the name transmitted to the Caller ID display on your phone. They can trick you into giving away personal information. And they can pretend to be you when calling consumer services companies, financial institutions, and government agencies. Continue reading

Planning for a System Security Plan

Businessman holding a transparent screen with an inscription a p

By Ron Stamp, NYSTEC Information Security Consultant

Many organizations today are involved with collecting and processing Personal Identifying Information (PII) or Personal Health Information (PHI). Because it’s crucial that such data is protected and handled properly, regulating agencies are requiring System Security Plans (SSPs) to be completed. Continue reading

Link: How a Hospital Handled a Ransomware Infection

catena d'oroIn March 2016, a hospital in Kentucky fell victim to the ransomware known as “Locky,” a particularly nasty virus that encrypts vital files and demands money to unlock them. Find out how Methodist Hospital handled the data emergency in the Krebs on Security news piece, Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection.

Disclaimer: The link to this content is provided because it has information that may be useful. NYSTEC does not warrant the accuracy of any information contained in the link and neither endorses nor intends to promote the advertising of the resources listed therein. The opinions and statements contained in such resources are those of the author and do not necessarily represent the opinions of NYSTEC.

How to Spot Poisoned Links

Hacker in the office

By Todd Brasel and Vince Hannon, NYSTEC Information Security Consultants

You’re looking for information on a particular topic, so you do a web search using your favorite browser.  The results page displays the first batch of links, and the first one looks especially promising — from the title and link description, it seems a perfect match.  But how safe is that link you’re about to click? Continue reading