Security Archives - Page 8 of 20

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.

There is interesting breaking news from web developer and hacker Viljami Kuosmanen as reported in The Guardian - Browser autofill used to steal personal details in new phishing attack.

“The phising attack is brutally simple… when a user fills in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.”

Disabling Autofill in Web Browsers

Google Chrome

1. At the top right, click on the Settings icon (represented by three vertical dots)....

Auto-fill Phishing Attack – This is scary. You better turn off your browser’s auto-fill feature.tlgadmin2024-04-21T19:39:44-07:00

What are your unexpected risks from the Yahoo billion account breach?

The big cyber-security news today is the billion account breach at Yahoo! Some experts are recommending the immediate closing of your Yahoo! account. I am not fully on board with that recommendation. If you have highly sensitive information in your Yahoo! account then I agree. If the account is used for some club activities or e-mail in Yahoogroups.com, etc. then at minimum you need to change your password.

At minimum, all Yahoo! users need to change their passwords today. If you have helper/challenge questions for your passwords those questions and answers need to be changed, too. If your Yahoo! login name, password and challenge questions & answers have been used on other websites you need to change those, too, immediately.

Here is the advice Alvaka has for you:

· Beware that Yahoo! is a partner of AT&T so you may have exposure there, too. At minimum change the password or close the account and move your information elsewhere.

· If you have employees who check their Yahoo account at work you need block Yahoo! at your firewall and filtering defenses you have.

Here are some good tips I saw posted by the CEO of KnowBe4 and I agree with them. He says:

What are your unexpected risks from the Yahoo billion account breach?tlgadmin2024-04-21T19:40:41-07:00

I’m a Security Monitor

Irvine, CA - I have become somewhat enamored by the LifeLock commercial titled, “Fix it.” In that commercial, bank robbers come storming into a bank breaking a display and yelling, “Everybody on the floor.” As everyone hits the floor a man in a security uniform remains standing and one of the customers whispers, “Do something!” He replies, “Oh, I’m not a security guard. I’m a security monitor. I only notify people if there is a robbery.” After a brief glance around he passively says, “There’s a robbery.” The commercial narrator then says, “Why monitor a problem if you don’t fix it?”

You can view that video here.

I’m a Security Monitortlgadmin2022-02-03T11:40:52-08:00

Here is the reason your antivirus isn’t working anymore

Irvine, CA - Even the biggest of the antivirus software vendors are beginning to give up the fight against malware. The traditional ways of fighting just don’t work anymore. It is too reactive and labor intensive… not to mention just inherently flawed at this point. If you have been to our lunch and learns the past couple of years you know that at Alvaka Networks we down-play significantly the role and importance of firewalls and AV software. Sure you need them, but oftentimes users rely on those two tactics at the neglect of other often more important and effective solutions. If you want a comprehensive solution based upon tools you likely already own you should read this – What 12 Security Things Should I Focus on to Be Defensible in 2016? These are just as valid for 2017.

What is the breaking news on the demise of antivirus software as we know it? Well, it simply does not work well today and in the future. Here is a link to...

Here is the reason your antivirus isn’t working anymoretlgadmin2017-06-27T15:53:49-07:00

New statistics on ransomware

Chicago, IL - I sat in on a cybersecurity presentation by anti-virus/malware vendor Webroot. If you have not checked it out it is a good product that represents the next generation of protection in my opinion.

The slide deck had a few interesting graphic factoids I thought I would share.

New statistics on ransomwaretlgadmin2017-06-27T15:54:09-07:00

A three bullet summary of your current e-mail threats

Proofpoint Threat Operations and Research recently published their quarterly threat report for July - September 2016, which includes key findings such as:

Volume of malicious emails rose to their highest levels ever
New campaigns bearing varied attachment types broke volume records set in Q2, peaking at hundreds of millions of messages per day. JavaScript attachments continued to lead these very large email campaigns, growing 69% this quarter.

Ransomware variants grew tenfold
In particular, 97% of messages with malicious document attachments featured the popular ransomware strain Locky, while CryptXXX was the dominant ransomware delivered by exploit kit (EK).

Threat actors adjusted tactics in business email compromise (BEC) attacks
In BEC attacks, “display-name spoofing” increased to almost 1-in-3 BEC messages, gaining ground on instances of “reply-to spoofing,” suggesting that BEC actors continue to adjust techniques.

Download the full report. Please let us know if you have any questions related to this report or how Alvaka Networks can protect your people and data from attacks.

A three bullet summary of your current e-mail threatstlgadmin2016-10-24T13:44:00-07:00

Beware of this new domain name and SEO registration scam

Orange County, CA - I want to thank Alvaka network engineer Alex Estevez for bringing the e-mail below to my attention. One of his clients got this bogus message from GoDaddy. The scams on the internet know no ends for creativity and treachery.

This message looks so authentic and it can be so easy to go ahead and pay for a scam renewal and give up your domain login credentials too. Once you give up those credentials the thief(s) can potentially sell your domain name. For many businesses that would be devastating even if it only lasted a short time while the theft gets corrected. On top of the charge on your card they could potentially sell your credit card information as well.

Alex said, “What made me suspicious was the fact that the email came from a company called “Intranetregistrarnetwork.com” which just sounded bogus to me.“ That site is now shutdown, but count on another one to pop-up soon.

Here is what the e-mail looked like. As you can see it looks quite legitimate. It does not contain the spelling errors and poor grammar associated with so many e-mail scams....

Beware of this new domain name and SEO registration scamtlgadmin2024-04-21T19:41:30-07:00

Cracking your passwords just got faster and easier than ever, here’s how….

Orange County, CA – I just read about a new product announcement, New version of L0phtCrack makes cracking Windows passwords easier than ever. At Alvaka we used to do a hacking demo during a lunch and learn. Rex Frank would usually do the demo by doing a SQL Injection attack and bumping out to the command prompt. From there he would download the SAM (Security Access Manager) file and then use L0phtCrack to decode a password right in front of the eyes of everyone. Nearly everyone was shocked beyond compare. Of course that approach is now a bit dated, but it showed our guests just how vulnerable unpatched and inadequately secured systems can be. From the start of the demo to the revelation of an account password would only take five o

Cracking your passwords just got faster and easier than ever, here’s how….tlgadmin2024-04-21T19:41:48-07:00

Is password length more important than complexity? A guideline for password creation policy.

Orange County, CA - I just read a summary of research on secure passwords vs. weak ones that get hacked. If you are looking to create your own secret password or if you are a network administrator looking to enforce secure password policy then read on. These results are from a study on 10 million passwords that have been breached in recent years.

In summary, if you want a weak password, then use:

Words
Names
Verbs
Colors
Animals
Fruits
“Love” phrases
Superheroes
And days of the week
Leet speak, the act of using informal language or code in which standard letters are often replaced by numerals or special characters such as “n00b” or “gue55able”
Most importantly, don’t use patterns on your keyboard or phone dialer pad. Those are at the very top of the list of quickly decoded passwords....

Is password length more important than complexity? A guideline for password creation policy.tlgadmin2024-04-21T19:42:03-07:00

Here is something chilling everyone should read, even if you don’t care about privacy

Irvine, CA - I just read an article in BloombergBusinessweek. It should be of concern to everyone in this age where we give up our privacy with nary a thought. There is now a company out there scouring the World Wide [...]

Here is something chilling everyone should read, even if you don’t care about privacytlgadmin2017-06-27T15:54:33-07:00

CEO Message

Alvaka's Philosophy

Alvaka Facilities

Management Solutions

Services Overview

Ransomware Prevention

Ransomware Recovery

Infrastructure Monitoring

DFARS Compliance

NIST 800-171

Vulnerability Management as a Service

"Net" Solutions

AlvakaNet

NetPlan

NetSecure

Network Management Consulting

"Worx" Solutions

Software Patching

Backup & Disaster Restore

Managed Firewall

Advanced Email Security

Advanced Email Filtering

Staff Augmentation