Privacy

LinkedIn Profiles: Ripe for phishing recon

The author notes that LinkedIn has "...more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams." Many times there are legitimate business reasons to post identifiable information such as email, phone, etc on LinkedIn.  Is it necessary to add things like date of birth or address?  Users must keep in mind the type of information they make available and what it could be used for. Additionally, do you 'know' each of your contacts? [...]

Linkedin is a good marketing tool, but what else can it be used for?

Linkedin is ripe with information about people.  In a targeted attack, facebook and linkedin would probably be the two places to start gathering information.  Many people lock down facebook, but Linkedin doesn't have the same privacy controls and in fact, often times the information on linkedin is meant to be public.  What linkedin provides is a free, centralized source for that information. Source: http://securityaffairs.co/wordpress/19446/cyber-crime/linkedin-targeted-attacks.html

By | 2014-01-24T20:35:17-05:00 December 23rd, 2013|Compliance, Phishing, Privacy, Social Engineering|0 Comments

Are the websites you’re using tracking what you type?

Source - http://nakedsecurity.sophos.com/2013/12/17/are-the-websites-youre-using-tracking-what-you-type/ Backspacing, the select all/delete, hitting cancel or whatever it takes to avoid telling the world whatever it was that you typed may have been logged. Self-Censorship on Facebook (PDF), that describes a study conducted by two Facebook researchers said they used code they had embedded in the web pages to determine if anything had been typed into the forms in which we compose status updates or comment on people's posts. If the content wasn't shared within 10 minutes, it was marked as self-censored. Acording to Facebook: "the things you explicitly choose not to share aren't entirely private." Facebook spent [...]

Two Missing BCBS laptops may impact 800k people

Source: http://threatpost.com/two-missing-insurance-laptops-may-impact-800k-people/103202 Someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops that contained the sensitive information of more than 800,000 members The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters The laptops are password protected but also admitted that they had failed to encrypt them Stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information Horizon Blue Cross Blue Shield of New Jersey claims that they have no [...]

Target Stores said have data breach of over 40 million customers

Source: http://news.cnet.com/8301-1009_3-57616054-83/target-investigating-massive-black-friday-data-breach-report/ Everyone will be attacked, and many will be breached.  Have you taken steps to protect your organization or made plans for how to react in the event of a data breach?  Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities. [av_button label='Contact Us' link='page,35' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']    

MongoHQ Hacked

This goes to show that application dev is not necessarily the biggest risk.  Information Security isn't tied to any single domain of IT or business.  It's a complex relationship between every aspect. http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/ http://security.mongohq.com/notice

Phishing With Linkedin’s Intro

In the everchanging landscape of social media, the latest 'features' can often be the newest vulnerabilities.  Social engineering techniques have become very sophisticated, and can be a real problem for enterprises.  Take the recent changes to LinkedIn and the threat they post in the form of phishing emails: http://jordan-wright.github.io/blog/2013/10/26/phishing-with-linkedins-intro/ Are your end users' prepared to spot a well crafted spear phishing email like this?  We can help you find out. [av_button label='Find Out How' link='page,1298' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']