It has been a bonus year for cyber criminals. The FBI’s Internet Crime Complaint Center (IC3) received nearly 800,000 complaints about cybercrime last year, more than two-thirds of a jump from what was seen in 2019. About a third of these complaints are from phishing attacks. The report summarizes data submitted by the general public and businesses on its website portal and is produced each year. Over $4 billion in losses attributable to these complaints was calculated, the most ever for what has been seen in one of these reports.
In my blog post for Avast, I summarize what was reported to the IC3 in the past year and suggest some simple strategies that individuals and businesses can take to prevent them.
It has been one of the first things that most remote workers learn: use a Virtual Private Network (VPN) to connect your laptop when you aren’t in the office. And given that many of us haven’t stepped foot in our offices for months, using a VPN now is ingrained in our daily computer usage. But as VPNs have gotten popular, they are also getting harder to keep secure. Various reports document that private data from 20M users have been leaked because of poorly implemented VPNs, including email passwords and home addresses.
In this post for Network Solutions’ blog, I discuss ways to prevent data leaks from happening and to better secure your VPNs, along with links to the most trusted reviewers of these products.
The not-so-dirty secret about web browsers is that browser extensions can be a major security weakness. But the problem with extensions deserves further treatment, especially as they can combine some very clever supply chain and obfuscation methods to make these kinds of attacks harder to detect and defend. These extensions are powerful tools: they have the same ability as your user account to obtain read/write access to any data in any browsing session you bring up, which makes exploiting them a big issue. Many extensions don’t require any special permissions to run on your computer or phone.
I write about how extensions can be exploited and what you can do to protect yourself in my latest post for Avast’s blog here.
Data privacy legislation is a difficult topic to get your head around. There can be multiple dimensions, sector-specific rules, and various national and, in some cases (such as in the US), local laws enacted to cover a multitude of issues. But the good news is that there are several US states which are on track to pass new data privacy laws during 2021. Some of these laws focus on consumer protection, while others concentrate on regulating data brokers or how ISPs should protect their customers’ data. Let’s review the progress and what is being proposed in my latest blog for Avast here. This could make 2021 the year that privacy laws become more pervasive in the US.
One of the long-time FIDO supporters gave testimony to its biggest benefits at the recent Authentication 2020 conference. The speaker was Marcio Mello, who is the head of Product for Intuit’s identity and profile platform. The benefits are saving money and time when users have to login to their SaaS financial offerings from Intuit, a company who has been interested in FIDO for years.
You can read more on my post for Nok Nok’s blog here.
Domain names lie at the heart of a business’ online presence. They control how a company’s web and other resources will be identified to the world and reinforce the numerous brands and trademarks of a business. Domains represent a combination of virtual storefronts and billboards to promote the brand and identify a source of trusted information about the business. The right domain name makes it easier for online customers to find and purchase a business’ products and services and is also used to protect their intellectual property and complement their offline efforts.
Companies typically register their internet domain names to support new brands, product launches, marketing campaigns, corporate acquisitions and restructurings. The issue for many corporations is managing many domains. And while the attention is focused on some of the world’s largest corporations, such as Coca Cola and Unilever which are reported to own thousands of domains, even smaller businesses can have large domain name portfolios. It is not uncommon for large organizations to own and operate thousands of domain names , for example.
But managing these large domain collections isn’t easy and in this ebook that I wrote for Network Solutions, I discuss the various problems and offer some solutions.
A novel experiment in deploying large-scale trusted data networks has begun in Helsinki, the capital of Finland. A variety of city services have been linked together using the open-source MyData Global solution, it was announced earlier this month. This puts city at the forefront of how it gathers data from its citizens and how it stores and uses the data. The goal is to give each person control over how their data is shared with various city agencies.
In this blog post for Avast, I examine the announcement and its significance for the rest of us and what it means for our own data privacy.
- The FDA has appointed Kevin Fu its first Acting Director of Medical Device Cybersecurity in the Center for Devices and Radiological Health. This center has several bodies, including the CyberMed Safety Board, the Digital Health Center of Excellence and other offices. Fu is an interesting choice: he’s most recently an associate professor of computer Science at the University of Michigan, and has previously held major management roles in the private sector. Fu was credited for establishing the field of medical device security beginning with a 2008 IEEE paper on defibrillator security and founding the non-profit research collaborative Archimedes Center for Medical Device Security. I interview him about his agenda, along with linking to various draft policy efforts the agency is working on to improve cybersec for IoT medical devices.
You can read my blog post here.
Sandbox security is complementary to honeypots. It usually involves a special VM that is kept in isolation from the rest of your network resources. Its sole purpose is to be a miniature laboratory to observe malware behavior. Security researchers have been using such sandboxes to analyze malware for many years. Because the sandbox is a controlled environment, its code can be dissected line by line without worrying about potential harm to other computers.
You can read my post on Network Solutions’ blog here, where I talk about its evolution and some of the online sources of sandboxes that can be used for testing for the presence of malware. Sandboxes also play a key role in the escalating war of obfuscation and detection evasion by malware.
If you recall the scene in Meet the Parents where the characters played by Robert De Niro and Ben Stiller discuss the “circle of trust,” then today’s blog will resonate with understanding of how your own digital circles of trust are constructed. Recently, Google decided to ban Spanish CA Camerfirma after repeated operational violations. The ban will come into effect with the launch of Chrome version 90, scheduled for release in mid-April. What this means for you, and how digital certificates are used in your daily computing life, are explained in my blog post for Avast here.