Need a reason not to use free hotel wi-fi without a VPN? How about spear-phishing and targeted attacks against you by people who your real name, your room number, and expected arrival and departure times? According to the article, some of the tactics used include Adobe Flash zero-day exploits, fake software updates containing malware, and embedded iFrames redirecting to phony installers.
When you connect to any wi-fi network, you must assume it is hostile and act accordingly. Even if you’re not a senior company executive, here’s an example of the types of attacks that could be used by a rogue Wi-Fi network against various password managers; if you use one, yours could be among them. It’s interesting to note that iFrames are also involved in one of the “sweep attacks” described by the paper.
Due to a cyberattack on JPMorgan Chase, the personal information of 76 million households has been stolen. According to the bank itself, names, addresses, phone numbers, and e-mail addresses were compromised, but there is no evidence that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised.
Even if your password was stolen, the damage done with that password will likely be limited to what anyone with access to only the bank’s services and information can do as long as Continue reading Personal Information from 76 Million Households Stolen
According to threat intelligence firm CloudStrike, Chinese cyber spies have been targeting think tanks, ostensibly to obtain information on the potential disruption of Chinese oil interests in Iraq. Spear-phishing, the act of sending an e-mail tailored to a specific individual (as opposed to e-mails sent out en masse to many different individuals, which is simply “phishing”) to fraudulently induce them to give away personal information such as their e-mail password, is hardly a new tactic; nor is the Chinese government the only group which has been accused of using it. In February 2014, the Syrian Electronic Army hacked into Forbes using the same tactic. In many cases, the true perpetrator of an attack is unclear, especially when Internet traffic is routed through the accused country.
I’m going to leave the finger-pointing to governments and the private firms that investigate such attacks. I will instead focus on how you can protect yourself against such attacks. While Continue reading How to Protect Yourself Against Spear-Phishing