Recent Local Spearphishing Attacks

Over the recent week, Cornell and other companies and organizations have been hit with several spearphishing attacks. As you might expect, Cornell is a constant target for nefarious attacks (as are most large institutions), however this one has hit a large number of "Cornell.edu" email accounts. And over the last 24 hours, we've been made aware of several other attacks as well.

What makes this attack particularly challenging, is that the Sender and Subject appear to be legitimate.

However, once the email is opened the content reads something like: 

READ THIS MESSAGE (in a clickable banner)

05:59:47 (Cornell)
Re: "Subject"
Watch before: Thursday

If you clicked on the banner, you are taken to a page with a legitimate company logo - the one we looked at (safely) had the Xerox Logo with lines requesting our Xerox Login Name and Password.

IF YOU OPEN THIS EMAIL, DO NOT CLICK ON THE BANNER AND ABSOLUTELY DO NOT FILL IN ANY LOGIN OR PASSWORD INFORMATION!

[More]

Website Hosting - Is The Security Adequate

The Computing Center hosts websites and has done so for over 2o years. We're defintely NOT the least expensive, our clients choose us for our security and reliability. We also offer everything that's listed in the article from the FTC. 

by Andrew Smith, Director, FTC Bureau of Consumer Protection

Your website is the online face of your business. Some companies have the in-house capability to manage their web presence. Others hire a web host to handle it for them. When launching a new business or upgrading their site, savvy business owners comparison shop for web hosting services. At the top of your shopping list should be the security features built into what you’re buying.

In our meetings with small business owners across the country, you asked for more advice on selecting a security-conscious web host. As part of our cybersecurity initiative for small business, the FTC has suggestions about what to look for and what to ask when hiring a web host.

[More]

Uncovering the Hidden Costs of Legacy Systems

“I’m in favor of progress. It’s change I don’t like.” — Mark Twain

Any CIO or IT manager thinking about upgrading legacy equipment would agree. Many who were forced to shelve upgrade plans during the 2008 economic downturn now face a vastly different digital world where they must embrace change or lose ground to competitors.

It’s a tough decision to say the least. Business hardware and software carry a hefty price tag. Plus, companies must rebuild the legacy equipment infrastructure without undermining everyday operations. In a recent Forbes article, one Nationwide executive aptly compared the task with changing tires on a moving car.

[More]

Reasons for Company Executives to Take Security Training

We read about this all to often - a top executive at small and not so small organizations get scammed or spoofed into providing critical company information or make payments that are not legitimate. Of course we also see other employees getting tricked as well. 

For most companies the individuals at the top actually pose the most risk, due to having the most access to sensitive information and critical systems. They need to be the most aware, but when we and others conduct security awareness training, some executives and organizations leaders are noticably absent!

[More]

Dealing with spam text messages

 We find that spam text messages seem to come in waves. Just when you think that you've got them totally blocked, a new batch shows up. Like spam emails, it's a constant battle to keep these unwanted texts off of your smartphones.

They’re about as welcome as robot calls and junk mail — spam text messages.

They show up as unwanted and unexpected text messages on our phone screens. That’s aggravating enough, but it gets worse. Whoever is sending you a spam text message is usually trying to defraud you.

Most spam text messages aren’t coming from another phone. They’re usually originating from a computer and being delivered to your phone — at no cost to the sender — via an email address or an instant messaging account.

Don’t despair. There are steps you can take to reduce unwanted text messages and help prevent them from showing up on your phone and other mobile devices.

[More]

More Entries