Comments
Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
3/1/2017 | 7:38:22 AM
1.2m phishings
according to an essay published this morning on Help Net Security:

With 1.2 million phishing attacks, 2016 was a success for cybercriminals

while converting to a more secure o/s may not be immediately practicle nonetheless people can move ahead with AUTHENTICATION for e/mail, current term

consider using Symantec/PGP Desktop with Outlook,   or -- use ENIGMAIL with Thunderbird

note that this can be phased in -- as users and correspondents can acquire training and software step-wise. 

while this will be seen as a burden cost the potential for blocking tragedy is significant.

all e/mail should be authenticated and encrypted.

Link to article
Jet Hedon
50%
50%
Jet Hedon,
User Rank: Apprentice
3/1/2017 | 7:11:06 AM
Re: "Hope is not a method"
Thanks for your comment, helped me out to learn more
macker490
50%
50%
macker490,
User Rank: Ninja
3/1/2017 | 6:36:10 AM
"Hope is not a method"
between the cubes today employees are admonished to read incomming e/mails carefully and not to click on "anything funny"

there was an article on this this morning   on ComputerWorld

see A better security strategy than 'know your enemy': Know your co-workers

THINK

(1) are employees going to be highly successful in examining input mails for signs of fraud?    are they even capable of doing that ?   or are there going to be a few click-firsts and then ooooops errors ?

(2) why are your computer systems vulnerable to "phishing" messages that are loaded with malware?

---

a. start using PGP with Outlook to validate e/mails.   Or Thunderbird/ENIGMAIL .   It isn't hard; you can do it.

b. use a secure o/s.   we may not have any that are 100% secure -- but some are MUCH better than others.

 


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0243
PUBLISHED: 2018-07-19
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
CVE-2014-2302
PUBLISHED: 2018-07-19
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
CVE-2018-7602
PUBLISHED: 2018-07-19
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Rem...
CVE-2018-14332
PUBLISHED: 2018-07-19
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user...
CVE-2018-1529
PUBLISHED: 2018-07-19
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...