Sign in

https://www.pandasecurity.com/en/mediacenter/src/uploads/2020/03/wireless-router-security.png

Last week I attended a meetup where we talked about Wi-Fi security. Wanted to talk about why is this important especially for home devices. Devices should be routinely be replaced and/or updated not only for speed but for security reasons as well. Just cause a wireless device still works from the 90’s it should not be used due to outdated wireless encryption.

What can happen? You might have unwanted guess connecting to your network or your data going over the air unencrypted. …


After an investigation by officials. The news outlet has reported what exactly took place. Technically there was a “hack” it was an unauthorized individual or group that gained access to the water treatment facility. What they did wasn’t exactly high-tech. The software application had a default password. Not only the problem of default password. They are still using Windows 7. Basically, everything is outdated and there is no hardening process for the facility.

https://cwatch.comodo.com/how-to-hack-username-and-password-of-website.php

Things to do for the water treatment facility: (some might be repeated from last week but now we have a clearer picture of what happened and what…


Link to article — https://www.theverge.com/2021/2/8/22273170/hackers-water-treatment-facility-florida-hacked-chemical-levels-changed

What happened exactly?

A water treatment facility in Florida was hacked. The attacker’s intention was unclear but it did try to modify the water makeup by adding sodium hydroxide. As noted in my previous posts. An attacker or threat is not always trying to break into the system to steal information. They would break into systems that may have a reputational, system, or service damages. In this case, the attacker was trying to damage either the consumers by possibly poisoning the water or the facility’s reputation by exploiting its security practices. There are not many…


What is SQL injection?
It is an attack method on data-driven apps or software via webpage input. A SQL statement is entered into the entry field to attempt the malicious activity. The code input allows additional access to read, modify, and delete data such as unauthorized data access or data manipulation. Both can be damaging to the organization depending on the type of data is available.

https://www.veracode.com/blog/intro-appsec/sql-injection-attacks-and-how-prevent-them-infographic

Why is it performed and what is stolen?
Attackers targeted you as the victim. It can be for many reasons such as stealing your intellectual property, damage your reputation, bring down your organization, or simply…


This week’s topic will be part two of the topic physical controls centering around the idea of facilities control instead of perimeter security on the meetup I attended a few weeks ago. Again, why are physical controls important? It is important because all the digital controls would be useless if someone was able to break into either stealing or sabotage any assets.

As noted in some of my previous posts. One thing an attacker will try to do is to damage or stall your operations without any intention of stealing any assets. So, what can you do to prevent or…


What is Bluetooth?
Almost everything has a BlueTooth connection these days but what is BlueTooth? Bluetooth is a wireless technology for short-range wireless communication between devices. It enables a connection between devices such as earphones, smartwatches, audio devices, gaming devices, cars, and many more. People use it often as it has many benefits.
-wireless & convenient when compared to cables
-range
-low power

Why is this topic relevant to information security?

Even short-range devices such as BlueTooth is vulnerable to attacks. Where attackers can exploit users’ BlueTooth connections without their knowledge.

Bluesnarfing
One of the attacks through BlueTooth is bluesnarfing. Bluesnarfing…


AAA of Security

Attended a beginner’s cyber meetup this week. Thought it would be a good topic. The presenters talked about the AAA which is a basic principle of cybersecurity. It is authentication, authorization, and accounting. It’s a control method for when a person’s identity is established with proof and confirmed by the system (authentication), what you can do (authorization) and logs of what they did (accounting).

Authentication — is generally what everyone knows. It is typically a user and password which is single-factor authentication. This is the weaker level of authentication. To increase security, one should set up multi-factor…


A hacker by definition is an unauthorized actor who tries to gain access either to steal, alter, destroy, or disrupt data and operations. However, they are not all “bad” as mainstream media portrays them. There are several types of hackers and their motives will depict them to the category.

White Hat Hacker:
Non-malicious hackers who attempt to break into an organization at their request. These are usually penetration testers also known as ethical hacking. There are many details but here are some basics. As a pen-tester have a goal and info. The organization may choose how they want the ethical hackers…


Note: This is for educational purposes only. Please do not attempt any harm to anyone.

So last week we talked about job posting scams from a job search point of view and what tactics they have to be careful with. Now, this week I will talk about it from a different perspective.

Employers need to be careful of attackers as well when posting jobs and doing interviews. What may an attacker do with job postings and at an interview? Well, it contains valuable information and sometimes may feel like a gold mine for potential attackers. …


This week’s topic will be about the threat of social engineering on job postings. Now the question is how can there be threats? There are threats because there will be people who want to take advantage of any possible situation especially during dire times when people are finding new jobs for any reason. They have to be careful as scammers are rising especially during times of covid-19. According to FTC scam’s reached the highest record level in the second quarter of 2020.

Sourced from CNBC

Scammers tend to use some of the principles of social engineering which are scarcity, authority, liking, social proof…

S.L.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store