On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in “good faith” with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ’s press release titled Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act…
Tag: hacking
Why does cyber warfare involving Russia and Ukraine increase the risk of cyberattacks against your business?
There are many reasons why the ongoing cyber warfare involving Russia and Ukraine increases the risk of cyberattacks against your business, but, one of the simplest explanations comes from a recent joint FBI and Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Advisory (Destructive Malware Targeting Organizations in Ukraine) that was published on February 26, 2022:…
Increased Ransomware Threat in Wake of Russia Invasion of Ukraine — Shawn Tuma Discusses
With the Russian invasion of Ukraine well underway, cyber warfare and increased ransomware activity are imminent. Shawn Tuma was a guest on KNX News to discuss the implications for Americans from the government level down to the mom and pop businesses. Listen to the interview HERE. A senior FBI official has asked businesses and local…
StopRansomware.gov – the U.S. Government’s One-Stop Resource for Ransomware
The U.S. Government has launched a new resource to help combat the ransomware pandemic. Below is the relevant information it has shared: The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources…
MFA Could Have Prevented the Ransomware Attack on Colonial Pipeline, According to its CEO
On June 8, 2021, Colonial Pipeline CEO Joseph Blount testified to a U.S. Senate committee about the recent ransomware attack on the company. While most of the attention to his testimony has been focused on the propriety of paying the roughly $4.4 million ransom payment to the DarkSide hacking group, I believe there is a…
Ransomware Attacks! The 5 Best Practices the White House Urges all Businesses to Take to Mitigate Them
The threat of ransomware attacks against all American businesses is so great that on June 2, 2021, the White House issued a memo to all corporate executives and business leaders with the subject “What We Urge You To Do To Protect Against The Threat of Ransomware.” This is the first time such a memo has ever been…
Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure (publication)
Many thanks to the Texas Bar Journal for publishing my recent article, Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure, in the Cybersecurity Issue: Without an understanding of the particular organization or the unique risks it faces, it is impossible to know what is best or…
The Art of Cybersecurity: How Sun Tzu Masterminded the FireEye / US Agencies / SolarWinds Cyberattacks
Sun Tzu taught that, when it comes to the art of cybersecurity, you must be wary of your business partners and other third parties. Why? Unless you are living under a rock, you should have heard that FireEye–perhaps the preeminent cybersecurity firm on the face of the planet–was the victim of a successful cyberattack. So…
***URGENT*** MEMO TO: “The IT Guy” RE: Securing RDP Access–Changing the RDP Port Does Not Work!
***URGENT MEMORANDUM*** TO: “The IT Guy” FROM: Your clients’ Incident Response Coach SUBJECT: Securing RDP Access–Changing the RDP Port Does Not Work! This Memo comes out of necessity, please take it seriously. I have now lost track of how many times over the past couple of months I have been on “scoping calls” with a…
Think your company is too sophisticated to be hit with a successful cyber attack? Ask FireEye …
A lot of business executives — and far too many IT professionals — think that their company’s IT systems are too sophisticated and well-maintained for their company to have a successful cyberattack against it. They think their company is doing it all right and this is only the kind of stuff that happens to “the…
You must be logged in to post a comment.