Fake Dropbox login page nabs credentials, is hosted on Dropbox

by in , , , , , , , , , , , , , 0

An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox. 

Link to the rest of this SC Magazine article to find out more about this new scam.

Use a password in only one place.

by in , , , , , , , , , , , , 0

Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

NSA, Net Neutrality Fears Overshadow Senate Cybersecurity Vote

by in , , , , , , , , , 0

The Senate Intelligence Committee will vote Tuesday on a bill that would allow companies to share information about digital threats, but the legislation faces potential roadblocks over concerns it could boost surveillance efforts and endanger net neutrality.  Additional information can be found here.

Are you emailing sensitive information? If so, beware... This could happen to you!

by in , , , , , , , , , , 0

It's inevitable that at some point at a college or university a request for sensitive data will be made to the owning department for a research project, a cross departmental project, or even a report to upper management.  All of these scenarios are common and acceptable requests, however, the method used to transmit or share the requested confidential data is critical to the safety and security of that data.  Here is an example of using an incorrect transmission method and the repercussions that followed.

Sharing of confidential information is an acceptable practice provided the following safeguards are used:
  1. Approval of the data owning department is given (preferably in writing).
  2. A secure, encrypted transmission method is setup to send and receive the data.
  3. Communication!  If you're unsure transmitting this data is appropriate or safe contact your security team.
Following these steps at a minimum will save you from many headaches and heartaches later.

by in , , , , , , , , , , , 0

Email phishing continues to increase and the attackers are constantly looking for better ways to trick you.  Phishers have their sites focused on PayPal now more than ever.  Read this SC Magazine article summarizing "The Internet Threats Trend Report April 2014" to learn more.

Hackers hit eBay database containing personal info, users asked to change passwords

by in , , , , , , , , , 0

EBay is asking users to change their passwords after it was announced yesterday attackers gained unauthorized access to eBay's corporate network, compromising a database containing encrypted passwords and other personal data.  Additional information may be found here or on eBay.

What you need to know about Heartbleed, a critical OpenSSL vulnerability that enables SSL/TLS decryption

by in , , , , , , , , , , , , 0

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.

Read this article which explains what you need to know about Heartbleed and OpenSSL.

Additional resources: