I saw a few references to this KELA study of ransomware based on doing some digging around the dark web to see what people were looking for. I wasn’t necessarily surprised by what they found, because it seems relatively obvious, but I was a little surprised to see that it’s pretty well-thought-out. I guess I had been working on an assumption that folks using ransomware were just throwing out a wide net and catching whatever they could, but it seems like maybe they are thinking a bit more about what they are doing. … Read More
Look, it makes sense at any time, but right now with companies varying sets of rules around a pandemic, forcing employees back to an office, mandating a vaccine if they do, closing offices, etc. there is bound to be at least one person who just isn’t very happy with whatever stance the company has taken.
Would the vast majority of them stoop to purposefully installing ransomware on the corporate network? Probably not, but the hacker doesn’t need the majority, they need 1. Just one person to be so angry, and also unethical, and they are in.… Read More
At first blush, the idea of scanning images synced up to iCloud for child sexual abuse materials against the hash list of known CSAM images seems like a good idea. As a survivor of childhood sexual abuse myself, I want tech companies to takes some initiative to deal with this issue. They also want to scan images on kids’ phones using AI to see if kids are getting into any trouble with sending or receiving sexual material. Again, that sounds like a good thing. But, as the EFF points out, this all requires a backdoor, and backdoors, once created, almost never remain used for just one purpose.… Read More
That combination of things points to one, larger, issue. There’s a pretty large communication gap between IT and business users. The security restrictions that exist are getting in the way of people getting work done, and rather than ask for them to be changed, users simply work around them using their own tools, maybe even their own laptops, or network connections, and the IT folks don’t even know this is happening.
That’s a recipe for disaster. It might be time to work on communicating with your users, and of course when I say “communicate” that absolutely means listening too.… Read More
The question really is not if your data is going to get breached, or misused in some way, but when. It’s going to happen, you might want to plan for that eventuality instead of just asking nicely for people not to do that.… Read More
To borrow from Cris Carter, “Come On Man!” Actually, it’s easy to blame some lazy IT folks for not disabling accounts, but I’d be willing to bet that quite a few of these are actually some third party app, or … Read More