Fortscale Insider Blog

Dark web

25 May Dark Web — Tor Use is 50% Criminal Activity — How to Detect It

The Dark web is a collection of thousands of websites that use anonymity tools such as Tor and I2P to mask their IP address. Tor was intended to offer anonymity and protection for legitimate purposes. But it’s also a significant haven for criminal activities. Detecting when your users are coming from a Tor site is critical. I’m occasionally asked about anonymizers and...

Read More
penetration test Part 1

24 May How IT Staff Can Make a Professional Internal Penetration Test —Part 1

Pretend I'm doing some sort of introduction here with statistics from like the FBI and friends about internal threats. Good, you just made the first step toward penetration testing—you imagined something. With a few tips you're ready to do your own internal penetration test. In this 2-part series you'll get the know-how that lets any IT staff person make an internal...

Read More
stolen credentials on the black market

23 May Stolen Credentials — Millions of User Passwords for Sale on Black Market

Reusing the same password across multiple sites nets stolen credentials A few months ago it was revealed that login details for around 300 million Gmail, Hotmail and Yahoo accounts were available for purchase on the black market. That figure comes from a single source that was discovered on the Darknet. The actual number is believed to be much much larger. To add...

Read More
Fort Friday Security Clips

20 May Fort Friday Security Clips— Flight 804, TeslaCrypt, Cyber-espionage Malware Discovered

EgyptAir Flight 804: No hard evidence yet Early Thursday morning EgyptAir Flight 804 was cruising normally beneath clear skies on a flight from Paris to Cairo, then suddenly lurched from left to right (issuing no distress signal) and plummeted 38,000 feet—disappearing  into the Mediterranean Sea. Egyptian authorities, some Russian officials and aviation experts say downed flight 804 may have been an act of...

Read More
compromised passwords

19 May Compromised Passwords in 6 of Top 10 Vulnerabilities

There are a lot of opinions about the biggest vulnerabilities when it comes to computer security. But compromised passwords remain a common theme among most lists of top vulnerabilities. Although top vulnerabilities may be manifest in varying ways, stealing user credentials belonging to legitimate users—especially privileged users is at the heart of most of the biggest vulnerabilities. Passwords Top The List A case...

Read More
data theft

18 May Data Theft —Top 5—Who’s Stealing Your Data?

There’s lots of information available about how cybercriminals steal our data. But there’s significantly less intelligence regarding just who is stealing it. So I decided to do a bit of research and put together a quick informal study on just who is behind today’s data theft cybercrimes. After reading dozens of papers and reports on the subject, I compiled and averaged...

Read More
compromised credentials spin data breach - it's Ground Hog Day again

17 May Compromised Credentials Spin Wendy’s Data Breach, It’s Ground Hog Day Again

Every time I look at the news and read about the latest data breach I’m reminded of the film Ground Hog Day where every morning actor Bill Murray would wake up to find an exact repeat of previous events. Compromised Credentials Last week it was fast food chain Wendy’s that came clean about their recent data breach, and yes, it’s the same old story about third-party vendor...

Read More
Fortcale

12 May Fortscale Update: Sitewide Upgrades

Fortscale will be working on sitewide upgrades beginning at noon PDT on Friday, May 13, 2016. Did you know that fear of Friday the 13th has a scientific name? "Triskaidekaphobia"; and an analogy to this the fear of Friday the 13th is called paraskevidekatriaphobia, from the Greek words Paraskeví (Παρασκευή, meaning "Friday"), and dekatreís (δεκατρείς, meaning "thirteen"). No Friday the 13th fear here—we...

Read More
cybersecurity apathy in the meeting room

11 May Cybersecurity Apathy – A misunderstood or bound for failure endeavor

Between all the firewalls, malware protection, threat intelligence, insider threat protection, IDS/IPS, managed security, certification and accreditation, and biometrics, why in the world are system owners still getting crushed? One word, apathy. When we look at the definition of the word, it is almost ironic if it were not so problematic. noun lack of interest, enthusiasm, or concern. synonyms: indifference, lack of interest, lack...

Read More

10 May When Someone Else Gets Hacked – Watch Out!

Those responsible for their organization’s data security may be thinking “I’m sure glad that didn’t happen to us” when they learn that some other company experienced a data breach. But in reality, when someone else get’s hacked, especially a big enterprise, it can put everyone else at greater risk of being breached – and we need to watch out all...

Read More