Every industry has a set of compliance standards to live up to, and many of these include cybersecurity components. Retail businesses maintain PCI DSS compliance; electric systems maintain NERC compliance, and so on. Generally, HIPAA applies to hospitals and other healthcare institutions. But as a recent HIPAA settlement at a university has proven, you may need to think about HIPAA compliance even if you don’t work in healthcare.
Bad password habits are far more common than we’d like to admit. Last year, for instance, I bought a used electronic device. But to my dismay, the seller had not taken her 4-digit pass code off one of the crucial functions. Likely, she had originally put up the pass code because she was storing payment information on the device. I tried to contact the seller, but heard nothing. So, I sat down and steeled myself to try every one of the 10,000 possible combinations until I found the one that unlocked that function. But to my surprise (and delight), I got in on my first try.
What was the pass code?
To understand DNS poisoning, think of a road trip gone wrong.
I don’t know about you, but I refuse to pay $90 to update my GPS map, even though this gets me into sticky situations sometimes. Once, I was trying to get to Portsmouth, for example, and the GPS told me to take a certain exit. But what the GPS didn’t realize, due to its outdated information, was that the exit was wrong. I ended up infuriated, driving much farther than Portsmouth.
Something similar can actually happen on your network. You’re trying to access a certain website, but your ISP’s DNS cache sends you somewhere else entirely—even to a malicious site.
This month, Citizen Lab uncovered some incredibly sophisticated malware that takes advantage of three previously unknown vulnerabilities, now known as Trident, in Apple iOS. The malware, which is worth as much as one million dollars, essentially jailbreaks the affected iPhone and allows the culprits to steal all of the user’s information. It intercepts every call and text message, captures emails, contacts, data from Facebook, Skype, WhatsApp—everything you would use for communicating. The malware is activated by simply clicking on a link that the hackers send you. Now, when people carrying infected iPhones bring them to work and connect to the corporate network, it becomes clear that we need a way of detecting a jailbroken iPhone.
Not all phishing attempts come in through your email. Has someone ever called you to offer you a free vacation, or to ask you to participate in a survey, and then asked you for sensitive information? They were attempting voice phishing, sometimes called “vishing.”