Staying Secure on Social Media

Posted by Clayton Bellot on September 15, 2017
Uncategorized / No Comments

From the desk of Thomas F. Duffy, MS-ISAC Chair

The number of scams and malware taking advantage of social media users and platforms is on the rise. Social media scams are easy to create and can target thousands of people at once due to how users interact with pages, posts, and contacts. Once your account is compromised, malicious actors can leverage it as a conduit to spread scams and malware to your network of friends or contacts. Facebook, Twitter, LinkedIn, and Instagram are a few very common examples of social media sites where you or your account could be at risk.

Learn more about how to identify and prevent attacks

Warning Signs that Your Computer is Infected with Adware

Posted by Clayton Bellot on June 01, 2017
Uncategorized / No Comments

If the answer to any of the following questions is “NO,” that means your computer is infected with Fireball or a similar adware.
Open your web browser and check:

  1. Did you set your homepage?
  2. Are you able to modify your browser’s homepage?
  3. Are you familiar with your default search engine and can modify that as well?
  4. Do you remember installing all of your browser extensions?

To remove the adware, just uninstall the respective application from your computer (or use an adware cleaner software) and then restore/reset your browser configurations to default settings.

The primary way to prevent such infections is to be very careful when you agree to install.

You should always pay attention when installing software, as software installers usually include optional installs. Opt for custom installation and then de-select anything that is unnecessary or unfamiliar.

Staying Safe From Tax Season Scams

Posted by Clayton Bellot on February 16, 2017
Uncategorized / No Comments

Now that W-2’s are arriving, it’s time to consider how to stay safe from tax season scams. Every year, unfortunate taxpayers go to file their returns and are shocked to find that someone else has filed a fraudulent one in their name! Some innocent people also receive fraudulent phone calls from criminals impersonating tax officials. Sadly, tax fraud has only become more widespread and digital communication has opened new ways for it to happen.

While the Internal Revenue Service (IRS) reports on multiple tax-payer related scams, and even publishes a “Dirty Dozen” list , three scams variants are worth highlighting: Phishing and Malware Schemes; Identity Theft and Falsely Filed Tax Returns; and Impersonation Scams. Once criminals have your information, they can also continue to commit identity theft well beyond tax season. Here are some details on each of these scams, along with how to identify them and seek help in case of identity theft.

More information for staying safe during this tax season is available on the Center for Internet Security site.

Android Privacy Assistant Seeks To Stop Unwanted Data Collection

Posted by Clayton Bellot on February 10, 2017
Uncategorized / No Comments

Not sure what your phone is collecting about you?

A free Android app is promising to simplify the privacy settings on your smartphone, and stop any unwanted data collection. The English language app, called Privacy Assistant, comes from a team at Carnegie Mellon University, who’ve built it after six years of research studying digital privacy.

*The English language app is free, but only works on rooted Android phones.

More information available at:

Security 101: Here’s how to protect your privacy from hackers and spies

Posted by Clayton Bellot on January 23, 2017
Uncategorized / No Comments

ZDNet offers simple security step-by-step guide helping to protect you against hackers and government surveillance. The topics include:

  • Secure your devices
  • Secure your messaging
  • Secure your browsing
  • Secure your servers and clouds
  • Beware the hard part

Within each topic, users are provided with options to maximize their data privacy.

Three Simple Steps to Secure Your Smart Devices

Posted by Clayton Bellot on October 26, 2016
Uncategorized / No Comments

Connected technologies, smart devices, Internet of Things (IoT) – they all mean the same thing. Every day devices that you commonly use but are also connected to the Internet. These are devices such as baby monitors, security cameras, thermostats, DVRs, light bulbs, gaming consoles or perhaps even your car. This connectivity brings great convenience but also additional risks. Here are three simple steps you can take to make the most of these devices while being secure.

SANS Securing the Human September issue of OUCH!

Posted by Clayton Bellot on September 07, 2016
Uncategorized / No Comments

We are excited to announce the SANS Securing the Human September issue of OUCH! This month, led by Guest Editor Robert M. Lee, we focus on Email Do’s and Don’ts. Sometimes we get so focused on the bad guys that we forget we can be our own worst enemies. This is especially true of email, as I’m sure many of us have sent an email we regret, emailed the wrong person, or the ever dreaded REPLY-ALL. We cover these issues and more to help people safely navigate the world of email. As such, we ask you share OUCH! with your family, friends, and coworkers.

English Version (PDF)

Translations & Archives

Hacking the Human: How Social Engineering Owns Our Users

Posted by Clayton Bellot on August 22, 2016
Uncategorized / No Comments

Hacking the Human: How Social Engineering Owns Our Users

Wednesday, June 22, 2016

Noon – 12:50 PM (Central Time)


Highly targeted Social Engineering attacks are wreaking havoc in cybersecurity. In one recent incident, hackers used social engineering to defraud a US company out of nearly $100 million. The increased use of these techniques is directly related to the fact that they are successful.  Traditional cybersecurity defenses do not stop these types of attacks and many organizations are ill prepared to prevent Social Engineering related breaches. Join our webinar session as we explore how social engineering is manipulating users and discuss the top preventative strategies.

More information available of this event at

LinkedIn Data Breach Blamed for Multiple Secondary Compromises

Posted by Clayton Bellot on June 22, 2016
Uncategorized / No Comments

The LinkedIn compromise has been linked to a number of confirmed incidents where data exfiltration has taken place. It’s possible these incidents are only the tip of the iceberg though, as many of the organizations compromised are service providers with access to customer networks.

Apple Releases Updates for Multiple Environments

Posted by Clayton Bellot on May 17, 2016
Uncategorized / No Comments

Multiple vulnerabilities have been discovered in iOS, watchOS, tvOS, iTunes, OS X El Capitan, and Safari which could allow for arbitrary code execution. Apple iOS is an operating system for iPhone, iPod touch, and iPad. watchOS is the mobile operating system of the Apple Watch. tvOS is an operating system for Apple TV digital media player. Apple iTunes is used to play media files on Microsoft Windows and MAC OS X platforms. OS X El Capitan is an operating system for Macintosh computers. Apple Safari is a web browser available for OS X and Microsoft Windows.

Successful exploitation of these vulnerabilities could result in, but are not limited to information disclosure, giving an attacker the ability determine kernel memory layout, or allow for arbitrary code to be run within the context of the user or kernel.

We recommend the following actions be taken:

  • Apply appropriate updates provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user to diminish the effects of a successful attack.
  • Do not to download, accept, or execute files from un-trusted or unknown sources.
  • Do not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Updating tvOS:

Updating watchOS:

Update the iOS software on your iPhone, iPad, or iPod touch:

How to update OS X and Mac apps: