Using Punchlists to Stop Ransomware
I really appreciate all of the emails I get from you guys. And it is driving me to do something I've never done before now. I've always provided all kinds of free information. If you're on my email list, you get great stuff. But now we're talking about cyber punch lists.
[Automated transcript follows]
[00:00:16] Of course, there are a number of stories here that they'll come out in the newsletter or they did, excuse me, go in the newsletters should have got on Tuesday morning.
[00:00:26] And that's my insider show notes, which is all of the information that I put together for my radio appearances radio shows. And. Also, of course, I sent it off to the hosts that these various radio stations. So they know what taught because, oh, who really tracks technology, not too many people. And I get a little off-put by some of these other radio hosts, they call themselves tech people, and they're actually marketing people, but.
[00:00:57] That's me. And that's why, if you are on my list, you've probably noticed I'm not hammering you trying to sell you stuff all the time. It's good. Valuable content. And I'm starting something brand new. Never done this before, but this is for you guys. Okay. You know that I do cybersecurity. As a business and I've been doing it now for more than three decades.
[00:01:22] I dunno if I should admit that right there. Say never say more than 17 years. Okay. So I've been doing it for more than 17 years and I've been on the internet now for. Oh, 40 years now. Okay. Back before it was even called the internet, I helped to develop the silly thing. So over the years, we've come up with a number of different strategies.
[00:01:43] We have these things that are called plan of action and milestones, and we have all kinds of other lists of things that we do and that need to be done. So what we're doing right now is we're setting up. So that you can just email me M e@craigpeterson.com. And I will go ahead and send you one of these punch lists.
[00:02:09] Now the punch lists are around one specific topic. We've got these massive. Punch lists with hundreds and hundreds of things on them. And those are what we use when we go in to help clean up the cybersecurity and accompany. So we'll go in, we'll do scans. We will do red team blue team, or we're attacking.
[00:02:30] We do all kinds of different types of scans using different software, trying to break in. We use the same tools that the hackers use in order to see if we can. Into your systems and if the systems are properly secured, so we do all of this stuff and then it goes into all of the paperwork that needs to be done to comply with whatever might be, it might be, they accept payment cards. It might be that they have. But information, which is healthcare information. And it might be also that they're a government contractor. So there are hundreds and hundreds of things that they have to comply with. Most of them are procedural. So we have all of this stuff.
[00:03:13] We do all of this stuff. And I was talking with my wife here this last week about it and said, yes, That's so much of this could be used by small companies that can't afford to hire my team to come in and clean things up. And I don't want them to suffer. So here's what we're doing. We're starting this next week.
[00:03:36] We have a punch list for you on email. So what are the things you can do should do for email? Just very narrow on email so that you can recognize a Fisher. Email, what you might want to do to lock down your outlook, if you're on windows or your Mac mail. So we're taking these massive spreadsheets that we have and we're breaking them up.
[00:04:03] So the first one that's available to you guys, absolutely. A hundred percent free. Is the one on email. So just send me an email. Me M e@craigpeterson.com. Now, remember I am, my business is a business to business, but almost everything in these various. Punch lists applies to individuals as well.
[00:04:27] So I got an email this last week from a guy saying, Hey, I'm 80 years old and retired and I don't know much about computers. And that's what got us thinking about. No, we need to be able to help him. We need to be able to help you out. Okay. And if you're a small business and we've dealt with a lot of them over the years, and as a small business, you just don't have the funds to bring in an expert, whether it's me or somebody else, although yeah.
[00:04:56] You want the best anyways. It it is going to allow you to do it yourself. Okay. So absolutely free. All of these punch lists on all of these topics. We're probably going to end up with more than a hundred of these punch lists. And all you do is email me M e@craigpeterson.com. Just let me know in there what you're interested in.
[00:05:19] So even if we haven't got that punch list broken down for you yet, we will go ahead and put that on the. To do right. We need...
54
views
Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K?
Do You Know How Crypto's Nose-dive Will Even Hurt Your 401K?
Hey, it looks like if you did not invest in "Crypto," you were making a smart move! Wow. We got a lot to talk about here. Crypto has dived big time. It's incredible. What's happened? We get into that and more.
[Following is an automated transcript]
Hi Everybody. Craig Peterson here. Appreciate your joining me today. Spend a little bit of time with me. It's always a fun thing to do; thanks for coming in. and Thanks for sticking around.
[00:00:29] Cryptocurrencies. It's a term for all kinds of these non-government sanctioned currencies.
[00:00:39] And the idea behind it was I should be able to trade with you, and you should be able to deal with me. We should be able to verify the transactions, and it's nobody's business as to what's happening behind the scenes. And yet, in reality, Everybody's business because all of those transactions are recorded in a very public way.
[00:01:03] So crypto, in this case, does not mean secret or cryptography. It's referring to the way the ledgers work and your wallet. And, the actual coins themselves, a lot of people have bought. I was talking with my friend Matt earlier this week, and Matt was saying, Hey, listen, I made a lot of money off crypto.
[00:01:29] He's a day trader. He watches it. And is it going up? Is it going down? Which coin is the dogecoin? The way to go? Because Elon Musk just mentioned it. Is it something else? What should I do? And he buys and sells and has made money off of it. However, a lot of people have. And held on to various cryptocurrencies.
[00:01:51] Of course, the most popular one. Everybody knows about Bitcoin, and Bitcoin is pretty good stuff, bottom line, but 40% right now of Bitcoin investors are underway. Isn't that incredible because of the significant drop-off from the November peak? And this was all started by a problem that was over at something called Terra Luna, another cryptocurrency now.
[00:02:22] Already that there is a ton of vulnerable vol a ton of changes in price in various cryptocurrencies, Bitcoin being, of course, a huge one where we've seen 5,000, $10,000 per Bitcoin drops. On the other hand, it is an amazingly fluid, if you will coin. So several different people have come out with some plans.
19
views
Facebook Has No Idea Where Your Data Is and What They Do With It?!
Facebook's about 18 years old; coming on 20, Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim to that? Hey, upload your contacts. We'll find your friends. They don't know where your data is.
[Following is an automated transcript]
[00:00:15] This whole thing with Facebook has exploded here lately.
[00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data. So it goes, no, there's always a lot of rumors about different companies, particularly when they're a big company, and the news headlines are grabbing your attention. Indeed Facebook can be one of those companies.
[00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. The report was obtained from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies going to go under, and they posted internal memos.
[00:01:23] It got sued out of existence, but there's no way that Facebook will be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of the implication of a tsunami coming in and just overwhelming everything.
[00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with it? People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third-party data. You've got first-party data. You've got sensitive categories and data.
[00:02:16] They might know what religion you are and your persuasions in different ways. There are a lot of things they might know about you. How were they all categorized? Now we've got the European Union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that.
[00:02:41] That's not my specialty. My specialty is cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose.
[00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two-factor authentication and fed it to its people, feature, etc. Advertisers. Yeah. Interesting. Hey, so Gizmodo caught Facebook doing this with the help of academic researchers. Eventually, the company had to stop the practice because this goes back to the earlier days when Facebook would say, Hey, find out if your friends are on Facebook; upload your contacts.
[00:03:54] And most people. What did you know back then about trying to keep your data private and stop the proliferation of information about you online? Then nothing. I probably even uploaded it back then, thinking it'd be nice to see if I got friends here. We can start chatting, et cetera.
[00:04:12] According to legal experts that were interviewed by motherboard, who wrote this article and had a copy of the internal memo this year, PN regulation prohibits explicitly that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live.
[00:04:37] How it handles user's data. Now I was on several radio stations this week talking about this. And the example I gave looks at an average business from the time it started. How did Facebook start? Wildly scraping pictures of young women off of Harvard University. The main catalog, contact page, and then ask people what you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, is to mark Zuckerberg girl; all that matters about a woman is how she looks. Do I think she's pretty or not?
[00:05:15] It's ridiculous what he was doing. Oh, that's Zuckerberg, who he is not a great guy anyway. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and opening it up even wider and broader.
[00:05:42] And...
19
views
Small businesses are getting worked over by the big-business / big-government monopolies
- Why do big businesses LOVE government monopolies?
- Big businesses don't need Research and Development
- How big businesses steal innovations
- Why the new Senate anti-Trust bill can't work
- Job applicants are being scammed even more
- Should Russia lose its top-level domain, .ru ?
- Microsoft's Ukraine offensive against Russia
- Elon Musk Starlink under attack
- Pandamonium in Russia
244
views
The Latest Rip-Off! Non-Fungible Tokens (NFTs)
Did You Hear About the Latest Rip-Off? Non-Fungible Tokens (NFTs) Are Already Losing Steam!
[10:54] How Law Enforcement Tracks Bitcoin! It is Absolutely NOT Anonymous
[20:05] The FBI Is Actively Removing Malware From Private Machines -- Without The Owner's Permission
[29:10] Why and When You Shouldn't Trust QR Codes
[41:08] Cybercrime in Russia Tracked to a Single Office Building in Moscow!
[52:29] The Newest Phishing Scams
[01:01:32] Using Wordpress? How Supply Chain Attacks are Hurting Your Business Website
[01:10:43] Cybersecurity Tools You Should Be Using!
331
views
Are You Ready For Data Wiping Attacks?
Yet another warning coming out from the federal government about cyber security. And this one is based on what’s been happening in Ukraine. So we’re going to talk about that situation, the whole cyber security over there, and why it’s coming here.
- Data wiping attacks
- Tape backups
- The grid isn't ready for electric cars
- How new nuclear can give us clean, safe energy
- Belarus attacks Russian transports
- Autonomous vehicle strategies
- How safe is smartphone encryption?
- Dangers of public VPNs
49
views
Which Anti-Hacker Techniques Can You Use Against the Russian Hackers?
Weekly Show #1158
We know the Russians have been attacking us. I've talked a lot about it on the radio and TV over the last couple of weeks. So I am doing something special; we are going through the things you can do to stay safe from the latest Russian attacks.
Last week, we started doing something I promised we would continue -- how can you protect yourself when it comes to the Russians? The Russians are the bad guys when it comes to bad guys. So there are a few things you can do. And there are a few things; frankly, you shouldn't be doing. And that's precisely what we're going to talk about right now.
Today, I explain:
- How to protect your back-end
- Preventative measures
- The new rules of backing up your computer
As usual, we'll cover the What, Why, and How's.
268
views
Why Is Russia Password Spraying Hurting You? How Are They Doing It? And How Will It Affect You?
-Episode 1157: Why Is Russia Password Spraying Hurting You? How Are They Doing It? And How Will It Affect You?
The Russians are using "Password Spraying" to attack businesses, individuals, and government agencies. They're being very successful doing it.
And you or your business are among their targets. And I'm going to tell you what you can do about it.
These Russian hackers use more than 2 billion usernames and passwords stolen in data breaches to access accounts across the Internet. The hackers try and use these stolen credentials to get into bank accounts and companies. This technique is now one of the most common causes of data breaches.
Why does Password Spraying work?
It's simple.
65% of people reuse the same password on multiple accounts, so "stuffing" those stolen email addresses and passwords is very effective. Almost all of the login attempts to my clients' systems are "Password Spraying" attempts. Far more than legitimate employee logins.
What to do? Understanding the reasons for the attacks might help:
- Selling access to compromised accounts: This is particularly common for media streaming services. Disney+, Netflix, and Spotify have all been victims of attacks. Hackers sell access to user accounts for less than the cost of a subscription.
- E-commerce fraud: Hackers can impersonate legitimate users at retailers' websites and order a high-value product, either for use or reselling. According to research from Akamai, this is a common form of identity theft and makes retail the most vulnerable vertical for credential stuffing.
- Corporate/institutional espionage and theft: Suppose an attacker successfully hijacks an employee's account or, even worse, an admin. In that case, they could gain access to sensitive information, like Intellectual Property, credit card numbers, social security numbers, addresses, and login credentials. All sold to the highest bidders.
Passwords Aren't Enough Anymore!
Multi-Factor Authentication adds another layer to password protection. As a result, it becomes more difficult for hackers to reach your sensitive data by providing layers to your security.
In addition, research suggests that firms that rely solely on passwords for cybersecurity are at a much higher risk of having their data hacked.
Multi-Factor Authentication depends on:
a) A long and strong password that the user can remember, i.e., something you know
b) A mobile device or hardware token for sending codes or One-Time-Passwords (OTPs), i.e., something you have
c) A biometric marker such as fingerprint, face, iris scan, etc., i.e., something unique to you
My advice: Use a strong password manager that includes creating, storing, and using strong passwords, OTPs, and your personal biometric information.
For a special report on creating and using Multi-Factor Authentication, just send an email to me@craigpeterson.com and put "Multi-Factor Authentication" in the subject line.
1.23K
views
1
comment
How Will the United States Reaction to Russia Hurt?
Analysis of the Russia situation. How is the United States responding? From our government to our businesses. What does it mean to you?
- Should Russia lose its .ru domain? It's not playing fair, so should it even be allowed on the Internet? Many say nyet!
- Microsoft's most recent actions remind me of the Lend/Lease plan with Britain
- In what ways is Elon Musk's Starlink changing the war?
- The pandemonium online from the war and how it will affect us all
13
views
2
comments
Feds release free tools -- But they're loaded with bureaucracy
Conservative/libertarian host Craig Peterson is heard throughout New England every week giving his opinion on Cybersecurity, new Technologies, and Government involvement.
This week, Craig talks about the latest announcement from the Feds: Cybersecurity Tools that are almost useless.
Also:
- A personal story. Did You Hear About the Latest Phishing Scams to Hit?
- Researchers have traced multiple Russian Ransomware gangs to a building in Moscow.
- Supply chain hacks hit millions of websites.
357
views
Considering a change in employment? Apple/China/Green Army/Bitcoin seizure and Cybersecurity Jobs!
THE LATEST IN THE NEWS
Apple is About to overturn the payment industry.
China no longer has a monopoly on almost anything.
US Army going Crazy or Green?
Feds seize $4 billion in Bitcoin!
LOOKING FOR A JOB?
Cyber security job vacancies --finally the truth!
What's happening with the Great Resignation?
Why there's still Age-ism in hiring, and what to do about it.
What to put on your Resume, and what to take off to get a job.
Craig brings you the news you need to know and makes it all understandable.
320
views
2
comments
Are You Ready For "Shields Up"? Right-to-Repair backfires!
Conservative/libertarian host Craig Peterson is heard throughout New England every week giving his opinion on Cybersecurity, new Technologies, and Government involvement.
This week, Craig talks about the latest announcement from the Feds: "Shields Up!" They're warning about Cyber attacks against the US. Coming from Russia, they expect untold carnage. But how likely is it?
Also this week: Senators trying to spy on all our digital information (including a RINO Republican). The "Right to Repair" backfires. Six reasons Meta/Facebook is failing. The top Cyber problems in 2021. More malware attacking Apple Mac computers. The five things businesses need to do for Cyber Security right now.
219
views
2
comments
Doorbell Cameras Used to "SWAT" and Kill People
We're going to talk about how some of our technology we're bringing into our homes to keep us safe is actually ending up killing people. Yeah. Yeah. Death by a police officer. We have these home cameras that we have welcomed into our homes. And one of the ones that have been getting a lot of heat lately is the ring camera. I don't know if you've seen these things. They've been advertised on television, and it's basically like a little doorbell. You put it out there by your front door, side door, whatever, and it has a doorbell button.
23
views
The Lockdown and Business - A Dangerous Combination
Our businesses had to rush to get employees and contractors working from home. But at what cost?
I examine the latest example, the attempted poisoning of an entire town.
What can businesses do to help ensure their ability to survive storms, computer failures, and government lockdowns?
4
views
SolarWinds Has Been Used to Let Russian Hackers into 499 Fortune-500 Companies
This hack apparently allowed intruders into our networks for maybe a year and a half. But certainly, since March of 2019, this is. A huge deal. We're going to explain a little bit about that here.
Who got hacked? What does it mean to you there? And I'm going to get into it just a little bit of something simple. It could be, haven't been doing what I have been advising you guys to do for a long time. Does this, like earlier I mentioned, Hey, change your passwords, use different passwords.
And in fact, That's a big problem still, but we'll talk about this right now. SolarWinds is a company that makes tools to manage networks of computers and the network devices themselves. And my company mainstream was a client of SolarWinds. Sorry. I want to put that on the table. However, about a year and a half to two years ago, it's probably been about two years.
2
views
Facial Recognition Software Used to Falsely Imprison...
The allegations are that Clearview stole your picture without your consent and without the consent of the websites you put them on. Now they are being used in this biometric database by the police and others with wrongful arrests. So we were talking about Clearview using these images that were scraped from the internet illegally. In some cases against obvious usage agreement, as well.
Now is that they've got this biometric database of the images, and they can use that database to match an image of one person to one of these preexisting images that have been analyzed and scanned and maybe stolen. Depending on how you want to look at it, the allegations are all the way across the board.
8
views
Remote Workers Unfairly Paying Other States' Income Taxes
You might be in for a bit of a shock if you have been working remotely due to this whole lockdown thing. Millions of us are going to have a bit of a surprise coming up soon. Many of us have problems, if you work in Maine and you work in Massachusetts, you could have a little bit of a tax problem, but there is a reciprocal agreement that's in place.
So if you had been working in mass and you live in Maine, Okay. I can see that you're driving down to Mass every day, and you're living in Maine. So the reciprocity agreement covers that. But how about if you have never stepped foot in Massachusetts? How about if you started working for a company out of New York or a company out of California?
Did you realize that many of these, all of them, by the way, Democrat administrations are now going to require you to pay state taxes, Connecticut, you name it. All of these it is very concerning to me. And when we get right down to workforces and the fact that this whole lockdown has accelerated this trend of working from home.
And because of that, we've got employers who are letting their workers perform their jobs remotely from home most, if not all, of the time. So, where does illegal nexus tie in? So they're saying, Hey, listen, your employer. And you both knew exactly where you live and work, but the state departments of taxation can have some very different ideas about where here is.
2
views
Subliminal Advertisement on Joe Biden's Whitehouse Homepage
Let me tell you, I'm not trying to start some rumor here. This is absolutely true. You might've heard about Easter eggs before? No, I'm not talking about it. The type that you know, that little bunny, comes with the colored dyed hard-boiled eggs, or maybe they're little plastic aides with candy inside. Some of that Candy's yummy. It's just horrific; it's at least it's not as bad as mean with those little corn things that are nasty.
Anyhow Easter eggs are in movies. Have you seen them in the Marvel movies? For instance, they use them quite a bit. These are little things hidden away so that people who are watching super fans can find them. It might be just something on a shelf. Behind in one of the movies. So it's on a set, and it's something from another movie.
It might be a movie that the director loves, or maybe it's another movie. That's part of the series. Those are Easter eggs. They are hidden away. They're there, but they're hidden. I think those are cool to try and spot sometimes. The White House added an Easter egg, this subliminal ad to the White House website shortly after president Biden took office.
19
views
Leaving WhatsApp? Don't use Telegram if you want privacy!
You might've heard about WhatsApp; WhatsApp used to be really popular. I've had a listener before ask me about using WhatsApp overseas. It was a family member who was serving in the military, and they wanted something secure. They asked about WhatsApp, and I said, I don't know. A little bit of moaning and groaning there, I'm not too fond of WhatsApp because of Facebook.
Facebook, our friends over there, decided that they were a couple of weeks ago to come out with new terms of use. And that new terms of use have language that made it sound like maybe they'd be spying on us. Now that Facebook has come out and said, no, we're not going to break the end to end encryption.
In other words, we won't be able to decrypt your conversations. However, we are going to start sharing your information with advertisers, et cetera. Sharing your information about WhatsApp, an encrypted, supposedly secure chat app, might cause problems. You can imagine someone knocking on your door and saying, why are you using encrypted communications?
And in fact, you have every right to; it is the best thing to do. You don't want bad guys getting their hands on it. And in some parts of the world, the governments just can not be trusted, and they are trying to monitor everything that's going on. So that's why I've never been a fan of WhatsApp. And why so many people have migrated off of WhatsApp.
5
views
Google Chrome and Microsoft Edge Getting Password Management
There are many things that we have to understand and take care of when it comes to our computers. But frankly, one of the things that we have to be the most concerned about, and yet, so many of us just haven't been paying that much attention. Is our password. Every week, we hear stories of people who have had their accounts hijacked, who have had people take their bank account money right out.
We've seen that for a couple of years, but it's getting worse and worse. I'm not exactly sure why you guys are not using unique passwords. For every one of your accounts, I really don't get it. It's easy enough to do use 1password. I don't have any money invested in these companies unless you buy 1password through me, which I don't sell.
I'm not going to make a dime off of it. Use 1password or LastPass. Same thing there. I know the CEO of LastPass had him on the show before I don't make a dime off of it. So use them. It's just so easy to do, but yeah. Two-factor authentication. That's a little bit of a different thing. And we want to get into here in just a minute and how you can use that and tie it in.
4
views
Russians and China using Cloud Jacking and Credential Stuffing
The biggest problem, pretty much all of us have, has to do with our passwords, what we're doing with them, how often we're changing them, how we are storing them. It is being used for quite a few things out there right now. We see a real emphasis on a term you might not have heard before it's cloud jacking.
This is where someone gained access to your cloud services and then does nefarious things with them. What do you expect them to do now? What does this all mean? If you are using something, like maybe you're using salesforce.com, maybe you have online banking with your bank.
Most people do. There are so many cloud services that we use nowadays. And cloud jacking is where someone gained access to that online account. You might ask, how do they do that? How do they gain access to it? The simplest and most common way of doing it is something called password stuffing. Now, I know I'm throwing many terms out there for everybody, but basically, cloud jacking means that cloud service is being used without your permission, your cloud service.
3
views
How to Protect Yourself Against These Big Hackers
With this going on, how can you protect your own privacy?
Well, it's looking more and more like those Russian hackers are behind the massive SolarWinds cyber attacks. Hackers use it to compromise many U. S. Government agencies ' networks. Some of the most sensitive agencies you can think of, including the Department of Defense, the Department of Justice, and then there's the most prominent companies globally, managed services providers, which brought the hack down all the way to small businesses.
That's what we're going to talk about right now. What was the hack? How could you prevent this? Not just in your business, but in your home, I'm going to give you a couple of different little tips that are going to take you a long way. And kind of explain just what happened.
203
views