OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS Securing The Human team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization. OUCH! is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to distribute OUCH! within your organization or to your customers as part of your security awareness program, or share OUCH! with your family, friends and coworkers. The only limitation is you cannot modify nor sell OUCH!.
Click the link below to see the current Cyber Security Awareness Newsletter and Newsletter Archive.
…with home users and small businesses said to be vulnerable to these exploits, there are concerns that these individuals and organisations will remain vulnerable to attacks because the users don’t understand how to secure the devices.Even the NCSC advisory says the very reason attackers select these devices is they’re known to be vulnerable and are often not patched.”Network devices are often easy targets. Once installed, many network devices are not maintained at the same security level as other general-purpose desktops and servers,” said the advisory.It added how few of these devices run antivirus or security tools and that “manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance”.The report urges manufacturers not to design products to support legacy or unencrypted protocols and to design the devices so that users are required to change the default passwords before using the device.
Gmail users Beware! Look carefully at the TO address [not just the FROM address] when you get a suspicious email!
I recently received an email from Netflix which nearly caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots do matter, and that this Gmail feature is in fact a misfeature.