ExisorWhat are Chrome Extension Threats? Google Chrome extensions are available in the Google Chrom store, and they small pieces of software that perform functions or add features to a browser client. Malicious extensions in Google Chrome can be used by cyberattackers remotely in order to steal sensitive personal information, commit fraud, mine cryptocurrency, modify cookies, […]
What is Smishing? Smishing, also known as SMS phishing, is a type of phishing attack that is carried out through mobile text messaging. In smishing attacks, cyberattackers use social engineering techniques over short messages services (SMS) to steal your personal data and then use that information to commit financially incentivized crimes. Smishing is completed in […]
What are Browser Security Threats? Due to the ubiquity of web browsers, it is easy to forget that they are application platforms that can be vulnerable to bugs and hacking, just like other application platforms. We trust web browsers with some highly sensitive personal data, such as our login credentials, browsing history, cookies, and more, […]
What are Credential Management Systems? Credentials are user-generated or computer-generated evidence attesting to one’s identity. Four common types of credentials are passwords, certificates, tokens, and keys, and they provide access to networks, applications, web-based platforms, accounts, and other sensitive information that validated users have been granted permission to access. Cyberattackers have several means for gaining […]
What is an Air-Gapped Computer? An air-gapped computer is a computer that is isolated from unsecured networks, meaning that it is not connected to the internet or to any other system that is connected to the internet. A computer that is truly air-gapped will also be physically isolated, meaning that data can only be passed […]
What are Resilient Power Best Practices? Cyberattackers have been increasingly targeting critical infrastructure, including the U.S. energy grid which is also vulnerable to physical incidents, such as attacks from terrorists or vandals, and existential threats, such as Electronic Magnetic Pulse (EMP) which are generated from geomagnetic solar flares.1 The Cybersecurity and Infrastructure Security Agency (CISA) […]
What are Cache and Cache Poisoning Attacks? Web caching refers to the process of temporarily storing data for later use. The first time that a user visits a web page, a copy is cached, and when they visit the web page subsequent times they are served the saved cached copy of that web page, to […]
What is Payroll Security? Employers retain enormous amounts of highly sensitive information about employees and their dependents including names, addresses, phone numbers, email addresses, social security numbers, government IDs, licenses, financial accounts, legal information, sensitive health information, and more. This, of course, makes payroll at attractive target for cyberattackers, but payroll can also be targeted […]
What is Legacy System Decommission Planning? Legacy systems encompass elements such as computer systems, software applications, and specific software processes or technologies that: 1. No longer receive support and maintenance; 2. Are based on outdated technology; and 3. Are unavailable for purchase. There are many reasons why organizations might maintain and/or retain legacy systems, such […]
What are Employee Offboarding Cybersecurity Risks? Employee offboarding is the process of formally separating an employee from an organization due to retirement, resignation, termination, illness, or death. Employee offboarding encompasses all of the decisions and processes involved in this separation, including transferring the employee’s job responsibilities, deactivating access permissions, deactivating passwords, returning equipment and supplies, […]