l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - Major Security Threats Update



Major Security Threats Update
Current ransomware risk, fake LinkedIn profiles, Bart ransomware, spearphishing uptick, successful security paradigms
MP3 - Ransomware Risk, Fake LinkedIn Profiles, Spearphishing, Password Reuse Attacks



Understanding Ransomware Risk

Excellent article by Microsoft that IT managers should use to educate company business decision makers.

Proofpoint did an analysis on some new ransomware called Bart

Their analysis demonstrates that if you do not have adequate protection against email borne ransomware attacks, you will become a victim.

Fake LinkedIn Profiles

Only connect with people you actually know and have assessed.

Some guy was complaining that LinkedIn limited him to 30,000 connections. Really?

That is what followers are for.

As a reminder, turn on your LinkedIn privacy settings so that ONLY YOU can see your connections.

Massive uptick in spearphishing attacks from China that are getting past spam filters. If you do not yet have Trend's Hosted Email Security and Cloud App Security, then you are open to these attacks.

Clever piracy extortion scams

Trend's Cloud App Security and Hosted Email Security would likely stop these emails containing malicious URLs. Since the ISPs themselves are getting these emails, it indicates that the ISPs don't have adequate security.

Github and GoToMyPC and password reuse attacks

There are plenty of password manager applications to use. I recomend that whatever app you use, use it with multifactor authentication.

Check out my article on using the YubiKey with Password Safe and the Breakfast Bytes that goes with it to learn more.

Ransomware domains are up by 3500% in Q1 2016

By the way, do not visit unless your network is protected by a properly programmed WatchGuard Firebox. Every time I visit that website, it tries to execute an Adobe Flash attack.

My Firebox tells me about the fact that IPS attack signature ID 1132509 has been attempted.

You can see it here on WatchGuard's ThreadDB.

It's another fine example of how there is stuff on completely legit websites all the time that is trying to hack you.

What happens to a company when they do not have a relationship with a security consultant?
  • Wisconsin company where the finance person was also the IT person.
  • They never maintained a relationship with an external security consultant, so they ended up getting a ton of ransomware that was totally preventable with the systems that they currently had in place had those systems been maintained and configured properly.
  • Hey business owners! It is completely unrealistic to expect your IT manager to also be a security architect. Less than 1% of all people who have been professionally employed in the entire IT industry for more than 10 years have adequate knowledge of security strategy. So how realistic is it to expect your IT manager to get that job done by themselves?

You better have plans in place to get Office 2016 installed by February 2017.

Office 2013 will not work with Office 365 after February 2017.

What's new in Office 2016 for Office 365?