Raw Thoughts
No Framework Can Mean No Defensibility
Frameworks are extremely important in the modern security landscape. With the level of complexity of today’s average environment, even in the SMB arena, shooting from the hip is hardly an option anymore. In fact, I’d almost challenge that the way the SMB sector has approached security for well over a decade has just been plain wrong, let’s dive in.
Business Email Compromise is Still Alive and Well!
Ransomware, zero-days, and other "sexier" attacks have dominated the news lately. But an article I read on The Record served as an important reminder that business email compromise (BEC) attacks are still very much alive and well. BEC's are one of the simplest attacks...
Increased Law Enforcement Action – Is it Enough?
We’re finally getting to the point of seeing more successful law enforcement activity against cybercrime groups. From the FSB arresting the REvil gang to the takedown of tools like VPNLab, there’s obvious signs of progress. I feel rather good about it, and it makes my...
How I Secure WordPress
In the spirit of moving my website back to WordPress, I thought I'd share some tips on how I personally secure it. This may or may not work for you, but I've found that these strategies have worked for me for some time, I haven't had a case of compromise in quite...
Setup DNS over HTTPS on Windows 11!
Did you know that Windows 11 ships with built in support for DNS over HTTPS (DoH)? DoH is both a privacy and security enhancement that allows you to encrypt your DNS queries instead of send them in the clear over UDP. It uses HTTP/2 and HTTPS, and supports the wire...
Yes, Public WiFi is Still Insecure
So, on my phone, I use Microsoft Start as a news feed. I know, ANOTHER Microsoft product, Dom? Yes, maybe I have a problem, but I like how it customizes my feed. Anywho, that isn’t the point of this article. No, this article is about a news piece I read a couple of...
What Antivirus Should I use on my Home Computer?
As the “tech expert in the family,” I get this question a lot. I figured that I may as well answer it for whoever in my audience would listen. In this article, I’ll share my thoughts on what endpoint protect you should be running at home.First off, it’s worth noting...
New York’s OAG Monitors Threat Actor Forums, Notifies of Breaches
THE RECORD 5JAN22 - The New York Attorney General announced Wednesday that it discovered over 1.1 million compromised online accounts resulting from an investigation into credential stuffing. According to the press release, the office found “thousands of posts that...
FTC Announces Potential Legal Action for Failure to Patch Log4Shell, Future Vulns
Via The Record 5JAN22 - The Federal Trade Commission made an announcement on Tuesday that it may pursue legal punitive action against entities who experience a breach of consumer personal data as a result of failure to patch against Log4Shell and future ‘similar known...
