Make Unlimited Amount of Money$$$ Using AI!!
How do we do that? With AI of course So seriously how can we achieve that? BY using the recursive ability of computer tech in AI. What is recursive? A…
AI Being Used in Your Company? Good and Bad!!!
Good it will hopefully make your employees more efficient. Bad now that people are entering data and questions into AI cloud companies what is going to happen with this information?…
Need to reduce gmail storage?
Here are some tips to reduce gmail storage in case you have a lot of email that is causing you to pay for the extra storage (because more than a…
AI Has to Be Used Correctly
AI Artificial Intelligence has to be used with some intelligence which of course depends on what you want out of it. Are you building computer code? Then it is best…
Security Policy – What is it good for?
Well it is not what the Rush Hour Duo sing in: What is it good for? Absolutely Nothing!! Technically they are entertaining and doing their thing, so it is not…
Google Gemini is a Hacker’s Dream
Hackernews article Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites The money quote: “The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said, made it possible…
New Year Same Problems – Hackers Try to Get Clicks
Yes this time it is a successful attack on the hospitality industry in Europe – so why include? Because if it is working there – it will come here, just…
If We Do Use AI How Should Small Business do that?
Why should a small business (or any business) need AI to run xyz function? Let’s say you want to create proposals and have older proposals and current products and other…
Create Guardrails for Company AI usage
Everyone wants to use AI – but what about the negative effects? Like losing data to the public – or “leaking data”? So how can AI be boxed in? Hallucinate…
AI browsers Security Called Into Question – Make it secure after breach?
Futurism.com has a story on how Perplexity AI browser is not very good with security concerns: The vulnerability, known as an indirect prompt injection attack, is terrifyingly simple. “The vulnerability…
19 year old Microsoft code needs to be Deleted All Windows Systems
CVE-2025-24990. Microsoft’s legacy code nightmare. A driver for old fax modems (ltmdm64.sys) has been quietly sitting on every Windows system since 2006. Possibly even Windows XP, Windows 7, 10, 11,…
Q-Day the Encryption Breaking Armagaddon
Posed a question to Grok about the Q-day timeline – and it came back with this: The question is designed for small business and using the DEFCON presentation mentioned below.…
The Classic Question – How much to spend on Cybersecurity?
Let’s discuss this question (How much to spend?) on cybersecurity… with a conversation of Jimmy and Jane who are small business owners and have certain viewpoints: Jimmy (Sales-Focused Owner): Hey…
Heard of Syncjacking? Your Home Browser infects your work Browser!!
Here is the info from Grok copied verbatim: (from a specific question regarding syncjacking) ————————————————————————————————— Browser sync features, such as those in Google Chrome, allow users to synchronize data like…
What Makes Phishing so effective?
There are some Docusign phishing attempts as catalogued here at Malwarebytes.com How can one really tell that it is not a legitimate Docusign instead of a fake site or fake…
What if We are Losing Cybersecurity War?
What is Cybersecurity? Is it the way one uses and defends their data and systems? CISA the government agency (not my certifications Certified Information Systems Auditor by ISACA) … I…
After Ransomware How to Rebound to Normal
If you got ransomware – now what? How can you recover and get back to normal? Here are some images of ransomware from older posts on this blog: Asking your…
Clickjacking to Farm Facebook “Likes” Porn Pics are Bad
What is Clickjacking? “Porn sites are stuffing SVGs with clickjacking code to farm Facebook likes” refers to a specific type of cyberattack involving both SVG files and clickjacking techniques. Above…
DPRK Actively Trying to Make Money on Our Businesses
As these FBI Images show and the text “2 DPRK Agents actively bilked almost a Million$”: Jin Sung-Il and Pak Jin-Song are wanted for their alleged involvement in a fraudulent…
AI Implemented without Governance Concerns
As this story pointed out at the Register: “Enterprises neglect AI security – and attackers have noticed” The findings come from Big Blue’s Cost of a Data Breach Report 2025…
AI Search and Summary Caused Hack
From the post at 0din.ai: Phishing With Gemini A new type of attack without links included in the email. Let’s say you received an email – has only text and…
Google Claims AI Agent Found Zero Day Vulnerability
Out of a Record.media story where Google “Big Sleep” AI tool found a vulnerability that was not yet uncovered. The white paper referenced by Google discusses how to use AI…
AI Errors Or Hallucinations if you like
Livescience article below claims Hallucinations are a feature not a bug. AI LLM models and others, but let’s back up and set some descriptions: From this site Tolokai.ai Difference between…
Teaching Social Engineering. Thing to Keep in Mind
you.com AI responded with the following list of how people learn: Spatial Thinkers – Visualize relationships and mentally “map” information Experiential Learners – Learn by doing (trial, error, iteration) Sequential…
More Browser Problems!
First couple of paragraphs in Dark Reading story says it all: Both the Google Chrome and Mozilla Firefox browsers currently are under separate attacks, the former from actors exploiting a…
Do you have a Wifi alarm clock?
iank.org says they have serious flaws specifically the Loftie alarm clock This is apparently in the alarm clock file structure: $ strings config.arm64_v8a.apk ... assets/icons/clock.svg _setClient@91206165 _TapStatusTrackerMixin@113288344 https://fwbek2lb0a213kbewqoit.byloftie.com/Loftie_EVT.bin # <-------…
What can be done when confronted with ClickFix?
What happens when you are confronted with ClickFix? i.e. (from a linkedinpost by Alex Zammit ) A site popped this “I’m not a Robot check”. The site injected a command…
Botnet Takes Advantage of Cheap IoT Devices
Yes I am assuming IoT devices from china are ‘cheap’. Look at this FBI IC3 headline: Home Internet Connected Devices Facilitate Criminal Activity probably important to know – what is…
Make Assessments and Prepare for the Unknown
In Cybersecurity we are programmed to prepare for the constant Internet attacks. But there are many aspects to these attacks, including what is considered a watering hole tactic. A watering…
Thanks for Service and Stop Downloading Malware
A dual message this memorial day 2025 Thanks for the service of all who fell for our country!!! Also do not download malware and thus do the work of the…
Google Scam Attack Confirms Cybersecurity Issues
The issue of What can be used for us will be used against us. I.e. We want to use the internet – it will be used to attack us. So…
Social Engineer Attack examples: Texts and email
Here are some standard emails that came into my mailbox that are obviously fake…. Also an older post(7/15/2024) discussed a tax refund scam… by text and email Here is text…
Learning From Lewis & Clark College Portland Oregon Misfortune
JDSupra among other ezines on the Internet have cataloged the Lewis & Clark College in Portland hack Basically in March 2023 the administrators or others at the college learned that…
Social Engineering Attack Affect Can Be Reduced
How? With training and security policies. Create a security culture and train your employees with a Security Policy. Train the employees to ensure they understand the security policy Here is…
Ready for Quishing Attacks?
Quishing – the QR code that sends you to download bad stuff Let’s go back to what is a QR code from digital.gov? QR codes (or Quick Response codes) are…
How Did CCP Unit 61398 Hack Us?
why discuss now? This is the FBI 5 Unit61398 From left, Chinese military officers Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu indicted on cyber espionage charges.…
Top 3 items to focus on in Cybersecurity? Healthcare
What would be the Top 3 items to consistently work on so that cybersecurity does not have to be worried about. (Main image above is the Cottage Health systems picture…
Security Policy Can improve Cybersecurity
With a Security Policy one can improve Cybersecurity and thus be proactive in keeping attacks to a risk managed level. We interrupt your boring cybersecurity NEWS ……Breaking news… The Moonwalk…
Improve Cybersecurity – Level Up – Better than Losing Data and Money
Yes it is better to learn a little more Cybersecurity or to “level up your knowledge” rather than the alternative. We have a typical business owner -1st: Has to figure…
Small Business Cyber Target? Maybe a Rabbit Foot Helps…
It is Friday and we are trying to find jokes in cybersecurity? or are we? We are selling these rabbit feet so that you will not get hacked* "Why don’t…
Another Router being exploited now: Archer TP-Link
Hackernews has another story about exploited devices: Archer routers This router the Archer TP link “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to…
Kostas Talks Cybersecurity
Let’s discuss Psychology of Security and use humor instead of more cyber headlines to explain some aspects such as spending time and money before an event happens or other cybersecurity…
Hackers Attack with Phishing to Small Business
Searching in Grok for small business data on phishing stats “What is phishing attack statistics for small businesses” Grok searched 15 websites and came up with this: Phishing attacks are…
15k Fortinet Configurations Leaked-Microsoft 365 Accounts Targeted with Phishing Kit
2 interesting issues have been uncovered by cybersecurity researchers. Hackernews article: “New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass” Phishing campaigns have been observed sending…
WordPress, Magento, and Opencart new vulnerability
Hackernews has the story “New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites” from last year, and this morning it is https://thehackernews.com/2025/01/wordpress-skimmers-evade-detection-by.html. There are distinct similarities (WordPress Ecommerce and…
HIPAA Rules Upgrade What it Means?
There is a new “rulemaking” that is trying to get the process started for updated HIPAA regulations. At the federalregister.gov First we have to review as to how we got…
10 cybersecurity Items for 2025
Cybersecurity Focus Areas for Small Businesses in 2025 As we approach the new year, small businesses should prioritize their cybersecurity strategies to protect against evolving threats. Here are 10 essential…
2 Stories About Zero-day Vulnerabilities Exemplify Need of Update Program
These 2 Vulnerabilities on Zero-day vulnerabilities have possibility of causing much mayhem unless you have cybersecurity program in place to deal with updates or patches as quick as possible and…
Can Nvidia Technology Accelerate Computing 4x Every Year?
And what does it mean to Cybersecurity? As in the latest videos by Jason Huang the CEO of Nvidia where the Blackwell architecture and other pieces have been revealed with…
Why Humanity Denies Cybersecurity Needs!!
We are obviously in trouble because there are large numbers of people with inadequate Cybersecurity habits. How many computers get hacked every year? I asked Claude AI: “How many computers…
Are We Still Waiting for Criminals to use AI to Attack?
I think you know the answer to that: United Nations Office on Drugs and Crime has found multiple areas in the world where there is a confluence of criminal gangs…
IT Governance May not be Sexy or Exciting, but Makes IT Easier Overall
How IT Governance Enhances Cybersecurity IT governance plays a crucial role in strengthening cybersecurity within organizations by ensuring that cybersecurity strategies are aligned with overall business objectives and risk appetites.…
3 Ongoing cybersecurity Issues “Interesting”
Ivanti Legacy Cloud appliance has a bad vulnerability (remove/ upgrade ASAP) Scammers are posing as Apple care services in github and Google ads (Malware Bytes article)which are fake. Some windows…
What is AI ethics?
How do we make decisions? When we hire, or when we decide what website to read for more information. Is it important to know how we made these decisions or…
After Ransomware Hit Should You Pay Up?
I found this article at Technewsworld : Experts Weigh In on Refusing or Paying After a Ransomware Attack So Ransomware happened… (let’s not worry how or why for now). Now…
Key Areas to Audit in Cybersecurity?
I am in cybersecurity field and every now and then I wonder aloud: “Are we doing enough to protect our computers and networks?” Since i have been using AI tools…
Can AI be Used by Attackers?
Does the sun shine brightly? Yes. Remember the old adage, everything we use can be used against us… so of course attackers will use AI. So yes AI or artificial…
Governance and Update Policies
When an update is necessary (as it is every month) “Patch Tuesday” means Microsoft combines multiple necessary vulnerability updates into one convenient date (2nd Tuesday). For example July it was…
Better password policy: Complex? or longer passwords?
What is the better password policy? A longer password like NIST 800-53 says? Key NIST password guidelines Minimum length of 8 characters and maximum length of at least 64 characters…
Fake Email? or Phishing Email?
I got this email from Cathy Clarke… It claimed to be able to help me get a tax refund due to the SETC and ERC federal programs because of the…
Patch Tuesday: Zero-day Vulnerability Fixes
Yes it was Patch Tuesday July9th (yesterday). This means Krebsonsecurity had a post describing all the action: The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows…
Happy 4th of July!! do your Backups!!
Happy 4th of July: I always do a full backup on this day – so I have at least a few backups at July 4th and Christmas. I may backup…
Openssh RCE vulnerability – Patch Now!
As Hackernews has in its posts: New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems RCE = Remote Code Execution , i.e. the hacker does not need…
Risk Management AI Framework by NIST
NIST (National Institute of Standards & Technology) has come up with an AI Framework – still a work in progress, but it is coming into shape with this 1.0 version.…
GenAI and Cybersecurity
What does GenAi and Cybersecurity have in common? SCMagazine has the story: Gartner Security Summit: “3 takeaways” “Generative AI (GenAI) has emerged as a game-changer in the cybersecurity industry, offering…
What Are Some New Phishing Attacks?
Every day and month in this new year (2024) the hackers of the criminal kind are working on new attacks to steal/take our resources and money. At SecureWorld yesterday there…
3 WordPress Plugins Have Bugs & Cause Cyber Incidents?
Another Article (SCMagazine) with more bugs that can cause cybersecurity incidents – WordPress Plugins WPMeta SEO, WPStatistics, and LiteSpeed Cache. So as usual – if you have these plugins, check…
BianLian is Changing Ransomware Group
BianLian is a Face Changing Chinese Opera, but it also appliess to a ransomware group that changes it’s attacks up a bit. Palo Alto Unit42 has a report: Unit 42…
You Moved Your Stuff to the “Cloud”, What Could Go Wrong?
ArsTechnica has the story: “Unprecedented” Google Cloud event wipes out customer account and its backups The $135 billion pension account UniSuper (in Australia) which has 647,000 members thought it was…
Need a remote work Programmer? Watch out for North Koreans looking for work
There is an indictment of a woman in Arizona (which made $6.8million) as a proxy between North Korean soldiers and unsuspecting numbers of people’s identities. From Justice.gov indictment form: According…
Meaning of 49million Dell Information Hacked
Yes Dell API(Application Programming Interface) was hacked to the tune of 49 million customer records. (BleepingComputer article) What does that mean? Fortunately the data did not have financial data, only…
Xiaomi Devices Have Cybersecurity Event
What is a Xiaomi device? It is a mobile phone made in China of course. At iide.co (a Colombia website) A digital marketing course does a SWOT(Strength Weakness Opportunities Threats)…
May 1st – Happy New Month – Cybersecurity Important?
Yes it is May 1st today – so I was wondering is Cybersecurity still a thing? Tip1 A good cybersecurity tip for May first is to update and strengthen your…
51% of Survey Respondents Hacked- Means What?
A survey by Pentera in a Hacker News Story says 51% of respondents said they were hacked. What does a statistic like that mean to you? Are you tired of…
Thousands WordPress Sites Hacked
BleepingComputer has the story WordPress sites have been hacked and then when you visit the site the following image comes and asks you to click a button which then leads…
My AI Chatbot Got Hacked Now What?
Horizon3 has a post discussing Nextchat open source chatbot… https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web.…
Email Says Renewing Your Membership?
Yes you must renew your membership says the email… Did I remember to pay it?? I thought it is on auto-renew?? Anyway This is what it looked like on my…
Can We Stop Phishing Attacks?
Is there anything that we can do that will completely stop all phishing attacks? Short answer is no. We can reduce them by trying to get ourselves off different lists,…
Chinese Cyberattacks: What Are They in 2024?
Microsoft Typhoon story: “Living off the Land” The story starts: ‘The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and…
Will China Use Cyber Attacks in 2024?
Because it is an election year and because the sun is coming up over the horizon the latest FBI director is testifying in Washington to say China could (was and…
AI in 2024 What Will Happen?
How should I know? All I do know is that there will be a lot of changes happening faster and faster. The above image is from a previous post that…
Another Phishing Attack Angle
Hackers have found ways to add notification code behind the website code. Thus if you say Allow in the notification window: then eventually a ‘bad’ notification comes up: Here is…
Hackers Using New Attack (Not Just Ransomware)
Here is the story from scmagazine: MOVEit hackers may have found simpler business model beyond ransomware “The Russian-speaking hacker group Cl0p confirmed it exploited a zero-day vulnerability in the popular…
Windows11 — Upgrade Soon?
Windows10 arrived not that long ago… According to Microsoft’s site learn.microsoft.com 1507 was the first version and it had an initial release at 2015-07-29 so about 8 years ago it…
Has ChatGPT Already Crossed the Red Line?
OpenAI has breathlessly released the latest version (4.0) a few days ago. This version has plugins which will allow the program to connect with other programs to sort or otherwise…
During War are we getting Attacked More?
I am talking about the Russian war against Ukraine which started on Feb 2022. Do you have 80 computes, more than a dozen? Then it should be obvious that they…
Hacked? Got insurance? No Payout!!
SCMagazine story on January 3rd. makes you think about the efficacy of cyber insurance. The problem is the government fines and some of the details in the contract language: “The…
2022 What Did we Learn in Cybersecurity?
49 posts on this blogsite oversitesentry in 2022 There were many different posts I chose 4 to highlight in early ’22: What does Segmentation DonaldTrump Malware post Jan 25,22 Hackers…
Password Managers Hacked: Passwordstate and Lastpass
Passwordstate security failure was worse than Lastpass – but any entity can be hacked or have a cybersecurity failure. Looking into the specifics Passwordstate issue is discussed in portswigger website.…
How Can a Small Business Prepare for Cyber Disaster?
Let’s discuss what a cyber disaster is… a disaster in the cyber world would be losing the ability to run the apps and information that you want to run on…
Less Than 100 Employees: 3x More Likely Target
At Technewsworld the following quote is interesting: “Attackers do not just target large enterprises. Recent reporting shows companies with less than 100 employees are three times more likely to be…
Every month New Vulnerabilities and Patches/Fixes
A new Vulnerability which was a “Zero Day” vulnerability in a Windows Tool called MSDT (Microsoft Support Diagnostic Tool) according to Technewsworld.com story You can see the tool here in…