3,000+ Consultations and Projects
for our clients, partners and associates since 2003.
Michael Horsch Fizz
Who is more knowledgeable on Tariffs and the Global Economy? 1) Dedicated Federal Employees or 2) Donald J. Trump?
A must read from Sandra Wachter for executives and front line legal and tech warriors.
Wyoming lawmakers have filed House Bill 67, legislation that expands the sales tax base to cover a number of currently untaxed services, including memberships or charges at a fitness center.
Please contact your elected officials to ask that they oppose a tax on your health club as proposed in H.B. 67!
Original release date: December 12, 2018 via The National Cybersecurity and Communications Integration Center (NCCIC)
Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates.
Reminder: Employers may not terminate employees because of a Tentative Non-Confirmation (TNC)
You may not terminate or take any other adverse action against an employee because of Tentative Non-Confirmation (TNC) until the Social Security Administration (SSA) and/or Department of Homeland Security (DHS) has reviewed the case and the TNC becomes a Final Non-Confirmation.
Resources for more information on TNCs:
Supervisory Control And Data Acquisition (SCADA) networks pervade the industry. These small microcontroller systems are used to control large industrial machines and systems. SCADA systems are predominantly used for monitoring industrial systems, often in remote locations.
Typically, remote terminal units and Programmable Logic Controllers are connected to enterprise networks using a “telemetry” network. Where the telemetry network meets the enterprise computer network, gateways permit two-way communications between the SCADA network and the traditional corporate network.
SCADA systems were designed to be highly efficient, but they were not necessarily designed with security in mind. Because security was not the primary consideration, SCADA telemetry networks may be highly vulnerable to exploitation. Because SCADA systems control and provide feedback on industrial processes, exploitation of these systems could seriously disrupt key industrial processes, such as power generation, lift and crane systems, and transportation systems.
There are numerous entry points to SCADA telemetry networks:
These vectors are but a limited selection of the entry points for SCADA networks. Because of the traditional use of SCADA networks, encryption of traffic between endpoints is often forgone.
The most memorable SCADA attack was STUXNET (1). STUXNET attacked the centrifuge control SCADA systems in Iran, rendering them useless.
Organizations need a structured approach to securing SCADA systems.
While firmware manufacturers may be slow to respond to security requirements, organizations must take the following preventive initiatives:
Finally, while there are many technological aspects to controlling SCADA systems, we cannot overlook the human element.
Originally released in part by VIMRO, Larry Boettger and Michael Horsch Fizz
SCADA 2019 Tech Summit: August 28 – 29, 2019
Westin O’Hare: 6100 N River Rd, Rosemont, Ill. 60018
Social engineering is a technique hacker’s use to take over an account by persuading or psychologically manipulating people to divulge confidential information. This is usually the first step within a more complex scheme. Social engineering uses “confidence building” techniques to set the victim at ease and convince him or her that the attacker is legitimate and presenting a valid scenario.
Social engineering is very common and occurs regularly; it is so pervasive, in fact, that two prominent internet companies, GoDaddy and PayPal, recently fell for a carefully crafted social engineering attack. This attack enabled unauthorized parties to hijack the account of a significant user and, through that breach, to access other confidential accounts. Cases like this “should have thrown up red flags for any Internet company dealing in identity,” reports techcrunch.com. “These are not new tactics and they should be guarded against as a very basic precaution.”
More alarming than the frequency of social engineering attacks is the relatively low risk for the attacker, who can disengage at any time simply by hanging up the phone or deleting the address used to send fraudulent emails. When this low risk is combined with the inviting ratio of success to failure, social engineering becomes an attractive alternative to much riskier fraud that requires facing your victim.
The means to defeat social engineering, however, are relatively simple if you understand what social engineering is: social engineering is a con. It relies on the victim’s reluctance or inability to question the authenticity of the attacker. Once that authenticity is questioned, the attacker must deviate from their “script” and flounder to avoid being discovered. The more you drive the attacker off the script, the more information you can gain; proportionally, this increases the risk to the attacker. Five simple steps can help you avoid becoming a victim of social engineering:
Originally released in part by VIMRO,
Michael Horsch Fizz
FCI Site Content Is Protected.