<img height="1" width="1" style="display:none;" alt="LinkedIn" src="https://dc.ads.linkedin.com/collect/?pid=239833&amp;fmt=gif">

Recent Posts

Microsoft repels 2.4Tbps DDoS, Fight the phish, & CISA on Zero Trust

Posted by Griffin Ball on Oct 22, 2021 11:00:00 AM

The Lighthouse IT NOTcast - October 22th, 2021

Unfortunately, Griff was out this week and saw it was too spooky to record a podcast, but fear not! We have gotten some news and stories together to keep you entertained and updated until the next time we record!

News

Read More

Topics: Internet Safety, NCSAM, Ransomware, Cybersecurity, Malware, Podcast, Phishing

Phishing Scams in 2021

Posted by Mark Nash on Oct 8, 2021 8:30:00 AM

We are now in week two of National Cybersecurity Awareness Month. And this week has an important theme, "Fight the Phish!" We have talked about phishing before, and this won't be the last time we talk about it. Phishing is one of the most common ways hackers gain access to secure networks and trick people into giving away their personal information. Because of this, it is vital to cybersecurity that you understand how to identify and handle phishing attempts.

Read More

Topics: Internet Safety, NCSAM, Cybersecurity, Malware, Phishing

Malicious Wallpapers, Phishing Trends, Zoom Backgrounds & more!

Posted by Griffin Ball on Sep 18, 2020 11:05:00 AM

The Lighthouse IT Podcast - 18th, 2020

Matt and Griffin discuss Malicious Wallpapers, Phishing Trends, Coors wanting to send you to your Zoom background, Labor Day deals actually focusing on jobs, and the fabled TikTok deal coming to a close!

Listen here! Want to get straight to the news? Go to the 5:05 minute mark.

Security News

Could your wallpaper be trying to steal your credentials?

Well it turns out that new rubber-ducky theme you downloaded for your Windows 10 computer might just be an attempt to steal your credentials. Our friends over at Bleeping Computer and Sophos have both published similar findings that the Windows 10 theme files can be used to pass credentials to a third party. In the Sophos study, they setup a server to spoof or "phish" credentials by requesting files (such as the wallpaper background) from a remote resource and using an authentication prompt to look similar to a normal Windows credential prompt. By trying to convince you that you need to enter your local credentials to continue, the remote server stores and serves the files appropriately - but now your account has been compromised.

In the Bleeping Computer study, they stepped it up another notch and were able to use a Pass-the-Hash attack using an remote SMB server. SMB is used by Windows for sharing files between computers and is largely trusted. When your computer attempts to access an SMB share, it will automatically pass a hash of your credentials to the other computer to attempt to login. In normal circumstances, this makes connecting to SMB shares painless, but in this example, the hash is stored by the remote server and can be used later by de-hashing tools to attempt to determine your username and password.

While right now these both show great ways to determine your username and password, image files have also had some history in the past of remote code execution issues - meaning it could be possible that if another vulnerability is found in an image library, it could be a one stop shop for installing a malicious payload AND getting your account information to install itself.

READ MORE HERE FROM BLEEPING COMPUTER AND HERE FROM SOPHOS

Read More

Topics: Cybersecurity, Podcast, Phishing

Phishing the Fisherman, Chrome's URL, & Reddit/Pinterest's show time

Posted by Griffin Ball on Jul 10, 2020 11:00:00 AM

The Lighthouse IT Podcast - July 10th, 2020

Matt and Griffin discuss how Microsoft estimates that the global workforce will add 149 million new tech-oriented jobs by 2025, Free/Easy DNSSEC Upgrades for your site, Google's one year SSL certificates, Google testing feature to hide parts of the URL in Chrome’s address bar, and Reddit and Pinterest, It’s Time to Shine.

Listen here!

It's been some time since lockdowns were in place and businesses have now begun to re-open. With all the negative news that had been floating around, we have some perks coming from lockdown. Microsoft estimates that the global workforce will add 149 million new tech-oriented jobs by 2025. The job industry is shifting to roles that can be completed remotely. Other studies are showing that the automation space is expected to grow handily as well as remote workers are needing better workflows that rely less on manual and physical processes.

Read More

Topics: SEO, Cybersecurity, Podcast, Phishing