Profile cover photo
Profile photo
David Longenecker
176 followers -
Christ-follower | Once mistaken for a cybersecurity expert | dad of 5 | @AustinISSA board | I write https://securityforreealpeople.com
Christ-follower | Once mistaken for a cybersecurity expert | dad of 5 | @AustinISSA board | I write https://securityforreealpeople.com

176 followers
About
David's posts

Post has attachment
This is going to hurt home users with #Samba shares mounted on their SoHo routers or NAS, among other things. A vulnerability in Samba - a file sharing service for Linux similar in concept to the SMB in Windows that was exploited in last week's #WannaCry worm - could enable a similar attack on Linux systems.

Unlike SMB, Samba exists on a wide variety of systems from different makers - servers, laptops, home routers, network storage systems, media servers, and many #IoT devices. Some tips, including a workaround for ASUSWRT routers and Seagate GoFlex NAS devices that don't yet have a patch:

Post has attachment
Just a reminder: if the WannaCry ransomware affected PHI in your organization's care, you may have a #HIPAA notifiable data breach. Under guidance issued by the Department of Health and Human Services last year, unless an organization has sufficient instrumentation to demonstrate that PHI was not actually viewed or removed, ransomware is indeed a HIPAA breach.

Post has attachment
If you have SMBv1 in your enterprise, and haven't completed deploying MS17-010 (released in March), now would be a good time to expedite that.

Post has attachment
Re-used passwords are the Achilles Heel of Internet security. Ensure your Apple password is unique, and enable two-factor authentication.

Post has attachment
In March, the IRS scrapped a tool on its website used to download tax and income information necessary for college students-to-be filling out the FAFSA. It turned out the tool had been compromised by crooks, who made off with personal information on around 100,000 taxpayers.

This letter sent by the IRS to affected taxpayers implies the crooks made off with far more than just income data. Credit monitoring is OK for detecting fraudulent new accounts - but does nothing if the crook has enough information to social engineer your bank.

Post has attachment
Heads-up to members of Infragard, a threat information sharing partnership between the FBI and private industry: there's a replica of the Infragard website, not controlled by Infragard. It seems to submit to the real thing - but still I wouldn't trust it. The real one is .org

Post has attachment

Post has attachment
Quick and dirty malicious PDF analysis
Friends and family regularly send me things they find suspicious or weird. Sometimes it turns out to be malicious, and other times perfectly fine, but I'm always glad to know I've instilled a proper degree of skepticism in my friends. My willingness to help...

Post has attachment
It's tax fraud season!
1040 Individual Tax Return , by 401kcalculator. Used under license CC BY-SA 2.0 It's tax season. That means it is also tax fraud season.  Early in the year is prime time for tax-related scams targeting both consumers and businesses. I see these start to app...

Post has attachment
How to be your daughter's hero, DFIR edition
Every now and then, my day job pays dividends at home. Shortly before Christmas was one such occasion. My daughter (a foreign exchange student my family is hosting, but she quickly became a daughter to us) had just spent a weekend with a friend. The friend ...
Wait while more posts are being loaded