Related Links

The items below link to stories on the web that have security ramifications. These stories identify real world hacks and risks that help illustrate the need for security controls.

How Apple and Amazon Security Flaws Led to My Epic Hacking This story describes how the author was targeted by a hacker who got access to his iCloud account. The hacker reset his iCloud, Google, and Twitter passwords, remote-wiped his computer and phone, and then deleted his Google account. Lots of things went wrong in this story, but a couple of things that would have reduced the damage would have been to use strong passwords and 2FA on his Google and Apple accounts, and not to use his Apple email address (one he seldom checked) as the recovery address for his Google account.

Stealing Login Credentials From a Locked PC or Mac Just Got Easier This story describes a way to access login credentials from a laptop computer, even if the computer is locked, by plugging a device into a USB port on the computer. This makes it clear that locking the device is not enough to protect it. The only protection against this threat would be to log out of the computer before locking it.

CEO Mail Fraud: How to Combat a Whale of a Problem This article describes a scam where someone is able to emulate the email address of the CEO or another senior executive, either by hacking their email account or using a look-alike account with a slightly misspelled variation of the corporate domain. The "CEO" then sends an email to someone in the organization asking them to do something, like wire money or pay a bill. The protection against this scam is to use two factor authentication on email requests for money or payment by verifying the request using a second factor, like a phone call to a known phone number.