With Jorge Ruano
Survive Technology with Jorge Ruano Home Banner The beginning is the most important part of the work Plato

Stacks Image 549
Stacks Image 551
Stacks Image 553
Stacks Image 268
Stacks Image 564
Stacks Image 572
According to the 2022 Annual Internet Crime Report released by the Federal Bureau of Investigation (FBI), these are the top five crime types where victims suffered financial losses. (This only reflects the cases that were reported.)
 

Tech Support 32,538
Extortion 39,416
Non-Payment/Non-Delivery 51,679
Personal Data Breach 58,859
Phishing 300,497

 
During my time as a security analyst, most of my responsibilities involved inspecting emails. Approximately 60 percent of the emails I dealt with were unsolicited; of this unsolicited batch, roughly 25 percent were identified as phishing attempts.
 

Here's a quick guide on how to examine emails:

 
Check the email address: Look at the "From" field to check the sender's email address.
Most legitimate emails are usually sent from a corporate email address, be wary if it's a generic email provider like Gmail or Yahoo.
 
Verify the domain: Scammers sometimes use domains that look like the real ones. Triple-check the domain name to ensure it matches the company's actual domain. For example, they sometimes use a 0 instead of an O to throw you off. (GOOGLE/G00GLE)
 
Grammar and spelling can be a clue: Phishing emails often contain errors. An email from a legitimate organization should be well-written.
 
Hover over links: If the email contains links, hover over them without clicking. Doing this will show you the actual URL of where it's going. If it doesn't match the text of the link or the company's website, it's likely a scam.
 
Urgent requests are a significant indicator: Scammers often try to create a sense of urgency to trick you into acting without thinking. Be suspicious of any email stating that urgent action is required.
 
Avoid Attachment: If the email contains an attachment, don't open it immediately. Scammers can disguise their attacks within files such as PDFs, Word documents, Excel sheets, images, and other files. You must examine the email thoroughly before opening the attachment.
 
If you're still unsure, contact the company directly using contact details from their official website, not the details in the suspicious email.
 
Reference: https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Stacks Image 560
Stacks Image 256
The single most crucial investment we can make in the safety and prosperity of any organization in the digital era is cybersecurity. It is our responsibility to defend our enterprises and individuals against malicious assaults given the frightening rate at which threats to our country's security and data are growing. Our focus is on cybersecurity, which also acts as a potent deterrent to cybercrime. By giving us the means and resources to protect our residents, companies, and data, investing in cybersecurity measures will safeguard the future of our country. Making the most important investment in cybersecurity is in our best interests if we want to safeguard our country and its people for future generations.
Stacks Image 534
Stacks Image 530
Stacks Image 538
Stacks Image 526

These Aren't The Droid (Apps) You're Looking For!



Android users need to be vigilant about potential security flaws, such as the risk of downloading harmful apps from the Play Store or other websites. Despite Google's efforts to remove malicious apps, some may escape detection. With Android being the primary operating system for a third of the US population and over 2.5 million apps available, the risk of inadvertently downloading a harmful app is real. This article provides guidance on identifying harmful Android apps before downloading and suggests an effective approach for app evaluation. Read Blog Post here…
Stacks Image 485
Rising Epidemic: Elderly Fraud Soars in America, Targeting Vulnerable Seniors - Part 1

Seniors are prime targets for fraud and financial abuse. Find out how to protect your loved ones from scams, what warning signs to look out for, and the recent epidemic of fraudulent activities targeting elderly Americans. Read blog post here..
Stacks Image 450

The Predator of Predators: Uncovering the Dark Side of Technology and Its Role in Child Abuse



I am honored to be acquainted with the Predator of Predators, who has single-handedly assisted in bringing over 500 predators to justice since 2008. In this post I share with you Dark Side of Technology and Its Role in Child Abuse. With the popularity of social media, online gaming, and streaming services, children are exposed to a wide range of potential risks and threats. Read blog post here…
Stacks Image 475

So, the finance department gets an email.



Phishing emails are a serious threat to individuals and businesses alike. These emails are designed to trick recipients into giving up sensitive information, such as passwords or financial data. To protect yourself from phishing attacks, it's important to be aware of the signs of a phishing email and to always verify the sender's identity before responding to any requests for information. Read blog post here…
verified_user
In this post, I share with you a powerful script that allows users to test their Ransomware Detection Software. READ HERE
In this post, I share with you a powerful script that allows users to test their Intrusion Detection Systems (IDS). This script allows you to easily edit, open and close various files. This script is written using PowerShell, and it allows users to create a list of (Not so “Suspicious”) files to open, edit and close. The script creates a temporary directory, if it does not already exist, and it also creates a working folder for the generated files.
 
The script can open and close both .bat and .ps1 files, and it also checks if the files already exist before creating them. You can edit the files to create any file extension type. The goal is to make sure you test it with suspicious file types.  It also utilizes the Windows Shell object to perform mouse movements. This allows the script to simulate user interaction with the mouse, which is a good way to see if your IDS creates a log for this kind of activity.
 
Overall, this script is a powerful and efficient way to simulates suspicious activity and get your IDS to response appropriately. It is a great tool for automating security tasks, and it helps to improve cybersecurity productivity. It is a must-have for any user looking to streamline their workflow.
This creates a list of files (test1.txt, notepad.bat, notepad1.txt, notepad2.txt, notepad3.ps1, notepad4.bat) and stores them in a folder called "c:\Temp\working". It then runs a simulation where it checks if the files exist, creates them if they don't and updates them if they do. The script also runs a ping program command simulation and a move mouse function which moves the mouse cursor around the screen. The script is designed to demonstrate how files can be opened, edited and closed.
verified_user
In this post, How to Write Security Policies: A Guide Based on My Experience and SANS Templates. READ HERE
In this post, I share with you a powerful script that allows users to test their Intrusion Detection Systems (IDS). This script allows you to easily edit, open and close various files. This script is written using PowerShell, and it allows users to create a list of (Not so “Suspicious”) files to open, edit and close. The script creates a temporary directory, if it does not already exist, and it also creates a working folder for the generated files.
 
The script can open and close both .bat and .ps1 files, and it also checks if the files already exist before creating them. You can edit the files to create any file extension type. The goal is to make sure you test it with suspicious file types.  It also utilizes the Windows Shell object to perform mouse movements. This allows the script to simulate user interaction with the mouse, which is a good way to see if your IDS creates a log for this kind of activity.
 
Overall, this script is a powerful and efficient way to simulates suspicious activity and get your IDS to response appropriately. It is a great tool for automating security tasks, and it helps to improve cybersecurity productivity. It is a must-have for any user looking to streamline their workflow.
This creates a list of files (test1.txt, notepad.bat, notepad1.txt, notepad2.txt, notepad3.ps1, notepad4.bat) and stores them in a folder called "c:\Temp\working". It then runs a simulation where it checks if the files exist, creates them if they don't and updates them if they do. The script also runs a ping program command simulation and a move mouse function which moves the mouse cursor around the screen. The script is designed to demonstrate how files can be opened, edited and closed.

Stay safe and secure: Protect yourself from the biggest tech breaches – Part 1 Passwords

Stacks Image 395
It has become increasingly clear that no business is immune to the threat of cyber-security breaches. Every type of business is getting targeted, like the 2018 Marriott International breach that compromised around 500 million customers' personal information. Or T-Mobiles data breaches dating from 2017 – 2022 with eight total data breaches. Though millions of its customers are affected, those companies lose only a bit of time. They have insurances that will cover the cost of the fines that are handed to them.
 
When it comes to security, some aspects are out of the customer's hands and in the hands of the company. We have reached the age where we can no longer set it and forget it. It is essential to check if your accounts have been exposed to a data breach because someone else may have access to your personal information and accounts. Breached account information could lead to identity theft and other problems. Verifying if your password has been compromised is essential to protect your accounts and data. One of my favorite websites to check for account breaches is Have I Been Pwned. Have I been pwned is a website Troy Hunt developed that enables users to determine whether their personal information has been hacked or "pwned" in a data breach. Users can use this website to search with their email addresses to see if their data has been made public due to a data breach. It collects information from all publicly released data breaches. My rule is to change the password if I see any of my accounts with a data breach.
 
Google and Apple offer password-management solutions that help users store, manage, and protect their passwords. Google's Password Manager, available to users of its Chrome browser, can generate strong passwords, store them securely, and autofill them when needed. Apple's iCloud Keychain stores credit card numbers and website logins and can automatically fill them in on websites and apps. Both solutions help make creating and storing strong, unique passwords for each account easier for users. I don't want to leave you paranoid, but even trusting these solutions can be troublesome.
Stacks Image 397

Staying Up-To-Date on the Latest Security Threats and Vulnerabilities

With so many threats and vulnerabilities, staying on top of the latest trends, vulnerabilities, and security solutions can be daunting. Thankfully, subscribing to newsletters, advisories and following certain Twitter accounts helps me to navigate the vast amounts of data. The newsletters and Twitter accounts provide concise information that is easy to digest, allowing me to stay up-to-date on the latest news and regulations in the security industry. With these resources, I can easily stay on top of the latest security threats and vulnerabilities, ensuring the safety of my organization's data.
The Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American states, and enhancing the government's defenses against individual and state-sponsored cyberattacks.

Stay up-to-date with CISA and subscribe to the many options.
Stacks Image 125
The Computer Security Resource Center (CSRC) is a source of information from the National Institute of Standards and Technology (NIST) on cybersecurity and information security. It provides resources for government, private sector, and academia in the U.S. and abroad.

Stay up-to-date with CSRC and NIST and subscribe to the many options.
Stacks Image 129
CSO is an online resource for security and IT professionals. It provides news, insights, analysis of the latest security trends, technologies, threats, and advice on best practices for implementing adequate security strategies.

Sign-up for the CSO Newsletter. You get to select the categories of security that matter to you most.
Stacks Image 146
Stacks Image 195