...and it's published by one of the richest data sources. Get learnin'!

Hi. I'm Jon Fedor and this is InCyber Regular, edition 24. You may be thinking, "Am I crazy, is today Tuesday?" No. It's Wednesday. One day later than Tuesday. With that said, let's move on.

InCyber exists to help people secure their digital gemstones and belongings. It's about cybersecurity for the rest of us.

We don't try to change the dates of major holidays or have any airing of the grievances but we *do* have suggestions to make your digital presence more secure than it was yesterday.

How do we measure this?

Goal One: inspire at least two people to use a password manager before the end of 2021.

Status on Goal One:

We've got one confirmed and one more tentative (needs confirmation) for starting to use a password manager! Crazy. We're adding a stretch goal for three people by the end of 2021!

Give someone the gift of security this year (or yourself) and get yourself a shiny new password manager.

What else do we measure?

Nothing until Goal One is done.

Now on to the good stuff.

Today:

1. The Digital Defense Report
2. Security awareness goes mainstream
3. Microsoft with the assist on capturing hackers https://thehackernews.com/2021/12/microsoft-seizes-42-malicious-web.html
4. Terminals and haxors

The Digital Defense Report

And I *did* say THE Digital Defense Report.

Microsoft has one of the largest, most rich data sets for analysis when it comes to cyber security. Think about it:

Microsoft's tools are used globally by a huge number of people. They see emails, identities, authentications, files of every kind, network traffic, cloud resources and content. I mean everything. In fact the report analyzes data from 24 trillion security signals A DAY processed by Microsoft.

And it can all be studied. And boy, do they study.

It's long but awesome. Access the whole report here.

Here are some interesting quick-hits:

1. You can hire a hacker starting at the low price of $250
2. Phishing email volume increased from 600M to 800M from Jun-2020 to Jun-2021
3. Awesome graphic on the lifecycle of a phishing attack (page 29)
4. >168,000 phishing sites and domains taken down by Microsoft(!)

And more!

This is a great educational resource as well as a data analysis. Highly recommend.

Mainstream Security Awareness

Not to be outdone, Google's been a leader in security awareness for the rest of us. Google regularly pushes alerts to users about potential security events or risks.

I'm sure we're all familiar with the "someone in X city used your Google ID to sign into Gmail" email alerts. I love that. Always have. Google's the first service I remember doing this.

Last week though I got an even more interesting alert:

Google's looking at saved passwords, matching them to artifacts in known compromised data sets, and alerting potentially affected users.

Brilliant!

I took action.

How to make everyone think you're a hacker

Answer: using a terminal (bonus points if the background is dark by default).

Thanks!

Hanging with you every week is better than Festivus!

I'm more active than ever on Twitter and ramping back up on LinkedIn too. Would love to connect with you in those places.

If you ever have questions on personal digital security, cyber security news, a story you want to tell, or a favorite resource to share (etc) reply back and let me know!

Have a good'un, Good Lookin'.

~ Jon "He is the haxor" Fedor