Between The Hacks

A Cybersecurity Blog

  1. A Note on Our Domain Update

    Between The Hacks has updated its default domain name to betweenthehacks.com. Everything is still here, but a few links might need attention. Learn more about this update and let us know if you spot any issues.

  2. Passkeys: The Beginning of the End for Passwords

    Still using passwords? It might be time to move on. Passkeys are a simpler, more secure way to log in—no typing, no phishing, no stress. In this post, I break down how passkeys work, why they matter, and how you can start using them today.

  3. I Finally Segmented My Network… by Cutting the Ethernet Cable!

    After years of preaching network segmentation, I took it to the next level—by physically disconnecting everything. Scissors, copper mesh, and a rotating SSID script. What could go wrong?

  4. Unlimited Access: Every Device on Your Network Can Talk to the Internet

    Most home devices can access the entire internet—and often each other. Segmentation helps, but without visibility into what your devices are doing, you’re still exposed.

  5. If Troy Hunt Can Fall for Phishing, So Can You

    Even cybersecurity experts fall for phishing attacks. When Troy Hunt, creator of Have I Been Pwned, clicked a malicious link and entered his credentials, it was a wake-up call for all of us. In this post, we break down what happened, why today’s phishing is more convincing than ever, and what you can do to protect yourself.

  6. AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!

    So, here’s something that blew my mind: I decided to test Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn page and my blog, not expecting much more than a basic summary. After about 3–4 minutes of AI whirring away, I had…

  7. How I Introduced the Cybersecurity World to a Cold War Hero

    If you told me a year ago that I would meet a cold war hero at a birthday party, I wouldn’t have believed you. And I would be even more skeptical if you told me she would be an unintimidating, approachable music professor with an infectious smile. It’s the summer of 2021. After more than a year…

  8. log4shell

    UPDATED December 16, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched this vulnerability in version 2.15.0, however vendors who use this library will need to…

  9. Hacking Humble Bundle

    Last year, Humble Bundle teamed up with the great tech publisher, No Starch Press, to offer deeply discounted hacking ebooks for as little as one dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks. This year, on Giving Tuesday, No Starch Press has a new Hacking Book Bundle. The regular cost for the ebooks is more than $800 but you can get all of these ebooks for thirty dollars or just a few of the ebooks for as little as one dollar.

  10. Cybersecurity Awareness Month 2021

    October is Cybersecurity Awareness Month and Breast Cancer Awareness Month. Since this is a cybersecurity blog, we will focus on cybersecurity but let’s take a moment to talk about the important topic of breast cancer.

  11. Colonial Pipeline: Lessons Learned

    The Colonial Pipeline ransomware attack took down the largest fuel pipeline in the United States and resulted in consumer hoarding of fuel and a short-term shortage of gasoline on the east coast of the U.S.. What could they have done to prevent this attack and what can you do today to prevent a similar attack?

  12. President Biden's Cybersecurity Executive Order

    Aiming to improve cybersecurity in the United States, President Biden signed an executive order (EO) on May 12, 2021. Although the EO focuses on U.S. federal departments’ and agencies’ cybersecurity, it will likely result in standards that will change the way the private sector manages cybersecurity within the United States and globally. This cybersecurity EO was signed soon after the world experienced a series of widespread cybersecurity incidents such as…

  13. World Password Day - May 6, 2021

    It’s World Password Day! Are your passwords strong enough? Do you have a long, unique password for every account? Do you use multi-factor authentication where available? If you answered, “no” to any of these questions…

  14. Facebook Leak Leads To Smishing

    I have always considered myself pretty lucky in that I rarely receive fraudulent text messages. That luck recently ran out. Over the past few weeks I have noticed an uptick in the number of SMS phishing (smishing) messages that I receive on my phone. A few days ago, the smishing seemed to become even more frequent…

  15. 2021 Cybersecurity Report Roundup

    Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a categorized list of many of these reports…