When this attack was detected by Microsoft, it’s likely a large chunk of the world’s 500 million WinRAR users hadn’t updated… Israeli security firm Check Point revealed that a malicious ACE file could place malware anywhere on a Windows PC after being extracted by WinRAR. The social engineering used in the campaign was crafted to ensure full remote compromise of a machine…
Do you use Winrar?
Three-quarters of incidents are still coming from within the business and its extended enterprise, far greater than the threat from external hackers. Businesses need to shift the focus inwards. …
Forbes.com click the link to read the rest of the story.
Have you been training your employees in cyber-security?
Distributed Denial of Service (DDoS) attacks are increasing in size and frequency, as multi-vector exploits become more of the norm in hacker’s efforts to distract and confuse security teams, while damaging their businesses, according to a Wednesday report from Neustar.
TechRepublic.com click the link to read the rest of the story. Our FREE Tools can help!
Have you noticed the increase of attacks on your operation?
The average ransom demand by hacker to release files encrypted by their ransomware attack has almost doubled in 2019. … The sharp increase in ransom payments is linked to the emergence of more expensive and more hands-on forms of ransomware… They’ll exploit vulnerabilities in remote desktop protocols or abuse stolen credentials to gain access to systems, moving around networks and laying the groundwork for their ransomware to encrypt as many PCs as possible for the maximum impact.
ZDnet.com click the link to read the rest of the story. Our FREE Tools can help!
Has your company paid a ransom?
New report demonstrates how quickly hackers see and begin attacks — and the dangers of default login credentials.
It only takes a few seconds for cyber criminals try to hack into newly connected cloud devices and servers!
ZDnet reported that
Researchers at security company Sophos set up honeypots in ten of the most popular AWS data centre locations around the world … and connected them to the internet with common configuration errors, such as using default credentials or insecure passwords).
It took just 52 seconds for hackers to begin attacking the first server and 20 minutes to start on the California server.
The servers were all on Amazon Web Services.
This is a clear demonstration that no-one is able to fly under the radar whilst online. The attackers are using scripts not to focus on any one individual, but to probe the entire internet address space to look for the low-hanging fruit,” said Boddy.
This scripted approach of attempting to login to your online device means that these attackers can attempt to login to a huge number of online devices in no time at all,” he added.
This illustrates why businesses must have security in place prior to it being given internet access, as well as why your business needs as many layers of security as possible.
References:
ZDnet
Ingenious.News click the link to read the rest of the story. Our FREE Tools can help!
How safe are your servers?
With popular sporting events like March Madness, it’s easy for attackers to prey on human emotions with excitement running high and money on the line. With so many employees participating in office pools and brackets, it’s critical to avoid getting phished through fake sporting-themed websites, contests and offers around the games, or malicious browser extensions that claim to keep track of scores and stats.
SecurityBoulevard.com click the link to read the rest of the story. Our FREE Tools can help!
Has your company been hit with this attack?
The findings in the Identity Theft Resource Center (ITRC)’s “2018 End-of-Year Data Breach Report” serve as a stark reminder of why companies should take a layered approach to security.
SecurityIntelligence.com click the link to read the rest of the story.
How many layers of security do you have?
We are building our future on a creaking digital foundation. It’s time for that to change. Cybersecurity is in a terrible state, possibly the worst it’s ever been. Literally not a day goes by without another report of a security breach or a data spill or a hack spilling corporate secrets.
This to me is the way to turn the tide. First, we need to value our own personal data more. …
ZDnet.com click the link to read the rest of the story.
What do you think we should do?
Join the conversation on our Facebook Page!
Criminal “products” from the underworld marketplace are part of a sophisticated and highly profitable global industry.. there’s a thriving underground economy online, a place where tools and techniques are advertised and sold — even given away — and where stolen data is laundered to facilitate online crime. What might surprise you is how many of these underground economies there are and how well-established they have become.
This is a sophisticated and highly profitable global industry. In 2016, ransomware alone generated more than $1 billion in profit for criminals. The FBI is now calling “business email compromise,” where scammers intercept suppliers and payment transfers, the $5 billion scam.
Medium.com click the link to read the rest of the story.
Have you been a victim of online criminals?
A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace. … This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which he’s asking 1.2431 bitcoin ($4,940).
ZDNet.com click the link to read the rest of the story.
How are you protecting your passwords?
The Security Token future has come… and it’s bigger than anyone thinks. … The thing that gives me the most confidence that Security Tokens are the next big thing is the quality of people dedicating their lives to Crypto and Security Tokens... many see the Crypto Light, and know that the greatest thing about Crypto is how it’s going to make the world a better place for billions for people. This isn’t just a new financial instrument, it’s a movement, driven by a community of brilliant people, infused with a strong sense of purpose. That’s a combination poised to change the world.
Medium.com click the link to read the rest of the story.
Are you investing time and money into this, yet?Join the conversation on our Facebook Page!
Almost half of all organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff.
ZDNet.com click the link to read the rest of the story.
How are you dealing with phishing attacks in your business?
Intel is warning Windows 10 users that old graphics drivers are riddled with security flaws that need to be updated with new updates that the company has released over the past year.
Update Intel Windows graphics drivers, and stop using Intel Matrix Storage Manager and USB 3.0 Creator Utility.
ZDNet.com click the link to read the rest of the story.
Do you install quickly these patches when warnings are released?Join the conversation on our Facebook Page!
It’s important to learn a bit about how malicious hackers gain access to your credentials.
Three of the most common methods include:
- Man in the Middle (or MITM) attacks
- Using key logger software.
- Employing old-fashioned social engineering.
MITM attacks, as the name suggests, a third party getting between you and your desired target without your knowledge.
DatadrivenInvestor.com click the link to read the rest of the story.
How do you protect yourself from these attacks?Join the conversation on our Facebook Page!
The gang behind a family of ransomware that has been active for well over a year now have tweaked their tactics in order to ensure the file-locking malware campaign is as effective as possible. GandCrab first emerged in January 2018 and has remained one of the most successful forms of ransomware ever …
GandCrab operates an affiliate model, with its authors providing the ransomware “as-a-service” to wannabe hackers in exchange for a 30 to 40 percent cut of the profits. But now researchers have observed adverts for GandCrab being posted on underground forums, specifically targeted at crooks with skills around operating remote desktop protocols, virtual network computing and experience of infiltrating corporate networks. … There’s currently no free means of decrypting files locked with (the latest versions of ) GandCrab…
ZDNet.com click the link to read the rest of the story.
How many layers of security do you have in place to protect you?Join the conversation on our Facebook Page!
Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains. Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. …Daniel (Ahmad) Moghimi, one of the paper’s authors, told The Register he doubts Intel will be able to patch the issue in the memory subsystem within the next five years.
ZDNet.com click the link to read the rest of the story.
Do you use Intel chips?Join the conversation on our Facebook Page!
The number of phishing attacks is on the rise, more than doubling in recent months, with one in 61 emails delivered to corporate inboxes found to contain a malicious URL. …
The emails are often designed to look like they come from legitimate senders – like a company, or a colleague – in order to gain the trust of the victim, before duping them into clicking the malicious link. …The purpose of the malicious URL could be to deploy malware onto the PC or it could encourage the victim to enter sensitive information into a fake version of a real service…
ZDNet.com click the link to read the rest of the story.
Have many do you think you get every day?Join the conversation on our Facebook Page!
Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century. …
EFF.org click the link to read the rest of the story.
What can we do?Join the conversation on our Facebook Page!
Let this be a lesson: Don’t reuse your passwords.
Hackers accessed tax return information stored with TurboTax using a stolen password from a third party, an Intuit spokesman said Monday.
The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns.
CNet.com click the link to read the rest of the story.
Do you still use the same passwords over and over?Join the conversation on our Facebook Page!
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network. The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
ZDNet.com click the link to read the rest of the story.
Have you made sure yours is patched?Join the conversation on our Facebook Page!
A recent report from security company Malwarebytes reveals how trojans and backdoor attacks have rocketed in the past year. … “We’re seeing a new generation of stealers make an impact recently,” says Jérôme Segura, head of threat intelligence at Malwarebytes. … Gaining persistent remote access — be it to a single user’s computer, or a whole network — is key to many cyber attacks: if they’re stealthy enough, hackers can remain undetected for a long time, as they work towards their long-term goals.
ZDNet.com click the link to read the rest of the story.
Do you ignore these threats?Join the conversation on our Facebook Page!
Anyone who regularly attends the Blackhat or Defcon conferences should understand that short of unplugging a computer system from its power source, it is not possible to rule out serious system and data compromise. There will never be any “silver bullets” to slay the security vulnerability werewolf.
Medium.com click the link to read the rest of the story.
How many layers of security do you have? Join the conversation on our Facebook Page!
Learn which parts of your identity have been stolen in the last five years. Not all attacks are included…
NYTimes.com click the link to read the rest of the story.
Were you surprised?Join the conversation on our Facebook Page!
Governments and private organizations have around 20 minutes to detect and contain a hack…
New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their “breakout time.” “Breakout time” refers to the time a hacker group takes from gaining initial access to a victim’s computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers.
According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally “Bears”) have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.
ZDNet.com click the link to read the rest of the story.
How quickly can your business respond to an attack?Join the conversation on our Facebook Page!
More than 600 gigabytes of hacked accounts from years ago have been compiled and are free to download.
You can check if you were affected by the massive data set with the HPI’s search tool.
Cnet.com click the link to read the rest of the story.
Have you checked to see if your accounts have been hacked?Join the conversation on our Facebook Page!
Called to a meeting with the CEO? Don’t be so sure.
A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to steal logins and passwords.
ZDNet.com click the link to read the rest of the story.
Has your office received on of these yet?Join the conversation on our Facebook Page!
Recent months have seen an uptick in reports of JavaScript malware that hides in image files. This is often referred to as “image based malware” or “steganography malware” in more technical contexts. …
Medium.com click the link to read the rest of the story.
Have you been hit by this attack?Join the conversation on our Facebook Page!
Over the last ten months, security researchers filed abuse reports with web hosting providers and have taken down nearly 100,000 URLs that were used to distribute malware … the organization noted that recent numbers indicate that the average take-down time has now increased to more than a week, to 8 days, 10 hours, and 24 minutes, giving malware authors more than enough time to infect thousands of device every day. …
ZDNet.com click the link to read the rest of the story.
How much damage could this cause your customers if your site were infected?Join the conversation on our Facebook Page!
Over half of applications installed on Windows PCs are out-of-date, potentially putting the security of users at risk through flaws in software that have already been patched by vendors. … running out-of-date software can provide an open door for hackers to take advantage of holes left in programs that haven’t had critical security updates applied….
ZDNet.com click the link to read the rest of the story.
How do you make sure your computer software is up to date?Join the conversation on our Facebook Page!
The report found… the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%). … These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%). …Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked…
TechRepublic.com click the link to read the rest of the story.
How much would it cost your business?Join the conversation on our Facebook Page!
