Category Archives: Cyber Alerts and Attacks

Posted on

‘Apple support’ phishing scams are getting really good

You know those voice mails you get claiming to be from “Windows support”? It looks like scammers are upping their game with convincing phishing calls claiming to be from Apple, security expert Brian Krebs said in a report Thursday.

The scam starts an automated call showing Apple’s logo, address and legitimate Apple phone number that warns the user to return the call because of a data breach, according to the security website. The message then gives a 1-866 number to call back. That number is “a known phishing source,” the security analyst said.

CNet.com click the link to read the rest of the story.

Have you been hit with this scam?Join the conversation on our Facebook Page!

Posted on

New Trojan attack adds a backdoor to your Windows PC to steal data

A well-resourced and prolific hacking group is distributing a new strain of malware that gives the hackers remote desktop access as part of an information-stealing campaign targeting banks, retailers and businesses. … The remote access trojan capabilities of FlawedGrace mean it allows attackers to gain almost full control over an infected device. Given how the campaign targets banks and retailers, it’s likely that acquiring money is the ultimate goal of the attacks…

ZDNet.com click the link to read the rest of the story.

How are you protecting yourself from these attacks?Join the conversation on our Facebook Page!

Posted on

Five emerging cyber-threats to worry about in 2019

We’re going to see more mega-breaches and ransomware attacks in 2019. … But cyber-defenders should be paying attention to new threats, too.  Here are some that should be on watch lists:

Thanks to advances in artificial intelligence, it’s now possible to create fake video and audio messages that are incredibly difficult to distinguish from the real thing. These “deepfakes” could be a boon to hackers in a couple of ways. AI-generated “phishing” e-mails that aim to trick people into handing over passwords and other sensitive data have already been shown to be more effective than ones generated by humans. Now hackers will be able to throw highly realistic fake video and audio into the mix, either to reinforce instructions in a phishing e-mail or as a standalone tactic.

MITTechnologyReview.com click the link to read the rest of the story.

Are you taking security more seriously this year?Join the conversation on our Facebook Page!

Posted on

Why you should be using encrypted email

Email leads users to share highly sensitive information in a seemingly private way when, in reality, it’s everything but private. Case in point: see the image below and note a typical unassuming email containing a person’s credit card information. This may seem like a stupid mistake, but you’d be surprised at how common these type of emails get sent on a daily basis (I’m looking at you, mom). The only factor taken into consideration by the sender in these cases is that they trust the person on the receiving end. The problem here is…

Medium.com click the link to read the rest of the story.

Is your email secure? Are you certain?Join the conversation on our Facebook Page!

Posted on

Cybersecurity in 2018: the bad, the worse and the downright nasty

Just like in the previous years, 2018 had its fair share of data breaches. However, it’s rather impressive of how those breaches have evolved over those years. Because of the increased awareness, breaches seldomly go unnoticed anymore. And that’s a good thing.

Medium.com  click the link to read the rest of the story.

How was your business affected by these security breaches?  Do you know if your business was breached?Join the conversation on our Facebook Page!

Posted on

How Our Data Got Hacked, Scandalized, and Abused in 2018

This year tech giants, governments, and even the humble sandwich chain have proved that we can trust no one with our personal data. At best, these companies were woefully underprepared to keep our data safe. At worst, they allowed the data we gave them to help others influence our fragile democracy.

When it came to data scandals and breaches in 2018, the only good news was…

FastCompany.com  click the link to read the rest of the story.

What lessons did you learn about your security needs last year?Join the conversation on our Facebook Page!

Posted on

Why cryptojacking will become an even larger problem in 2019

Cryptojacking attacks will continue to grow in 2019, topping the list of ESET’s annualCybersecurity Trends report, released on Tuesday. Cryptojacking is the practice of surreptitiously using the compute resources of target computers to mine for cryptocurrency, which is a computationally complex task.

TechRepublic.com click the link to read the rest of the story.

Have you been threatened with a cryptojacking attack? What did you do?Join the conversation on our Facebook Page!

Posted on

Got ransomware? These tools may help

There may be a way to get those files back without paying a ransom. But first a couple of basic questions…

infoworld.com click the link to read the rest of the story.

Have you been hit with ransomware?  How did you recover?Join the conversation on our Facebook Page!

Posted on

How to spot fake, scam or fraudulent websites

This guide will teach you how to recognize secure websites you can trust and how to spot fake ones run by fraudsters looking to scam you.

comparitech.com click the link to read the rest of the story.

What was the most valuable lesson here for you ?Join the conversation on our Facebook Page!

Posted on

Passwords Might (Finally) Go Away Soon, Here is why

There’s hope that we can finally ditch long, complex passwords thanks to a series of regulations and open standards that ease and encourage the implementation of passwordless authentication methods in online applications.

“The vast number of passwords needed in our daily lives have become a burden, which is why we see so many reused or weak static credentials,” says Stina Ehrensvard, CEO and Founder of Yubico, which manufactures physical security keys like the Yubikey 5 NFC. “We needed to think about how to address this problem in a way that simplifies the login process while adding the highest level of security. Up until now, there hasn’t really been a way to do both of those things successfully.”

pcmag.com click the link to read the rest of the story.

Are you using or thinking of using a Yubikey?Join the conversation on our Facebook Page!

Posted on

Identity Theft 101 – What is Identity Theft?

What is identity theft? It is simply when someone uses your identity as their own. But there’s nothing simple at all about the damage left in their wake. There are close to 10 different types of identity theft, which we’ll detail below. …

I will dig into the identity theft basics, including how it happens, some of the most common types of identity theft, and what you can do to protect yourself.

Libertyid.com click the link to read the rest of the story.

Has your identity been stolen?  What happened as a result?Join the conversation on our Facebook Page!

Posted on

How to Spot and Avoid Fake Virus & Malware Warnings

As you use your computer and browse the Web, you may occasionally run into infection warnings that appear to be legitimate but aren’t. These anti-malware warning messages — appropriately called “scareware” — are designed to scare you into installing fake anti-malware programs that are actually malware in disguise.

So how can you tell between real and fake warning messages? It can be tough, but as long as you stay calm and take your time, there are a few signs you can look for that will help you distinguish between the two.

makeuseof.com click the link to read the rest of the story.

Have you been scammed?Join the conversation on our Facebook Page!

Posted on

SplitSpectre – new Spectre-like CPU attack discovered

A SplitSpectre attack is far easier to execute than an original Spectre attack. Researchers explain:

Although Spectre v1 is powerful and does not rely on SMT (Simultaneous Multithreading), it requires […] a gadget to be present in the victim’s attack surface. Google Project Zero writes in their original blog post on Spectre v1 [46] that they could not identify such a vulnerable code pattern in the kernel, and instead relied on eBPF (extended Berkeley Packet Filter) to place one there themselves.  In this point lies the strength of our new Spectre v1 variant, SplitSpectre. As its name implies, it splits the Spectre v1gadget into two parts Researchers say the second half of this improved exploitation scenario can be run within the attacker’s own malicious code, instead of the target’s kernel, simplifying the exploitation procedure.

ZDnet.com  click the link to read the rest of the story.

How are you protecting your computers from this attack?Join the conversation on our Facebook Page!

Posted on

Platforms Are Making You Vulnerable

It’s been over a week since Facebook announced that, thanks to a coding vulnerability, access tokens for at least 50 million* accounts were stolen. Access tokens are important. As Facebook explained in its blog detailing the hack, they are “the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

The hack also impacted Facebook’s Single Sign-On, which lets people use one account to log into other sites, meaning the impact of the breach is perhaps wider than even Facebook initially reported. Still, at the moment, there’s no way to know how big of a problem it is, or will be. Nor do we know who did it. We’re in the dark for one simple reason: Facebook has said next to nothing about what it knows — or if it knows much at all.  Ad-driven platforms tend to succeed thanks to one thing: our vulnerability.

Medium.com  click the link to read the rest of the story.

Does your vulnerability, concern you?Join the conversation on our Facebook Page!

Posted on

Cybersecurity Is About Much More Than Hacking

There is growing concern among professionals that cybersecurity firms are seriously understaffed, and there aren’t nearly enough of them to combat the growing number of cyberattacks. Making matters worse, the continued drive toward accelerated training programs for software developers means that more developers are deploying code who have not had any formal security training.

Medium.com  click the link to read the rest of the story.

Are you ready for the new security challenges?Join the conversation on our Facebook Page!

Posted on

How to Shop Online Like a Security Pro

So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.

Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple reason that there are tons of completely fake e-commerce sites out there looking to separate the unwary from their credit card details.

krebsonsecurity.com  click the link to read the rest of the story.

Have you planted your flag, yet?Join the conversation on our Facebook Page!

Posted on

Why Cyber Monday is just the beginning of the festive hacking season

Attackers will always attempt to go for the low-hanging fruit by targeting individual consumers for a quick payday by clearing out their bank accounts or by selling fake or non-existent goods, but more organised hacking groups will also use the holiday period in an attempt to win bigger scores.

zdnet.com  click the link to read the rest of the story.

How many attacks have you avoided so far, this season?Join the conversation on our Facebook Page!

Posted on

Why do we ignore up to 90% of computer security alerts?

If your focus is elsewhere when an important security warning pops up, there’s a good chance (up to 90%) it will be dismissed and completely ignored.  For instance, if a security alert appeared while a user was closing a web page, 74% would dismiss the warning dialog. … Interestingly, the researchers found that users were less likely to ignore/dismiss security warnings if they were timed to appear between primary tasks, rather than interrupting what the user was trying to do.

TripWire.com  click the link to read the rest of the story.

Do you ignore alerts?Join the conversation on our Facebook Page!

Posted on

500K Android users hit with malware, and what to do now

More than half a million Android users installed malware disguised as smartphone games—right from the Google Play store. Mainly posing as a driving game, the malware was found in as many as 13 apps, according to tweets from ESET security researcher Lukas Stefanko.

This is not the first time…

TechRepublic.com  click the link to read the rest of the story.

Did you find an infected app on your phone?Join the conversation on our Facebook Page!

Posted on

Terrifying new email scam & what to do

People are being victimized by a terrifying new email scam where attackers claim they stole your password and hacked your webcam while you were watching porn — here’s how to protect yourself. The attacker probably took your password from a publicly available database of old leaked passwords and email addresses.

BusinessInsider.com  click the link to read the rest of the story.

I have seen this, have you?Join the conversation on our Facebook Page!

Posted on

Researchers discover seven new Meltdown and Spectre attacks

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees.

Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack — two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995.

zdnet.com  click the link to read the rest of the story.

How are you protecting your business from this?Join the conversation on our Facebook Page!

Posted on

The New Cryptojacking: Victims’ Computers Mine Cryptocurrency

Computers infected with cryptojacking malware run much slower, and often victims are not even aware that their computers are being attacked, as “coin mining” malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation.

Forbes.com  click the link to read the rest of the story.

Want to have your computers checked?Join the conversation on our Facebook Page!

Posted on

Why WannaCry ransomware is still a threat to your PC

WannaCry tops the list of the most widespread cryptor families, with attempted attacks against 74,621 of the security firm’s users across the globe between July and September.  WannaCry ransomware attacks have risen as proportion of the total attack compared with the same period last year: in Q3 2017

zdnet.com  click the link to read the rest of the story.

Is your business protected?Join the conversation on our Facebook Page!

Posted on

Microsoft’s activation alert is scaring Windows 10 users

Microsoft is reportedly working on a fix for a bug in its activation server that has caused Windows 10 Pro machines to report that their license has not been activated.  …

Microsoft has reportedly confirmed there is an issue affecting its activation server and is working on a fix that will happen in “one or two business days”.

That should mean affected Windows 10 Pro licenses are still valid, despite what Microsoft is reporting.

zdnet.com  click the link to read the rest of the story.

We were hit with this, were you?Join the conversation on our Facebook Page!

Posted on

Why ransomware costs small businesses big money

About 22% of businesses with less than 1,000 employees that experienced a ransomware attack in the last year had to stop business operations immediately. About 15% lost revenue.

On average, small companies lost over $100,000 per ransomware incident due to downtime. For one in six organizations, these attacks caused 25 hours or more of downtime.

cnn.com  click the link to read the rest of the story.

How much would it cost your business to be down for several days?Join the conversation on our Facebook Page!

Posted on

23 Social Engineering Attacks You Need To Shut Down

A social engineering attack is an orchestrated campaign against employees at either a variety of companies or one high valued business using a variety of digital, in-person or over the phone techniques to steal intellectual property, credentials or money.

Hackers prefer social engineering because it’s much easier to hack a human than a business. Social engineering attacks allow the hacker to combine multiple efforts and even cover their tracks, because they can use the human to take money or install malware under their persona.

smartfile.com  click the link to read the rest of the story.

How well trained is your team to deal with social engineering attacks?Join the conversation on our Facebook Page!

Posted on

Even After Multiple Cyberattacks, Many Businesses Fail to Bolster Security. Here’s What You Need to Do

Small businesses suffered a barrage of computer invasions last year but most took no action to shore up their security afterward, according to a survey by insurer Hiscox.  It found that 47 percent of small businesses reported that they had one attack in 2017, and 44 percent said they had two to four attacks.  The invasions included ransomware, which makes a computer’s files unusable unless the device’s user or owner pays a ransom…

inc.com  click the link to read the rest of the story.

How many times have you been attacked?Join the conversation on our Facebook Page!

Posted on

OK, panic—newly evolved ransomware is bad news for everyone

There’s something inherently world-changing about the latest round of crypto-ransomware that has been hitting a wide range of organizations over the past few months. While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion.
And that means that there’s now a financial incentive for going after just about anything. While the payoff of going after businesses’ networks used to depend on the long play—working deep into the network, finding and packaging data, smuggling it back out—ransomware attacks don’t require that level of sophistication today. It’s now much easier to convert hacks into cash.

arstechnica.com  click the link to read the rest of the story.

How are you protecting yourself from ransomware?Join the conversation on our Facebook Page!

Posted on

5 Unexpected Ransomware Attacks You need to know

Ransomware attacks are proliferating unimaginably. Coming year might come along with some more serious threats. We hope security researchers come up with sure solutions for these robust malware program and innocent users aren’t harmed anymore.

Above all, we highly recommend all user to take offline backup of their data. Even if they are attacked with any such attack, they won’t end up becoming a victim.

SysTweak.com  click the link to read the rest of the story.

Have you seen any of these attacks?Join the conversation on our Facebook Page!

Posted on

China to Control the Internet of Things to Spy on Business?

China is aggressively seeking to dominate the Internet of Things and plans to use access to billions of networked electronic devices for intelligence-gathering, sabotage, and business purposes, according to a forthcoming congressional report.

Freebeacon.com  click the link to read the rest of the story.

Do you really think your business is safe from this?Join the conversation on our Facebook Page!