Data Breaches Keep Happening. So Why Don’t You Do Something?

Experts caution that the stream of news about such breaches can set a new normal and instill a sense of fatalism — and complacency — in consumers.

Anthony Vance, an associate professor and director of the Center for Cybersecurity at the Fox School of Business at Temple University, said last year’s breach of information held by the credit reporting company Equifax, which affected 145 million Americans, was “a game-changer.”

The information gleaned could be used to fraudulently open new credit accounts, he said, adding, “That should give even the most jaded American consumer pause and prompt them to do something.”

But evidence suggests that high-profile breaches don’t typically change consumers’ behavior.

NYTimes.com  click the link to read the rest of the story.

What should we do?Join the conversation on our Facebook Page!

Platforms Are Making You Vulnerable

It’s been over a week since Facebook announced that, thanks to a coding vulnerability, access tokens for at least 50 million* accounts were stolen. Access tokens are important. As Facebook explained in its blog detailing the hack, they are “the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

The hack also impacted Facebook’s Single Sign-On, which lets people use one account to log into other sites, meaning the impact of the breach is perhaps wider than even Facebook initially reported. Still, at the moment, there’s no way to know how big of a problem it is, or will be. Nor do we know who did it. We’re in the dark for one simple reason: Facebook has said next to nothing about what it knows — or if it knows much at all.  Ad-driven platforms tend to succeed thanks to one thing: our vulnerability.

Medium.com  click the link to read the rest of the story.

Does your vulnerability, concern you?Join the conversation on our Facebook Page!

Cybersecurity Is About Much More Than Hacking

There is growing concern among professionals that cybersecurity firms are seriously understaffed, and there aren’t nearly enough of them to combat the growing number of cyberattacks. Making matters worse, the continued drive toward accelerated training programs for software developers means that more developers are deploying code who have not had any formal security training.

Medium.com  click the link to read the rest of the story.

Are you ready for the new security challenges?Join the conversation on our Facebook Page!

How to Shop Online Like a Security Pro

So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.

Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple reason that there are tons of completely fake e-commerce sites out there looking to separate the unwary from their credit card details.

krebsonsecurity.com  click the link to read the rest of the story.

Have you planted your flag, yet?Join the conversation on our Facebook Page!

Why Cyber Monday is just the beginning of the festive hacking season

Attackers will always attempt to go for the low-hanging fruit by targeting individual consumers for a quick payday by clearing out their bank accounts or by selling fake or non-existent goods, but more organised hacking groups will also use the holiday period in an attempt to win bigger scores.

zdnet.com  click the link to read the rest of the story.

How many attacks have you avoided so far, this season?Join the conversation on our Facebook Page!

Why do we ignore up to 90% of computer security alerts?

If your focus is elsewhere when an important security warning pops up, there’s a good chance (up to 90%) it will be dismissed and completely ignored.  For instance, if a security alert appeared while a user was closing a web page, 74% would dismiss the warning dialog. … Interestingly, the researchers found that users were less likely to ignore/dismiss security warnings if they were timed to appear between primary tasks, rather than interrupting what the user was trying to do.

TripWire.com  click the link to read the rest of the story.

Do you ignore alerts?Join the conversation on our Facebook Page!

500K Android users hit with malware, and what to do now

More than half a million Android users installed malware disguised as smartphone games—right from the Google Play store. Mainly posing as a driving game, the malware was found in as many as 13 apps, according to tweets from ESET security researcher Lukas Stefanko.

This is not the first time…

TechRepublic.com  click the link to read the rest of the story.

Did you find an infected app on your phone?Join the conversation on our Facebook Page!

This is how online tracking works

Buzzwords like privacy, cookies, tracking, etc. are appearing on every news outlet that cares about the web. But they usually just scratch the surface, leaving a lot of the underlying machinery in the dark and still hidden away. … I’ll attempt to describe the different pieces that comprise online tracking, in a way that goes beyond the cookies and scripts.

unformated.space  click the link to read the rest of the story.

Was this helpful?Join the conversation on our Facebook Page!

Terrifying new email scam & what to do

People are being victimized by a terrifying new email scam where attackers claim they stole your password and hacked your webcam while you were watching porn — here’s how to protect yourself. The attacker probably took your password from a publicly available database of old leaked passwords and email addresses.

BusinessInsider.com  click the link to read the rest of the story.

I have seen this, have you?Join the conversation on our Facebook Page!

Researchers discover seven new Meltdown and Spectre attacks

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees.

Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack — two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995.

zdnet.com  click the link to read the rest of the story.

How are you protecting your business from this?Join the conversation on our Facebook Page!

The New Cryptojacking: Victims’ Computers Mine Cryptocurrency

Computers infected with cryptojacking malware run much slower, and often victims are not even aware that their computers are being attacked, as “coin mining” malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background with just one sign: performance degradation.

Forbes.com  click the link to read the rest of the story.

Want to have your computers checked?Join the conversation on our Facebook Page!

Why WannaCry ransomware is still a threat to your PC

WannaCry tops the list of the most widespread cryptor families, with attempted attacks against 74,621 of the security firm’s users across the globe between July and September.  WannaCry ransomware attacks have risen as proportion of the total attack compared with the same period last year: in Q3 2017

zdnet.com  click the link to read the rest of the story.

Is your business protected?Join the conversation on our Facebook Page!

Why ransomware costs small businesses big money

About 22% of businesses with less than 1,000 employees that experienced a ransomware attack in the last year had to stop business operations immediately. About 15% lost revenue.

On average, small companies lost over $100,000 per ransomware incident due to downtime. For one in six organizations, these attacks caused 25 hours or more of downtime.

cnn.com  click the link to read the rest of the story.

How much would it cost your business to be down for several days?Join the conversation on our Facebook Page!

23 Social Engineering Attacks You Need To Shut Down

A social engineering attack is an orchestrated campaign against employees at either a variety of companies or one high valued business using a variety of digital, in-person or over the phone techniques to steal intellectual property, credentials or money.

Hackers prefer social engineering because it’s much easier to hack a human than a business. Social engineering attacks allow the hacker to combine multiple efforts and even cover their tracks, because they can use the human to take money or install malware under their persona.

smartfile.com  click the link to read the rest of the story.

How well trained is your team to deal with social engineering attacks?Join the conversation on our Facebook Page!

A New Threat to Your Finances: Cell-Phone Account Fraud

Consumers have a new privacy threat to worry about. It’s known as cell-phone account fraud, where crooks open up a phony cell-phone account in your name and use it to access your bank account, sign up for credit cards, or sell the phone number for other criminals to use.

While little known among consumers, cell-phone account fraud can have a devastating impact on your finances—and your reputation.

consumerreports.com  click the link to read the rest of the story.

Have you been hit with this scam?Join the conversation on our Facebook Page!

Ransomware shuts down 1 in 5 small businesses after it hits

When businesses are hit with ransomware, it’s not just the ransom amount that could financially hurt. The time spent trying to get systems back online and potential revenue lost in the meantime makes a lasting impact, too.

cnn.com  click the link to read the rest of the story.

What would it cost your business to be shut down for days?Join the conversation on our Facebook Page!

Even After Multiple Cyberattacks, Many Businesses Fail to Bolster Security. Here’s What You Need to Do

Small businesses suffered a barrage of computer invasions last year but most took no action to shore up their security afterward, according to a survey by insurer Hiscox.  It found that 47 percent of small businesses reported that they had one attack in 2017, and 44 percent said they had two to four attacks.  The invasions included ransomware, which makes a computer’s files unusable unless the device’s user or owner pays a ransom…

inc.com  click the link to read the rest of the story.

How many times have you been attacked?Join the conversation on our Facebook Page!

OK, panic—newly evolved ransomware is bad news for everyone

There’s something inherently world-changing about the latest round of crypto-ransomware that has been hitting a wide range of organizations over the past few months. While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion.
And that means that there’s now a financial incentive for going after just about anything. While the payoff of going after businesses’ networks used to depend on the long play—working deep into the network, finding and packaging data, smuggling it back out—ransomware attacks don’t require that level of sophistication today. It’s now much easier to convert hacks into cash.

arstechnica.com  click the link to read the rest of the story.

How are you protecting yourself from ransomware?Join the conversation on our Facebook Page!

How to Do Passwords Right in 2018

Modern-day browsers can not only save your passwords for you—they can recommend new, secure passwords whenever you need to create a new one, and can even warn you when you’re using the same password across multiple accounts.

gizmodo.com  click the link to read the rest of the story. Image via bitsfrombytes.com

Do you use a password manager?Join the conversation on our Facebook Page!

5 Unexpected Ransomware Attacks You need to know

Ransomware attacks are proliferating unimaginably. Coming year might come along with some more serious threats. We hope security researchers come up with sure solutions for these robust malware program and innocent users aren’t harmed anymore.

Above all, we highly recommend all user to take offline backup of their data. Even if they are attacked with any such attack, they won’t end up becoming a victim.

SysTweak.com  click the link to read the rest of the story.

Have you seen any of these attacks?Join the conversation on our Facebook Page!

How to spot a phishing email?

One of the solution I’d implement would be: when ever we hover over the link its should show you to which link it is pointing or redirecting to and this solution needs to be implemented by all email providers like Google’s Gmail, Microsoft’s Outlook etc. This will prevent the user from exposing their personal information to hackers.

Medium.com  click the link to read the rest of the story.

Have you been the victim of a phishing attack?Join the conversation on our Facebook Page!

China to Control the Internet of Things to Spy on Business?

China is aggressively seeking to dominate the Internet of Things and plans to use access to billions of networked electronic devices for intelligence-gathering, sabotage, and business purposes, according to a forthcoming congressional report.

Freebeacon.com  click the link to read the rest of the story.

Do you really think your business is safe from this?Join the conversation on our Facebook Page!

12 signs you’ve been hacked — and how to fight back

Here are 12 sure signs you’ve been hacked and what to do in the event of compromise. Note that in all cases, the number 1 recommendation is to completely restore your system to a known good state before proceeding.

csoonline.com  click the link to read the rest of the story.

Have you been hacked? What did you do?Join the conversation on our Facebook Page!

Huawei accused of scheme to steal semiconductor technology from US start-up

A former Huawei employee has accused the company of trying to steal intellectual property in order to help China achieve technological dominance over the US by using a lawsuit against his Silicon Valley start-up.

scmp.com click the link to read the rest of the story.

Are you concerned about ip theft?Join the conversation on our Facebook Page!

Your computer could be quietly mining bitcoin — for someone else

Hackers are quietly hijacking personal computers, company servers, cable routers, mobile devices and other forms of computing power to stealthily mine cryptocurrencies — a problem that cybersecurity experts warn is growing rapidly.  The act, known as cryptojacking…

NBCnews.com click the link to read the rest of the story.

Has your computer started to act strangely slow?Join the conversation on our Facebook Page!

What is 2-Factor Authentication and Why Should You Care?

In the traditional flow, there is just 1 layer of security, that is your password. You enter your password and voila, you can access your account. But as stated above, this process is good but not great.   2-factor authentication (2FA) adds another security layer to the login process, reducing the chances of account hacking. In this, just knowing and entering your password is not enough. This new layer can be anything like an OTP sent to your mobile, an auto-generated code, or biometric verification on a device you own.

hackernoon.com click the link to read the rest of the story.

Do you use 2-factor authentication at work?Join the conversation on our Facebook Page!

Cybercriminals Know Most Small Businesses Lack Cybersecurity

Could your business recover from an abrupt loss of $256,000? Because that’s how much a single cybersecurity hack could cost a small business, according to a recent analysis in Tech Republic.

entrepreneur.com click the link to read the rest of the story.

Have you invested in cybersecurity for your business?Join the conversation on our Facebook Page!

The fileless attack: Hacking without installing software

Cyber criminals don’t need to place malware on your system to get in. Fileless or zero-footprint attacks use legitimate applications or even the operating system.  “We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things with our defenses, either network-wise or at the end point.” The attacks that Lentz is worried about are fileless attacks, also known as zero-footprint attacks, macro, or non-malware attacks. These types of attacks don’t install new software on a user’s computer, so antivirus tools are more likely to miss them.

csoonline.com click the link to read the rest of the story.

Are you certain your security software detect these?Join the conversation on our Facebook Page!

This cryptojacking mining malware pretends to be a Flash update

Crooks are attempting to spread their cryptojacking malware to unsuspecting victims by disguising it as an update for Flash.  This particular mining operation is thought to have been operating since August this year with a big spike in activity in September and looks to trick potential victims into downloading an XMRig cryptocurrency miner — the malicious software runs in the background and secretly uses the power of the infected PC to acquire Monero for the hackers.

ZDnet.com click the link to read the rest of the story.

Could you have this malware on your computer and not know it?Join the conversation on our Facebook Page!

The top 10 cyberthreats IT security teams are facing right now

IT and security professionals surveyed said they were either highly concerned or extremely concerned about the following cyberthreats, the report found:

TechRepublic.com click the link to read the rest of the story.

What has been the greatest threat to your business?Join the conversation on our Facebook Page!