One of Russia’s elite state-sponsored hacking groups is going after IoT devices as a way to breach corporate networks, from where they pivot to other more high-value targets. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center…
ZDnet.com click the link to read the rest of the story. Our FREE Tools can help!
Have you secured all your IoT devices?
The financial impact of a data breach can devastate companies of all sizes but especially small and mid-sized businesses. The study found that organizations with fewer than 500 employees were hit by losses of more than $2.5 million on average… But there are actions that organizations can take to lessen the financial impact, as outlined in the report. …
How many of their recommendations have you implemented?
Another day, another massive data breach. This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005. That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.
Should government do more?
The majority (66%) of business leaders at small to medium-sized businesses (SMBs) don’t believe they will fall victim to a cyberattack… While SMBs don’t think they are at risk, a previous study conducted by the Ponemon Institute for Keeper found otherwise: 67% of SMBs experienced cyberattacks within the past year. … The report found a major gap between the awareness and reality of cyberattacks in SMBs. Only 12% of respondents said they realize how likely an attack is on any size company.
Can you business survive the cost of a data breach?
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms. … That data included approximately 140,000 Social Security numbers and approximately 80,000 bank account numbers on U.S. consumers…
What do you do to protect yourself?
A new family of ransomware designed to attack Google’s Android mobile operating system utilizes SMS messaging to spread, researchers say. On Monday, cybersecurity professionals from ESET revealed their investigation into the new malware, dubbed Android/Filecoder.C, that earmarks the end of a two-year decline in new Android malware detections.
Have you seen these SMS messages?
Keith Alexander of the venture-backed cybersecurity start-up IronNet is unequivocal in his belief that private companies protecting themselves from nation-state threats is not working. “I flipped through this before you arrived,” he told us, dropping a pocket copy of the Constitution on the table. “It still says that the purpose of the Union is to provide for the common defense. There is no parenthetical that says ‘except in cyberspace.’” …
What should the government do?
Join the conversation on our Facebook Page!
Google announced that on June 25, 2019, Gmail’s new Confidential Mode will be switched on by default as the feature becomes generally available for both G-Suite and personal users. For email recipients, it means that an email can be set to effectively self destruct after it’s been opened and read. No copying, forwarding or downloading either; email just vanishes as if it had never been. …
Have you tried the feature yet?Join the conversation on our Facebook Page!
In an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand... The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month… Despite the city’s IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems… the unfortunate truth is that some organizations still won’t heed the lessons of the recent spate of attacks…
Do you agree with their decision to pay the ransom?
Microsoft’s much-hyped free upgrade offer for Windows 10 ended in 2016, right? Not exactly. … In this post, I’ll cover the basics of a Windows 10 upgrade. I’ll also talk about the licensing issues involved, which are (as always) confusing. …
Are you still waiting to upgrade? What is your biggest concern?
Microsoft is warning customers that they are being targeted by state-sponsored hackers. Over the last year, the software giant said it had notified 10,000 users that they had been targeted by adversaries working for foreign governments. Some people had also been compromised as a result of these attempts…
Has your business been targeted by foreign governments? Are you sure?
Banks and financial institutions around the world are being targeted by a new email phishing campaign which uses an unusual technique as part of its attacks. The phishing emails come with server-parsed HTML (SHTML) file attachments that are typically used by web servers. If users open the attachments, they’re immediately redirected to a malicious site requesting sensitive information, which if entered, falls directly into the hands of cyber-criminals …
Does you company test employee phishing id skills?
The US Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) has run an analysis on suspect transactions in the past year and found that US businesses in 2018 wired around $301 million per month to business email compromise (BEC) scammers. The $301 million in average monthly losses is far higher losses than the FBI’s estimate…
How does your business rank on the list of targets? What are you doing to protect your business?
Of those companies surveyed … over half of companies (53%) reported losses of between 3% and 10% following a cyber-attack or data breach. But the losses can also be much worse: 6% of businesses consulted in the report said they lost between 11% and 25% of revenue as the result of an incident. …
How good is your cyber insurance, training and security?
A newly discovered form of ransomware is targeting network storage devices by brute-forcing weak credentials and exploiting known vulnerabilities in their systems. …
How up to date is your network data protection?
Israel issued a warning warning of a new type of cyber attack, using artificial intelligence (AI) technology to impersonate senior company executives. In this method, instructions are given to the companies staff members to perform transactions such as money transfer to perform transactions such as money transfers, as well as malicious activity on the company’s network. …
How are you protecting your office from such attacks?
Now that most of our daily procedures and activities are automatized and available for use on the Internet, we need to take the same level of precaution we did as children, crossing to the other side of the street… today we’re going back to basics — exploring and explaining the most common network security threats you may encounter while online…
How safe is your business from these threats?
This month, Microsoft patched 77 vulnerabilities, including two zero-days — security flaws that were being actively exploited in the wild. … The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told ZDNet it plans to publish an in-depth blog post about these attacks…
Do you think we are staying ahead of the threats?
Whether you pay ransomware actors or not really comes down to some straightforward business calculations. Sometimes the ransom is worth it. … Yet another city is deciding to pay ransomware gangs to get their IT infrastructure back and you can almost feel the consternation among officials. That consternation may also be good business. Simply put, it can make good sense to pay ransomware. In a recent research report, Forrester Research argued that paying ransomware should be viewed as a viable option…
Would your business pay a ransom?
Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer. That much power controlled by its unknown maker posed an existential threat not just to any enterprise connected to the web, but to the internet itself. … Surely something bigger was coming. But it never did. Why? Who created Conficker, and why bother if they were not going to use it?
Who do you think was behind this?
US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system. …
Do you train your office how to identify dangerous emails?
Having your identity stolen can be a nightmare, and cleaning up the mess can take months. You can make life difficult for a would-be identity thief by locking down these five key aspects of your online life. … [In a recent case] hackers were able to convince T-Mobile to issue a replacement SIM that gave them access to his primary phone number. That in turn allowed them to reset passwords on his Gmail account, which pretty much gave them unfettered access to his entire identity. They then proceeded to shut down his Twitter account, wipe out everything associated with his Google account, and even access his online banking accounts.
Have you been the victim of a SIM hack?
Smuggling malware into the power grids of rival states risks making tensions higher, especially when the rules of the game are yet to be established. … The New York Times has reported that the US has escalated its plans to place malware in Russia power networks, in response to similar and ongoing online incursions by Russia-backed hackers. This is the latest development in online hostilities involving power grids; energy companies have long been the targets of cyber-espionage, but in recent years the intent has switched from spying to creating outages.
How are you preparing your business for cyber-ware attacks?
The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted. … According to the U.S. Department of Homeland Security, ransomware is the fastest growing malware threat…
CBSNews.com click the link to read the rest of the story. Our FREE Tools can help!
Have you or will you ever pay a ransom?
A young woman recently contacted me for help: a hacker gained access to her Instagram and Snapchat and started sending her friends “nudes” she had taken. She tried many times to regain access to her account – often arduous efforts requiring she send social media companies selfies with dates and codes – but every time she regained access, the intruder locked her out again and forced her to start from scratch.
When I heard her story I was surprised; in these cases a password reset is usually sufficient. After digging a bit deeper I was astounded by the brutal effectiveness of the hacker’s strategy – so complete it left his victim with no recourse to regain her accounts.
TheGuardian.com click the link to read the rest of the story. Our FREE Tools can help!
Could your business survive this?
The group behind a malware campaign targeting both Windows and Android devices in an adware operation across both Europe and the US have altered its attack techniques and added new payloads including a cryptominer and a Trojan in an apparent bid to make more money from infected devices.
Have you checked to see if your security software blocks the latest version of Scranos?
ASCO, one of the world’s largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium. As a result of having IT systems crippled by the ransomware infection…
Any guess what this is costing the firm?
Orange County based real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003… The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. … this would potentially include anyone who’s ever been sent a document link via email by First American.
Have you done business with First American Financial?
Cyberwarfare could turn every gadget you own into a weapon on a virtual battlefield. And the damage will be felt in the real world. Cyberwarfare refers to the use of digital attacks — like computer viruses and hacking — by one country to disrupt the vital computer systems of another, with the aim of creating damage, death and destruction. Future wars will see hackers using computer code to attack an enemy’s infrastructure, fighting alongside troops using conventional weapons like guns and missiles.
Are we ready for an all out cyber war?
Sixty eight percent of people believe they’re doing all they can to protect themselves against cyberattacks. …Perhaps surprisingly, it’s the older generations which has more confidence about how they’re protecting themselves online, with three quarters of those over 45 confident that they’re doing all they can to protect against data loss. …the higher confidence among older web users could be based on a naivety about the malicious threats that are out there on the internet, while younger users are aware of cybersecurity issues – but still aren’t addressing them.
How confident are you that your security is sufficient?
