Tag Archives: cybercrime

Posted on

New Servers are Found and Under Attack – in under a minute

New report demonstrates how quickly hackers see and begin attacks — and the dangers of default login credentials.

It only takes a few seconds for cyber criminals try to hack into newly connected cloud devices and servers!

ZDnet reported that

Researchers at security company Sophos set up honeypots in ten of the most popular AWS data centre locations around the world …  and connected them to the internet with common configuration errors, such as using default credentials or insecure passwords).

It took just 52 seconds for hackers to begin attacking the first server and 20 minutes to start on the California server.

The servers were all on Amazon Web Services.

This is a clear demonstration that no-one is able to fly under the radar whilst online. The attackers are using scripts not to focus on any one individual, but to probe the entire internet address space to look for the low-hanging fruit,” said Boddy.

This scripted approach of attempting to login to your online device means that these attackers can attempt to login to a huge number of online devices in no time at all,” he added.

This illustrates why businesses must have security in place prior to it being given internet access, as well as why your business needs as many layers of security as possible.

References: 
ZDnet

Ingenious.News click the link to read the rest of the story. Our FREE Tools can help!

How safe are your servers?

Join the conversation on our Facebook Page!

Posted on

Phishing Attacks Are Prevalent During March Madness

With popular sporting events like March Madness, it’s easy for attackers to prey on human emotions with excitement running high and money on the line. With so many employees participating in office pools and brackets, it’s critical to avoid getting phished through fake sporting-themed websites, contests and offers around the games, or malicious browser extensions that claim to keep track of scores and stats.

SecurityBoulevard.com click the link to read the rest of the story. Our FREE Tools can help!

Has your company been hit with this attack?

Join the conversation on our Facebook Page!

Posted on

You Need Multiple Layers of Security

The findings in the Identity Theft Resource Center (ITRC)’s “2018 End-of-Year Data Breach Report” serve as a stark reminder of why companies should take a layered approach to security.

SecurityIntelligence.com click the link to read the rest of the story.

How many layers of security do you have?

Join the conversation on our Facebook Page!

Posted on

Cybersecurity is broken: Here’s how we start to fix it

We are building our future on a creaking digital foundation. It’s time for that to change. Cybersecurity is in a terrible state, possibly the worst it’s ever been. Literally not a day goes by without another report of a security breach or a data spill or a hack spilling corporate secrets.

This to me is the way to turn the tide. First, we need to value our own personal data more. …

ZDnet.com click the link to read the rest of the story.

What do you think we should do?
Join the conversation on our Facebook Page!

Posted on

Why 91% of IT and security pros fear insider threats

Some 62% of professionals said they believe the largest insider security threat comes from well-meaning but negligent end users…

More than half (53%) of respondents said they felt the employees who were most likely to be a threat were those who have left or were planning to leave the company, or contractors whose contract had ended…

Three-fourths (75%) of respondents said they believe the biggest insider security risks lie in cloud applications, including popular file storage and email solutions like Google Drive and Dropbox.

TechRepublic.com click the link to read the rest of the story.

What systems do you have in place to deal with internal sabotage?

Join the conversation on our Facebook Page!

Posted on

The Multibillion-Dollar Online Crime Industry

Criminal “products” from the underworld marketplace are part of a sophisticated and highly profitable global industry.. there’s a thriving underground economy online, a place where tools and techniques are advertised and sold — even given away — and where stolen data is laundered to facilitate online crime. What might surprise you is how many of these underground economies there are and how well-established they have become.

This is a sophisticated and highly profitable global industry. In 2016, ransomware alone generated more than $1 billion in profit for criminals. The FBI is now calling “business email compromise,” where scammers intercept suppliers and payment transfers, the $5 billion scam.

Medium.com click the link to read the rest of the story.

Have you been a victim of online criminals?

Join the conversation on our Facebook Page!

Posted on

Hacker returns and puts 26Mil new user records for sale on the Dark Web

A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace. … This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which he’s asking 1.2431 bitcoin ($4,940).

ZDNet.com click the link to read the rest of the story.

How are you protecting your passwords?

Join the conversation on our Facebook Page!

Posted on

Phishing attacks: Half of organisations have fallen victim in last two years

Almost half of all organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff.

ZDNet.com click the link to read the rest of the story.

How are you dealing with phishing attacks in your business?

Join the conversation on our Facebook Page!

Posted on

The Most Common Vulnerability Of All

It’s important to learn a bit about how malicious hackers gain access to your credentials.

Three of the most common methods include:

  • Man in the Middle (or MITM) attacks
  • Using key logger software.
  • Employing old-fashioned social engineering.

MITM attacks, as the name suggests, a third party getting between you and your desired target without your knowledge.

DatadrivenInvestor.com click the link to read the rest of the story.

How do you protect yourself from these attacks?Join the conversation on our Facebook Page!

Posted on

Google Alert! Update Chrome Browser Immediately

Google has issued an urgent warning for Chrome users to update their browser… a security flaw is being actively exploited.

The flaw in question is referred to as a “zero-day exploit.”

Infopackets.com click the link to read the rest of the story.

Do you update your software immediately when updates are released?Join the conversation on our Facebook Page!

Posted on

Why it’s so dangerous to use public Wifi

Most smartphones, laptops, and tablets automatically search and connect to WiFi networks. They usually prefer a network with a previously established connection. If you have ever logged on to the T-Mobile network on the train, for example, your device will search for a T-Mobile network in the area. … My phone automatically connects itself to one of these networks, which  [can] belong to [a hackers] device. [Hackers] can also broadcast a fictitious network name, making users believe they are actually connecting to the network of the place they’re visiting

Everything, with very few exceptions, can be cracked. The idea that public WiFi networks are not secure is not exactly news

Medium.com click the link to read the rest of the story.

Do you still use public wifi?Join the conversation on our Facebook Page!

Posted on

Latest Ransomware Being Offered “as-a-service” to Wannabe Hackers

The gang behind a family of ransomware that has been active for well over a year now have tweaked their tactics in order to ensure the file-locking malware campaign is as effective as possible. GandCrab first emerged in January 2018 and has remained one of the most successful forms of ransomware ever

GandCrab operates an affiliate model, with its authors providing the ransomware “as-a-service” to wannabe hackers in exchange for a 30 to 40 percent cut of the profits.  But now researchers have observed adverts for GandCrab being posted on underground forums, specifically targeted at crooks with skills around operating remote desktop protocols, virtual network computing and experience of infiltrating corporate networks. …  There’s currently no free means of decrypting files locked with (the latest versions of ) GandCrab…

ZDNet.com click the link to read the rest of the story.

How many layers of security do you have in place to protect you?Join the conversation on our Facebook Page!

Posted on

All Intel chips open to new Spoiler attack: There is no quick fix

Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains.   Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. …Daniel (Ahmad) Moghimi, one of the paper’s authors, told The Register he doubts Intel will be able to patch the issue in the memory subsystem within the next five years.

ZDNet.com click the link to read the rest of the story.

Do you use Intel chips?Join the conversation on our Facebook Page!

Posted on

Phishing alert: One in 61 emails in your inbox now contains a malicious link

The number of phishing attacks is on the rise, more than doubling in recent months, with one in 61 emails delivered to corporate inboxes found to contain a malicious URL. …

The emails are often designed to look like they come from legitimate senders – like a companyor a colleague – in order to gain the trust of the victim, before duping them into clicking the malicious link. …The purpose of the malicious URL could be to deploy malware onto the PC or it could encourage the victim to enter sensitive information into a fake version of a real service…

ZDNet.com click the link to read the rest of the story.

Have many do you think you get every day?Join the conversation on our Facebook Page!

Posted on

Chinese Digital Surveillance Secrets Revealed In Database Leak

Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century. …

EFF.org click the link to read the rest of the story.

What can we do?Join the conversation on our Facebook Page!

Posted on

Hackers using stolen passwords to access TurboTax returns

Let this be a lesson: Don’t reuse your passwords.

Hackers accessed tax return information stored with TurboTax using a stolen password from a third party, an Intuit spokesman said Monday.

The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns.

CNet.com click the link to read the rest of the story.

Do you still use the same passwords over and over?Join the conversation on our Facebook Page!

Posted on

Use a Cisco router? Patch it now ! It’s a 9.8/10 Security hole

Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network.  The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.

ZDNet.com click the link to read the rest of the story.

Have you made sure yours is patched?Join the conversation on our Facebook Page!

Posted on

Trojan malware: The hidden cyber threat to your PC

A recent report from security company Malwarebytes reveals how trojans and backdoor attacks have rocketed in the past year. … “We’re seeing a new generation of stealers make an impact recently,” says Jérôme Segura, head of threat intelligence at Malwarebytes. … Gaining persistent remote access — be it to a single user’s computer, or a whole network — is key to many cyber attacks: if they’re stealthy enough, hackers can remain undetected for a long time, as they work towards their long-term goals.

ZDNet.com click the link to read the rest of the story.

Do you ignore these threats?Join the conversation on our Facebook Page!

 

Posted on

There is no single solution to computer security

Anyone who regularly attends the Blackhat or Defcon conferences should understand that short of unplugging a computer system from its power source, it is not possible to rule out serious system and data compromise. There will never be any “silver bullets” to slay the security vulnerability werewolf.

Medium.com click the link to read the rest of the story.

How many layers of security do you have? Join the conversation on our Facebook Page!

Posted on

You have around 20 minutes to contain a APT attack

Governments and private organizations have around 20 minutes to detect and contain a hack…

New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their “breakout time.”  “Breakout time” refers to the time a hacker group takes from gaining initial access to a victim’s computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers.

According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally “Bears”) have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.

ZDNet.com click the link to read the rest of the story.

How quickly can your business respond to an attack?Join the conversation on our Facebook Page!

Posted on

Why Online Privacy Matters and 5 Ways to Reclaim It

It’s the most common argument against privacy: “If you’ve got nothing to hide, you’ve got nothing to fear.” It’s also the silliest argument against privacy.

Privacy expert and author Daniel Solove has torn down this fallacy in his paper on the subject. But Solove’s essay is a complex take on a nuanced subject. Instead, the simple rhetoric of the “nothing to hide” argument is easier to repeat.

But no matter how little you have to hide, the implications of online privacy breaches are major. These few resources explain the pitfalls clearly and concisely.

MakeUseOf.com click the link to read the rest of the story.

What steps have you take to regain your online privacy?Join the conversation on our Facebook Page!

Posted on

Microsoft security chief: IE is not a browser, so stop using it

Is Internet Explorer (IE) a browser? According to Microsoft, no. Today, it’s a ‘compatibility solution’ for enterprise customers to deal with legacy sites that should be updated for modern browsers.  … Chris Jackson, Microsoft’s worldwide lead for cyber-security, … that habit needs to stop … ‘The perils of using Internet Explorer as your default browser’.

ZDNet.com click the link to read the rest of the story.

Are you still using IE because it’s cheaper?Join the conversation on our Facebook Page!

Posted on

New Google Chrome Add-On Warns When Your Password Isn’t Private

If someone else has used the same password as you and it’s listed in a dump, guess what? Your own account is also at risk. It doesn’t even matter if you used that password on a different website. Once it’s exposed, it’s just not safe to use any more.

With leaks and hacks happening more or less non-stop it’s a difficult task to keep your accounts secure.

Forbes.com click the link to read the rest of the story.

Did you know how easy it was to have a risky password?Join the conversation on our Facebook Page!

Posted on

Billions of Hacked Passwords and Usernames now Free: on the Dark Web

More than 600 gigabytes of hacked accounts from years ago have been compiled and are free to download.

You can check if you were affected by the massive data set with the HPI’s search tool.

Cnet.com click the link to read the rest of the story.

Have you checked to see if your accounts have been hacked?Join the conversation on our Facebook Page!

Posted on

12 Free Tools to Scan Your Website’s Security

If you or your business has a website website you really should take a few minutes and check to make sure it is malware free.  People visiting sites with malware remember to avoid them in the future.  Here is a list out free tools to scan your site for security vulnerabilities, malware.

geekflare.com click the link to read the rest of the story.

Have you been alerted of malware when visiting a local business website?Join the conversation on our Facebook Page!

Posted on

Fake meeting request from the boss steals passwords

Called to a meeting with the CEO? Don’t be so sure.

A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to steal logins and passwords.

ZDNet.com click the link to read the rest of the story.

Has your office received on of these yet?Join the conversation on our Facebook Page!

Posted on

How to use Google’s Password Alert tool to thwart phishing attacks

Google’s built a new tool in the fight against phishing. The free Password Alert Chrome extension keeps track of where you enter your Google account password and alerts you when you’ve entered it someplace other than accounts.google.com. This does two things: it prevents you from re-using your Google password on other sites, and it protects you if you’ve entered your password on a site that’s pretending to be Google to collect your private information, a practice also known as phishing.

Cnet.com click the link to read the rest of the story.

Have you been scammed into giving up your gmail password?Join the conversation on our Facebook Page!

Posted on

The market for cyber-insurance is growing

A survey in 2018 by KPMG found that only a fifth of it bosses thought their firm was well prepared for an attack. … The market is most developed in America, says Robert Hannigan, one of those ex-gchq bosses, thanks in part to Californian laws passed in 2003 that compel firms to confess to large data breaches.

The Economist click the link to read the rest of the story.

Is you firm covered by cyber-insurance?Join the conversation on our Facebook Page!