Now that most of our daily procedures and activities are automatized and available for use on the Internet, we need to take the same level of precaution we did as children, crossing to the other side of the street… today we’re going back to basics — exploring and explaining the most common network security threats you may encounter while online…
How safe is your business from these threats?
This month, Microsoft patched 77 vulnerabilities, including two zero-days — security flaws that were being actively exploited in the wild. … The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told ZDNet it plans to publish an in-depth blog post about these attacks…
Do you think we are staying ahead of the threats?
Whether you pay ransomware actors or not really comes down to some straightforward business calculations. Sometimes the ransom is worth it. … Yet another city is deciding to pay ransomware gangs to get their IT infrastructure back and you can almost feel the consternation among officials. That consternation may also be good business. Simply put, it can make good sense to pay ransomware. In a recent research report, Forrester Research argued that paying ransomware should be viewed as a viable option…
Would your business pay a ransom?
Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer. That much power controlled by its unknown maker posed an existential threat not just to any enterprise connected to the web, but to the internet itself. … Surely something bigger was coming. But it never did. Why? Who created Conficker, and why bother if they were not going to use it?
Who do you think was behind this?
US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system. …
Do you train your office how to identify dangerous emails?
Having your identity stolen can be a nightmare, and cleaning up the mess can take months. You can make life difficult for a would-be identity thief by locking down these five key aspects of your online life. … [In a recent case] hackers were able to convince T-Mobile to issue a replacement SIM that gave them access to his primary phone number. That in turn allowed them to reset passwords on his Gmail account, which pretty much gave them unfettered access to his entire identity. They then proceeded to shut down his Twitter account, wipe out everything associated with his Google account, and even access his online banking accounts.
Have you been the victim of a SIM hack?
Smuggling malware into the power grids of rival states risks making tensions higher, especially when the rules of the game are yet to be established. … The New York Times has reported that the US has escalated its plans to place malware in Russia power networks, in response to similar and ongoing online incursions by Russia-backed hackers. This is the latest development in online hostilities involving power grids; energy companies have long been the targets of cyber-espionage, but in recent years the intent has switched from spying to creating outages.
How are you preparing your business for cyber-ware attacks?
The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted. … According to the U.S. Department of Homeland Security, ransomware is the fastest growing malware threat…
CBSNews.com click the link to read the rest of the story. Our FREE Tools can help!
Have you or will you ever pay a ransom?
A young woman recently contacted me for help: a hacker gained access to her Instagram and Snapchat and started sending her friends “nudes” she had taken. She tried many times to regain access to her account – often arduous efforts requiring she send social media companies selfies with dates and codes – but every time she regained access, the intruder locked her out again and forced her to start from scratch.
When I heard her story I was surprised; in these cases a password reset is usually sufficient. After digging a bit deeper I was astounded by the brutal effectiveness of the hacker’s strategy – so complete it left his victim with no recourse to regain her accounts.
TheGuardian.com click the link to read the rest of the story. Our FREE Tools can help!
Could your business survive this?
The group behind a malware campaign targeting both Windows and Android devices in an adware operation across both Europe and the US have altered its attack techniques and added new payloads including a cryptominer and a Trojan in an apparent bid to make more money from infected devices.
Have you checked to see if your security software blocks the latest version of Scranos?
ASCO, one of the world’s largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium. As a result of having IT systems crippled by the ransomware infection…
Any guess what this is costing the firm?
Orange County based real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003… The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. … this would potentially include anyone who’s ever been sent a document link via email by First American.
Have you done business with First American Financial?
There is a reason why 60% of computers are breached each year. Traditional solutions no longer even see the newest threats. The info-graphic below helps explain why this is.
How are you protecting yourself against next generation threats?
Sixty eight percent of people believe they’re doing all they can to protect themselves against cyberattacks. …Perhaps surprisingly, it’s the older generations which has more confidence about how they’re protecting themselves online, with three quarters of those over 45 confident that they’re doing all they can to protect against data loss. …the higher confidence among older web users could be based on a naivety about the malicious threats that are out there on the internet, while younger users are aware of cybersecurity issues – but still aren’t addressing them.
How confident are you that your security is sufficient?
The most expensive offering on the market is provider information which can be used to forge a medical background, an alarming prospect given the harm which could be done when someone who hasn’t qualified poses as a medical professional. … The cybersecurity firm also found a vast array of forgeries available and for sale. For between $10 and $120 per record, you can buy fake prescriptions, labels, sales receipts, and stolen healthcare cards.
Has your healthcare info been stolen? What was the result?
The Navy SEALs use two breathing techniques that force the body into a more relaxed state when they’re in a high-pressure situation, and anyone can use them to control stress, says Everatt. “Tactical breathing” is a technique to use when you feel yourself having a fight-or-flight response.
Fastcompany.com click the link to read the rest of the story. Our FREE Tools can help!
What techniques have helped you?
Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The leading attack in this new vulnerability class is a security flaw named Zombieload… academics say that all Intel CPUs released since 2011 are most likely vulnerable. Processors for desktops, laptops, and (cloud) servers are all impacted…
ZDNet.com click the link to read the rest of the story. Our FREE Tools can help!
Do you still use Intel chips?
Join the conversation on our Facebook Page!
A collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. The collective, calling itself “Fxmsp,” is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. …
How much trust do you have in your Antivirus program to protect you?
Chances are high that your iPhone or iPad is an absolute treasure trove of personal information that you don’t want falling into the hands of others. And while iOS does a great job of keeping data safe, it’s possible to make the device a lot more secure.
Here are settings you should check (and change) and tweaks you should make to harden the security and lock down your device.
Have you hardened your iPhone from threats?
When this attack was detected by Microsoft, it’s likely a large chunk of the world’s 500 million WinRAR users hadn’t updated… Israeli security firm Check Point revealed that a malicious ACE file could place malware anywhere on a Windows PC after being extracted by WinRAR. The social engineering used in the campaign was crafted to ensure full remote compromise of a machine…
Do you use Winrar?
The addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. The details included names, ages and genders as well as income levels and marital status. …
Cnet.com click the link to read the rest of the story.
Is your cloud data secure?
The average ransom demand by hacker to release files encrypted by their ransomware attack has almost doubled in 2019. … The sharp increase in ransom payments is linked to the emergence of more expensive and more hands-on forms of ransomware… They’ll exploit vulnerabilities in remote desktop protocols or abuse stolen credentials to gain access to systems, moving around networks and laying the groundwork for their ransomware to encrypt as many PCs as possible for the maximum impact.
ZDnet.com click the link to read the rest of the story. Our FREE Tools can help!
Has your company paid a ransom?
The scammers have been delivering the Trickbot Trojan by pretending to send emails from well-known payroll and HR firms such as Paychex and ADP. The emails will contain an attachment that’ll secretly load the malware.
PCmag.com click the link to read the rest of the story. Our FREE Tools can help!
Did you receive these scam emails?
New report demonstrates how quickly hackers see and begin attacks — and the dangers of default login credentials.
It only takes a few seconds for cyber criminals try to hack into newly connected cloud devices and servers!
ZDnet reported that
Researchers at security company Sophos set up honeypots in ten of the most popular AWS data centre locations around the world … and connected them to the internet with common configuration errors, such as using default credentials or insecure passwords).
It took just 52 seconds for hackers to begin attacking the first server and 20 minutes to start on the California server.
The servers were all on Amazon Web Services.
This is a clear demonstration that no-one is able to fly under the radar whilst online. The attackers are using scripts not to focus on any one individual, but to probe the entire internet address space to look for the low-hanging fruit,” said Boddy.
This scripted approach of attempting to login to your online device means that these attackers can attempt to login to a huge number of online devices in no time at all,” he added.
This illustrates why businesses must have security in place prior to it being given internet access, as well as why your business needs as many layers of security as possible.
References:
ZDnet
Ingenious.News click the link to read the rest of the story. Our FREE Tools can help!
How safe are your servers?
With popular sporting events like March Madness, it’s easy for attackers to prey on human emotions with excitement running high and money on the line. With so many employees participating in office pools and brackets, it’s critical to avoid getting phished through fake sporting-themed websites, contests and offers around the games, or malicious browser extensions that claim to keep track of scores and stats.
SecurityBoulevard.com click the link to read the rest of the story. Our FREE Tools can help!
Has your company been hit with this attack?
The findings in the Identity Theft Resource Center (ITRC)’s “2018 End-of-Year Data Breach Report” serve as a stark reminder of why companies should take a layered approach to security.
SecurityIntelligence.com click the link to read the rest of the story.
How many layers of security do you have?
We are building our future on a creaking digital foundation. It’s time for that to change. Cybersecurity is in a terrible state, possibly the worst it’s ever been. Literally not a day goes by without another report of a security breach or a data spill or a hack spilling corporate secrets.
This to me is the way to turn the tide. First, we need to value our own personal data more. …
ZDnet.com click the link to read the rest of the story.
What do you think we should do?
Join the conversation on our Facebook Page!
Some 62% of professionals said they believe the largest insider security threat comes from well-meaning but negligent end users…
More than half (53%) of respondents said they felt the employees who were most likely to be a threat were those who have left or were planning to leave the company, or contractors whose contract had ended…
Three-fourths (75%) of respondents said they believe the biggest insider security risks lie in cloud applications, including popular file storage and email solutions like Google Drive and Dropbox.
TechRepublic.com click the link to read the rest of the story.
What systems do you have in place to deal with internal sabotage?
Criminal “products” from the underworld marketplace are part of a sophisticated and highly profitable global industry.. there’s a thriving underground economy online, a place where tools and techniques are advertised and sold — even given away — and where stolen data is laundered to facilitate online crime. What might surprise you is how many of these underground economies there are and how well-established they have become.
This is a sophisticated and highly profitable global industry. In 2016, ransomware alone generated more than $1 billion in profit for criminals. The FBI is now calling “business email compromise,” where scammers intercept suppliers and payment transfers, the $5 billion scam.
Medium.com click the link to read the rest of the story.
Have you been a victim of online criminals?
A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he’s selling on a dark web marketplace. … This time, the hacker has put up for sale the data of six companies, totaling 26.42 million user records, for which he’s asking 1.2431 bitcoin ($4,940).
ZDNet.com click the link to read the rest of the story.
How are you protecting your passwords?
