Almost half of all organisations have fallen victim to phishing attacks in the last two years, with larger businesses the most likely to been compromised, despite also being most likely to conduct cyber security training for staff.
ZDNet.com click the link to read the rest of the story.
How are you dealing with phishing attacks in your business?
It’s important to learn a bit about how malicious hackers gain access to your credentials.
Three of the most common methods include:
- Man in the Middle (or MITM) attacks
- Using key logger software.
- Employing old-fashioned social engineering.
MITM attacks, as the name suggests, a third party getting between you and your desired target without your knowledge.
DatadrivenInvestor.com click the link to read the rest of the story.
How do you protect yourself from these attacks?
Join the conversation on our Facebook Page!
Google has issued an urgent warning for Chrome users to update their browser… a security flaw is being actively exploited.
The flaw in question is referred to as a “zero-day exploit.”
Infopackets.com click the link to read the rest of the story.
Do you update your software immediately when updates are released?Join the conversation on our Facebook Page!
Most smartphones, laptops, and tablets automatically search and connect to WiFi networks. They usually prefer a network with a previously established connection. If you have ever logged on to the T-Mobile network on the train, for example, your device will search for a T-Mobile network in the area. … My phone automatically connects itself to one of these networks, which [can] belong to [a hackers] device. [Hackers] can also broadcast a fictitious network name, making users believe they are actually connecting to the network of the place they’re visiting…
Everything, with very few exceptions, can be cracked. The idea that public WiFi networks are not secure is not exactly news
Medium.com click the link to read the rest of the story.
Do you still use public wifi?Join the conversation on our Facebook Page!
The gang behind a family of ransomware that has been active for well over a year now have tweaked their tactics in order to ensure the file-locking malware campaign is as effective as possible. GandCrab first emerged in January 2018 and has remained one of the most successful forms of ransomware ever …
GandCrab operates an affiliate model, with its authors providing the ransomware “as-a-service” to wannabe hackers in exchange for a 30 to 40 percent cut of the profits. But now researchers have observed adverts for GandCrab being posted on underground forums, specifically targeted at crooks with skills around operating remote desktop protocols, virtual network computing and experience of infiltrating corporate networks. … There’s currently no free means of decrypting files locked with (the latest versions of ) GandCrab…
ZDNet.com click the link to read the rest of the story.
How many layers of security do you have in place to protect you?Join the conversation on our Facebook Page!
Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains. Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. …Daniel (Ahmad) Moghimi, one of the paper’s authors, told The Register he doubts Intel will be able to patch the issue in the memory subsystem within the next five years.
ZDNet.com click the link to read the rest of the story.
Do you use Intel chips?Join the conversation on our Facebook Page!
The number of phishing attacks is on the rise, more than doubling in recent months, with one in 61 emails delivered to corporate inboxes found to contain a malicious URL. …
The emails are often designed to look like they come from legitimate senders – like a company, or a colleague – in order to gain the trust of the victim, before duping them into clicking the malicious link. …The purpose of the malicious URL could be to deploy malware onto the PC or it could encourage the victim to enter sensitive information into a fake version of a real service…
ZDNet.com click the link to read the rest of the story.
Have many do you think you get every day?Join the conversation on our Facebook Page!
Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century. …
EFF.org click the link to read the rest of the story.
What can we do?Join the conversation on our Facebook Page!
Let this be a lesson: Don’t reuse your passwords.
Hackers accessed tax return information stored with TurboTax using a stolen password from a third party, an Intuit spokesman said Monday.
The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns.
CNet.com click the link to read the rest of the story.
Do you still use the same passwords over and over?Join the conversation on our Facebook Page!
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network. The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
ZDNet.com click the link to read the rest of the story.
Have you made sure yours is patched?Join the conversation on our Facebook Page!
A recent report from security company Malwarebytes reveals how trojans and backdoor attacks have rocketed in the past year. … “We’re seeing a new generation of stealers make an impact recently,” says Jérôme Segura, head of threat intelligence at Malwarebytes. … Gaining persistent remote access — be it to a single user’s computer, or a whole network — is key to many cyber attacks: if they’re stealthy enough, hackers can remain undetected for a long time, as they work towards their long-term goals.
ZDNet.com click the link to read the rest of the story.
Do you ignore these threats?Join the conversation on our Facebook Page!
Anyone who regularly attends the Blackhat or Defcon conferences should understand that short of unplugging a computer system from its power source, it is not possible to rule out serious system and data compromise. There will never be any “silver bullets” to slay the security vulnerability werewolf.
Medium.com click the link to read the rest of the story.
How many layers of security do you have? Join the conversation on our Facebook Page!
Learn which parts of your identity have been stolen in the last five years. Not all attacks are included…
NYTimes.com click the link to read the rest of the story.
Were you surprised?Join the conversation on our Facebook Page!
Governments and private organizations have around 20 minutes to detect and contain a hack…
New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their “breakout time.” “Breakout time” refers to the time a hacker group takes from gaining initial access to a victim’s computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers.
According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally “Bears”) have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.
ZDNet.com click the link to read the rest of the story.
How quickly can your business respond to an attack?Join the conversation on our Facebook Page!
It’s the most common argument against privacy: “If you’ve got nothing to hide, you’ve got nothing to fear.” It’s also the silliest argument against privacy.
Privacy expert and author Daniel Solove has torn down this fallacy in his paper on the subject. But Solove’s essay is a complex take on a nuanced subject. Instead, the simple rhetoric of the “nothing to hide” argument is easier to repeat.
But no matter how little you have to hide, the implications of online privacy breaches are major. These few resources explain the pitfalls clearly and concisely.
MakeUseOf.com click the link to read the rest of the story.
What steps have you take to regain your online privacy?Join the conversation on our Facebook Page!
If someone else has used the same password as you and it’s listed in a dump, guess what? Your own account is also at risk. It doesn’t even matter if you used that password on a different website. Once it’s exposed, it’s just not safe to use any more.
With leaks and hacks happening more or less non-stop it’s a difficult task to keep your accounts secure.
Forbes.com click the link to read the rest of the story.
Did you know how easy it was to have a risky password?Join the conversation on our Facebook Page!
More than 600 gigabytes of hacked accounts from years ago have been compiled and are free to download.
You can check if you were affected by the massive data set with the HPI’s search tool.
Cnet.com click the link to read the rest of the story.
Have you checked to see if your accounts have been hacked?Join the conversation on our Facebook Page!
If you or your business has a website website you really should take a few minutes and check to make sure it is malware free. People visiting sites with malware remember to avoid them in the future. Here is a list out free tools to scan your site for security vulnerabilities, malware.
geekflare.com click the link to read the rest of the story.
Have you been alerted of malware when visiting a local business website?Join the conversation on our Facebook Page!
Called to a meeting with the CEO? Don’t be so sure.
A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to steal logins and passwords.
ZDNet.com click the link to read the rest of the story.
Has your office received on of these yet?Join the conversation on our Facebook Page!
Recent months have seen an uptick in reports of JavaScript malware that hides in image files. This is often referred to as “image based malware” or “steganography malware” in more technical contexts. …
Medium.com click the link to read the rest of the story.
Have you been hit by this attack?Join the conversation on our Facebook Page!
WordPress site owners using the “Total Donations” plugin are advised to delete the plugin from their servers… This affects all versions of Total Donations, a commercial plugin that site owners have bought from CodeCanyon over the past years, and have used to gather and manage donations from their respective user-bases.
ZDNet.com click the link to read the rest of the story.
Were you using it?Join the conversation on our Facebook Page!
Over the last ten months, security researchers filed abuse reports with web hosting providers and have taken down nearly 100,000 URLs that were used to distribute malware … the organization noted that recent numbers indicate that the average take-down time has now increased to more than a week, to 8 days, 10 hours, and 24 minutes, giving malware authors more than enough time to infect thousands of device every day. …
ZDNet.com click the link to read the rest of the story.
How much damage could this cause your customers if your site were infected?Join the conversation on our Facebook Page!
Over half of applications installed on Windows PCs are out-of-date, potentially putting the security of users at risk through flaws in software that have already been patched by vendors. … running out-of-date software can provide an open door for hackers to take advantage of holes left in programs that haven’t had critical security updates applied….
ZDNet.com click the link to read the rest of the story.
How do you make sure your computer software is up to date?Join the conversation on our Facebook Page!
The report found… the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%). … These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%). …Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked…
TechRepublic.com click the link to read the rest of the story.
How much would it cost your business?Join the conversation on our Facebook Page!
You know those voice mails you get claiming to be from “Windows support”? It looks like scammers are upping their game with convincing phishing calls claiming to be from Apple, security expert Brian Krebs said in a report Thursday.
The scam starts an automated call showing Apple’s logo, address and legitimate Apple phone number that warns the user to return the call because of a data breach, according to the security website. The message then gives a 1-866 number to call back. That number is “a known phishing source,” the security analyst said.
CNet.com click the link to read the rest of the story.
Have you been hit with this scam?Join the conversation on our Facebook Page!
A well-resourced and prolific hacking group is distributing a new strain of malware that gives the hackers remote desktop access as part of an information-stealing campaign targeting banks, retailers and businesses. … The remote access trojan capabilities of FlawedGrace mean it allows attackers to gain almost full control over an infected device. Given how the campaign targets banks and retailers, it’s likely that acquiring money is the ultimate goal of the attacks…
ZDNet.com click the link to read the rest of the story.
How are you protecting yourself from these attacks?Join the conversation on our Facebook Page!
We’re going to see more mega-breaches and ransomware attacks in 2019. … But cyber-defenders should be paying attention to new threats, too. Here are some that should be on watch lists:
Thanks to advances in artificial intelligence, it’s now possible to create fake video and audio messages that are incredibly difficult to distinguish from the real thing. These “deepfakes” could be a boon to hackers in a couple of ways. AI-generated “phishing” e-mails that aim to trick people into handing over passwords and other sensitive data have already been shown to be more effective than ones generated by humans. Now hackers will be able to throw highly realistic fake video and audio into the mix, either to reinforce instructions in a phishing e-mail or as a standalone tactic.
MITTechnologyReview.com click the link to read the rest of the story.
Are you taking security more seriously this year?Join the conversation on our Facebook Page!
Email leads users to share highly sensitive information in a seemingly private way when, in reality, it’s everything but private. Case in point: see the image below and note a typical unassuming email containing a person’s credit card information. This may seem like a stupid mistake, but you’d be surprised at how common these type of emails get sent on a daily basis (I’m looking at you, mom). The only factor taken into consideration by the sender in these cases is that they trust the person on the receiving end. The problem here is…
Medium.com click the link to read the rest of the story.
Is your email secure? Are you certain?Join the conversation on our Facebook Page!
Just like in the previous years, 2018 had its fair share of data breaches. However, it’s rather impressive of how those breaches have evolved over those years. Because of the increased awareness, breaches seldomly go unnoticed anymore. And that’s a good thing.
Medium.com click the link to read the rest of the story.
How was your business affected by these security breaches? Do you know if your business was breached?Join the conversation on our Facebook Page!
This year tech giants, governments, and even the humble sandwich chain have proved that we can trust no one with our personal data. At best, these companies were woefully underprepared to keep our data safe. At worst, they allowed the data we gave them to help others influence our fragile democracy.
When it came to data scandals and breaches in 2018, the only good news was…
FastCompany.com click the link to read the rest of the story.
What lessons did you learn about your security needs last year?Join the conversation on our Facebook Page!
