Trojan malware: The hidden cyber threat to your PC

A recent report from security company Malwarebytes reveals how trojans and backdoor attacks have rocketed in the past year. … “We’re seeing a new generation of stealers make an impact recently,” says Jérôme Segura, head of threat intelligence at Malwarebytes. … Gaining persistent remote access — be it to a single user’s computer, or a whole network — is key to many cyber attacks: if they’re stealthy enough, hackers can remain undetected for a long time, as they work towards their long-term goals.

ZDNet.com click the link to read the rest of the story.

Do you ignore these threats?Join the conversation on our Facebook Page!

 

There is no single solution to computer security

Anyone who regularly attends the Blackhat or Defcon conferences should understand that short of unplugging a computer system from its power source, it is not possible to rule out serious system and data compromise. There will never be any “silver bullets” to slay the security vulnerability werewolf.

Medium.com click the link to read the rest of the story.

How many layers of security do you have? Join the conversation on our Facebook Page!

12 Free Tools to Scan Your Website’s Security

If you or your business has a website website you really should take a few minutes and check to make sure it is malware free.  People visiting sites with malware remember to avoid them in the future.  Here is a list out free tools to scan your site for security vulnerabilities, malware.

geekflare.com click the link to read the rest of the story.

Have you been alerted of malware when visiting a local business website?Join the conversation on our Facebook Page!

Fake meeting request from the boss steals passwords

Called to a meeting with the CEO? Don’t be so sure.

A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to steal logins and passwords.

ZDNet.com click the link to read the rest of the story.

Has your office received on of these yet?Join the conversation on our Facebook Page!

Mac Users Beware: New Ad Technique Infects You With Trojans

Recent months have seen an uptick in reports of JavaScript malware that hides in image files. This is often referred to as “image based malware” or “steganography malware” in more technical contexts. …

Medium.com click the link to read the rest of the story.

Have you been hit by this attack?Join the conversation on our Facebook Page!

Security researchers take down 100,000 malware sites last year

Over the last ten months, security researchers filed abuse reports with web hosting providers and have taken down nearly 100,000 URLs that were used to distribute malware … the organization noted that recent numbers indicate that the average take-down time has now increased to more than a week, to 8 days, 10 hours, and 24 minutes, giving malware authors more than enough time to infect thousands of device every day. …

ZDNet.com click the link to read the rest of the story.

How much damage could this cause your customers if your site were infected?Join the conversation on our Facebook Page!

Cyberattacks now cost $1.1M for the average business

The report found… the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%).  … These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%). …Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked…

TechRepublic.com click the link to read the rest of the story.

How much would it cost your business?Join the conversation on our Facebook Page!

‘Apple support’ phishing scams are getting really good

You know those voice mails you get claiming to be from “Windows support”? It looks like scammers are upping their game with convincing phishing calls claiming to be from Apple, security expert Brian Krebs said in a report Thursday.

The scam starts an automated call showing Apple’s logo, address and legitimate Apple phone number that warns the user to return the call because of a data breach, according to the security website. The message then gives a 1-866 number to call back. That number is “a known phishing source,” the security analyst said.

CNet.com click the link to read the rest of the story.

Have you been hit with this scam?Join the conversation on our Facebook Page!

New Trojan attack adds a backdoor to your Windows PC to steal data

A well-resourced and prolific hacking group is distributing a new strain of malware that gives the hackers remote desktop access as part of an information-stealing campaign targeting banks, retailers and businesses. … The remote access trojan capabilities of FlawedGrace mean it allows attackers to gain almost full control over an infected device. Given how the campaign targets banks and retailers, it’s likely that acquiring money is the ultimate goal of the attacks…

ZDNet.com click the link to read the rest of the story.

How are you protecting yourself from these attacks?Join the conversation on our Facebook Page!

Five emerging cyber-threats to worry about in 2019

We’re going to see more mega-breaches and ransomware attacks in 2019. … But cyber-defenders should be paying attention to new threats, too.  Here are some that should be on watch lists:

Thanks to advances in artificial intelligence, it’s now possible to create fake video and audio messages that are incredibly difficult to distinguish from the real thing. These “deepfakes” could be a boon to hackers in a couple of ways. AI-generated “phishing” e-mails that aim to trick people into handing over passwords and other sensitive data have already been shown to be more effective than ones generated by humans. Now hackers will be able to throw highly realistic fake video and audio into the mix, either to reinforce instructions in a phishing e-mail or as a standalone tactic.

MITTechnologyReview.com click the link to read the rest of the story.

Are you taking security more seriously this year?Join the conversation on our Facebook Page!

Why you should be using encrypted email

Email leads users to share highly sensitive information in a seemingly private way when, in reality, it’s everything but private. Case in point: see the image below and note a typical unassuming email containing a person’s credit card information. This may seem like a stupid mistake, but you’d be surprised at how common these type of emails get sent on a daily basis (I’m looking at you, mom). The only factor taken into consideration by the sender in these cases is that they trust the person on the receiving end. The problem here is…

Medium.com click the link to read the rest of the story.

Is your email secure? Are you certain?Join the conversation on our Facebook Page!

Cybersecurity in 2018: the bad, the worse and the downright nasty

Just like in the previous years, 2018 had its fair share of data breaches. However, it’s rather impressive of how those breaches have evolved over those years. Because of the increased awareness, breaches seldomly go unnoticed anymore. And that’s a good thing.

Medium.com  click the link to read the rest of the story.

How was your business affected by these security breaches?  Do you know if your business was breached?Join the conversation on our Facebook Page!

How Our Data Got Hacked, Scandalized, and Abused in 2018

This year tech giants, governments, and even the humble sandwich chain have proved that we can trust no one with our personal data. At best, these companies were woefully underprepared to keep our data safe. At worst, they allowed the data we gave them to help others influence our fragile democracy.

When it came to data scandals and breaches in 2018, the only good news was…

FastCompany.com  click the link to read the rest of the story.

What lessons did you learn about your security needs last year?Join the conversation on our Facebook Page!

U.S. Exposes Massive Chinese Spying Campaign

The threats we face have never been more severe and more pervasive and more potentially damaging to our national security, and no country poses a broader and more severe long-term threat to our nation’s economy and cyber infrastructure than China,” FBI Director Christopher Wray said at a news conference in Washington.

Bloomberg.com click the link to read the rest of the story.

Are you concerned with nation state hacking of your business?Join the conversation on our Facebook Page!

Cybersecurity Explained to your Grandparents

After blockchain and Artificial Intelligence, it’s time to become a cybersecurity expert. Cybersecurity is not an easy concept, but it can be understood as a peacekeeper against digital world’s growing threats. The startups in the Cyber@StationF program led by Thales help us get some answers to questions about this mysterious world that you didn’t even think of asking.

Medium.com  click the link to read the rest of the story.

What technology have you needed help explaining?Join the conversation on our Facebook Page!

How My Email Account Got Hacked and the Steps I Took

Warning: this story gets very cringeworthy.

How did I find out? Well I got an email saying that some malicious software had been downloaded on my computer and had obtained some scandalous information about me. The email threatened to release the information they captured if I did not pay them with Bitcoin.

Apparently this is a fairly common email scam that goes around. …

Hackernoon.com  click the link to read the rest of the story.

Has your email been hacked? What did you do?Join the conversation on our Facebook Page!

How to Tell If A Website Is Dangerous

These days it can be very difficult to tell if a site is trustworthy or not. Many nefarious sites are being designed to look respectable. Thus you should always make sure that a site is not dangerous by using multiple approaches. This is especially important to consider before providing a site with sensitive information such as credit card numbers, banking information, your email address, etc…

In general you may want to be wary of a site if it asks you for unnecessary personal information, a credit card number, or a bank number when it’s not necessary.

TechSupportAlert.com click the link to read the rest of the story.

What do you look for before responding to these alerts?Join the conversation on our Facebook Page!

Think You Have Cybersecurity Taken Care Of? Think Again

If you learned that homes with your same model of alarm system were being broken into 32 percent more often this year than last, you might no longer think your system is secure enough. Yet many companies assume their IT infrastructure is still secure, despite the fact that cyberattacks jumped 32 percent between the first quarters of 2017 and 2018…

Forbes.com click the link to read the rest of the story.

When was last time your operation was breached?  Did you even know about it?Join the conversation on our Facebook Page!

Got ransomware? These tools may help

There may be a way to get those files back without paying a ransom. But first a couple of basic questions…

infoworld.com click the link to read the rest of the story.

Have you been hit with ransomware?  How did you recover?Join the conversation on our Facebook Page!

How to spot fake, scam or fraudulent websites

This guide will teach you how to recognize secure websites you can trust and how to spot fake ones run by fraudsters looking to scam you.

comparitech.com click the link to read the rest of the story.

What was the most valuable lesson here for you ?Join the conversation on our Facebook Page!

Identity Theft 101 – What is Identity Theft?

What is identity theft? It is simply when someone uses your identity as their own. But there’s nothing simple at all about the damage left in their wake. There are close to 10 different types of identity theft, which we’ll detail below. …

I will dig into the identity theft basics, including how it happens, some of the most common types of identity theft, and what you can do to protect yourself.

Libertyid.com click the link to read the rest of the story.

Has your identity been stolen?  What happened as a result?Join the conversation on our Facebook Page!

How to Spot and Avoid Fake Virus & Malware Warnings

As you use your computer and browse the Web, you may occasionally run into infection warnings that appear to be legitimate but aren’t. These anti-malware warning messages — appropriately called “scareware” — are designed to scare you into installing fake anti-malware programs that are actually malware in disguise.

So how can you tell between real and fake warning messages? It can be tough, but as long as you stay calm and take your time, there are a few signs you can look for that will help you distinguish between the two.

makeuseof.com click the link to read the rest of the story.

Have you been scammed?Join the conversation on our Facebook Page!

Hackers Aren’t Afraid of Us – This is why

Commander of the United States Cyber Command, Gen. Paul Nakasone was asked whether our adversaries think they will suffer if they strike us with cyberweapons. “They don’t fear us,” General Nakasone replied.  So while the United States remains the greatest cyberpower on earth, it is increasingly losing daily cyberconflicts. The range of American targets is so wide and deep that it is almost impossible to understand all of the vulnerabilities. And because most of those targets don’t belong to the government…

NYTimes.com click the link to read the rest of the story.

Are you concerned that hackers could destroy your business?

Join the conversation on our Facebook Page!

SplitSpectre – new Spectre-like CPU attack discovered

A SplitSpectre attack is far easier to execute than an original Spectre attack. Researchers explain:

Although Spectre v1 is powerful and does not rely on SMT (Simultaneous Multithreading), it requires […] a gadget to be present in the victim’s attack surface. Google Project Zero writes in their original blog post on Spectre v1 [46] that they could not identify such a vulnerable code pattern in the kernel, and instead relied on eBPF (extended Berkeley Packet Filter) to place one there themselves.  In this point lies the strength of our new Spectre v1 variant, SplitSpectre. As its name implies, it splits the Spectre v1gadget into two parts Researchers say the second half of this improved exploitation scenario can be run within the attacker’s own malicious code, instead of the target’s kernel, simplifying the exploitation procedure.

ZDnet.com  click the link to read the rest of the story.

How are you protecting your computers from this attack?Join the conversation on our Facebook Page!

Cybercrime and cyberwar: A spotter’s guide to the groups that are out to get you

The bulk of cybercrime is carried out by the equivalent of real-world opportunist thieves. These are the petty criminals of the online world, the crooks you’re most likely to come across, or at least feel the impact of, as an individual.

ZDnet.com  click the link to read the rest of the story.

Which type of hacker has caused you the most damage?Join the conversation on our Facebook Page!

A Cybersecurity Moonshot – Inside Chronicle & Alphabet and Project Lantern

Fifteen years ago, cybersecurity could be boiled down to a simple strategy: Secure the perimeter. [Today]…

Many businesses use 10, 20 or 30 different security products to protect their systems. They all have advantages, and security practitioners will use different combinations to investigate a potential threat. If a team has access to 15 tools, for instance, one engineer might think to use three of them while another tries a completely different subset. There isn’t enough time to try them all, so experts pick products based on their experience and what they believe will be best suited to the task.

It’s a messy problem that doesn’t have a simple answer.

Engadget.com  click the link to read the rest of the story.

How many layers of cyber security does your business have?Join the conversation on our Facebook Page!

New online service will hack printers to spew out spam

A new service has spawned over the weekend advertising the same type of functionality, but for everyone.

Going under the generic term of “Printer Advertising,” this new service claims it can hack printers all over the world to print out messages on demand, similar to the PewDiePie promo hack that took place over the weekend.

“We have the ability to reach every single printer in the world,” claims a website launched on Sunday. “Reservations are limited.”

ZDnet.com  click the link to read the rest of the story.

Have you been hit yet?Join the conversation on our Facebook Page!

Data Breaches Keep Happening. So Why Don’t You Do Something?

Experts caution that the stream of news about such breaches can set a new normal and instill a sense of fatalism — and complacency — in consumers.

Anthony Vance, an associate professor and director of the Center for Cybersecurity at the Fox School of Business at Temple University, said last year’s breach of information held by the credit reporting company Equifax, which affected 145 million Americans, was “a game-changer.”

The information gleaned could be used to fraudulently open new credit accounts, he said, adding, “That should give even the most jaded American consumer pause and prompt them to do something.”

But evidence suggests that high-profile breaches don’t typically change consumers’ behavior.

NYTimes.com  click the link to read the rest of the story.

What should we do?Join the conversation on our Facebook Page!

How Do Customers View Businesses After a Data Breach?

Nothing can be quite as devastating to a business’s customer base than a data breach.

How do customers perceive businesses after a data breach? What was once a highly-trusted, well-regarded company could be quickly downgraded to an untrustworthy, irresponsible company after a data breach.

RevisionLegal.com  click the link to read the rest of the story.

If you have been breached, what did it cost your firm?Join the conversation on our Facebook Page!

Cybersecurity Is About Much More Than Hacking

There is growing concern among professionals that cybersecurity firms are seriously understaffed, and there aren’t nearly enough of them to combat the growing number of cyberattacks. Making matters worse, the continued drive toward accelerated training programs for software developers means that more developers are deploying code who have not had any formal security training.

Medium.com  click the link to read the rest of the story.

Are you ready for the new security challenges?Join the conversation on our Facebook Page!