Insights

Risk Assessment’s Importance In Cyber Security

For many companies risk assessment has not had a prominent role in cybersecurity assessments leading to improper allocation of cybersecurity funding and staff. This has left the company ill prepared for true cost of breaches and restoration of services, applications, and company reputation. 

Risk Assessment Deserves Prominent Place in Cybersecurity


New Android Spyware Variants Linked to Middle Eastern APT

The new spyware is designed to be better at hiding from protective software and more persistent in its ability to stay on the phone. When it gets installed it requests permissions that give it control over aspects of the phone. 

New Android Spyware Better at Avoiding Detection


Is your Christmas present spying on you? How to assess gifts’ privacy risks

Safety of gifts has been a concern for many years, especially gifts for children. Now there is a new concern for everyone and that is what is the gift learning about you and who is it sharing that information with. As toys and devices become “smarter” they learn more about us. Convenient, probably, but what are the risks? 

Safety Concerns Expand to Information Theft


Holiday Scams Drive SMS Phishing Attacks

Many are familiar with phishing attacks that use emails that entice us to click links that download malware or steal personal information. The new scams use SMS or text messages for the same purpose. 

 

SMS is new Phishing Attack lure


HP Issues Firmware Updates for Printer Product Vulnerabilities

Printers have long been considered as not needing much security but they have also been recognized as easy targets for cybercriminals yielding access to the company network. 

Fixes issued for HP printer vulnerabilities


Alignment of Business and IT Affects Cyber Risk

Business and IT alignment has been an ongoing issue. But, when it comes to cybersecurity, the differences between the business and IT have a serious impact on business risk and the cost of breaches. 

 

Business-IT Alignment Affects Cyber Risks


SMS About Bank Fraud as a Pretext for Voice Phishing

Scammers are now combining Smishing and Phishing in a new way to steal your information. A text arrives from your bank asking about suspected fraud. There is no link to click as in most smishing, simply a question, did you authorize this transfer, reply yes or no. Seems fine. A reply is immediately followed by a phone call purporting to be the bank fraud department who has to verify you are the account owner by asking questions about personal information.

 

Smishing and Vishing Combine in new scam


Microsoft Fixes Exchange Server Zero-Day

The latest Microsoft update fixes 55 vulnerabilities in a number of products including six zero-days with some being actively exploited. 

  

Microsoft fixes 55 vulnerabilities


Emotet malware: “The report of my death was an exaggeration”

Emotet was a major attack method that many thought had been conquered. But it has come back because it is way more than a attack method. It is a framework for attacks that gets used to deliver different types of malware. 

 

Emotet is back


3 Ways to Deal With the Trojan Source Attack

While rather technical, this article can provide some good protection techniques against a malicious type of attack. 

 

Dealing With Trojan Attacks


Cybersecurity – Why Isn’t It More Effective?

So many tools and training companies all claiming to offer protection. Yet new breaches keep occurring. What is missing?  

 

Cyber Tools and training not stopping breaches


WordPress Plug-In Bugs Put 1 Million-Plus Sites At Risk

WordPress is one of the most popular tools for websites. A recently discovered bug in a plugin exposed the REST-API on more than 1 million websites. This is considered a high severity bug. Fortunately it has now been patched. Be sure to install the patch.  

 

WordPress PlugIn issues patch for high severity bug


CISA Issues New Directive for Patching Known Exploited Vulnerabilities

CISA, the US Cybersecurity and Infrastructure Security Agency (CISA) released new guidelines for federal agencies on how quickly they must install patches for  

bugs being actively exploited. This directive only applies to federal agencies but 

all companies should consider it good advice. 

 

CISA Provides Guidance on Installing Bug Fixes


“Customer complaint” email scam preys on your fear of getting into trouble at work

No one wants to be in trouble.  That is the trick in a new spear phishing campaign directed at customer service staff. Emails are sent to staff showing a serious complaint supposedly filed against you by a customer. A link is provided to view the complaint. It also tells you to call the sender who appears to be a more senior employee within a short time frame. People are afraid and click the link sending information to the cybercriminals. 

 

Customer Complaint Email Scam


US House Passes Acts to Help SMBs with Cybersecurity

While only the House of Representatives has passed this so far, it is a first step in helping small businesses which are the target of at least 50% of attacks to better protect themselves. 

 

US House passes bill to help Small Business with Cybersecurity