Insights

Has Your Device Been Compromised?

Cybercriminals are very devious and have many ways to compromise devices to steal information. This Insight offers some indicators that your device may be compromised. 

 

Signs of device compromise


Chrome 108 Patches High-Severity Memory Safety Bugs

Patches for many newly discovered bugs in Chrome have been issued. Be sure and install the patches as soon as possible because many are very serious compromises. 

 

Install these patches ASAP


The Evolution of Business Email Compromise

Business Email Compromise is a major attack method. This article explains how this favorite attack type evolved.  

 

How BEC developed


Web App and API Attacks Surge 257% in Financial Services

Financial services are a favorite target for cybercriminals. The attacks are increasing, so be extra careful.

Financial Services attacks surge


IBM Cloud Supply Chain Vulnerability Showcases New Threat Class

Cybercriminals are creative in their approaches to compromising your accounts and systems. This article shows a new class of threats. 

 

New Threat Class Discovered


Social Media-Friend and Foe

Social media has grown to be a necessary service for businesses to share all types of information. But it has also become a service that is heavily exploited by cybercriminals. Learn the risks. 

Social Media-risk and reward


Phishing Attacks Misuse Microsoft Dynamics 365 Customer Voice Functionality to Hide Malicious Links

By using legitimate features of popular software, cybercriminals are able to avoid detection by anti-malware programs and spread their infections. 

True app features used to conceal malware


Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident

As valuable as zero-trust has proven to be, over stretched cybersecurity teams and the shift to cloud or multiple cloud environments are has slowed the deployment to a crawl. 

Zero-Trust initiatives put on hold


Hundreds Infected With 'Wasp' Stealer in Ongoing Supply Chain Attack

Python, a popular programming language, is being used to spread malware. The Python download package is infected with malware and downloading it infects your systems. 

 

Python packages infected


China-Based Billbug APT Infiltrates Certificate Authority

Certificates are used to prove a service or app is who they say they are. The Certificate authority verifies that fact before issuing the certificate. But with a compromised certificate authority, trust is significantly diminished. 

 

Compromised certificate authority creates problems


Cyber Safety Basics

Cyber security is complex and changing. But certain actions remain basic and effective at helping keep your information safe and your company in business. 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Cyber%20Safety%20Basics%20v2%202022-11-11.pdf


Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

Critical vulnerabilities in Citrix and VMware allow cybercriminals to takeover remote workspaces. Patches are available. Be sure to install them ASAP. 

Keeping up to date with patches is important


FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

Refunds get our attention. Especially at this time of year with holiday expenses. But the refunds are not always real. 

Watch out! The refund offer may not be what you expect


Phishing Campaign Abuses Microsoft Customer Voice

Microsoft Voice is used by MS to collect feedback. But cybercriminals are using it to convince people to go to a link for a voicemail that uses a real Microsoft link. However, the Play Voicemail button goes to a phishing site. 

MS Voice and real site used in phishing scam


Evasive KmsdBot Cryptominer/DDoS Bot Targets Gaming, Enterprises

Recently we warned of an attack on gamers that was considered a trial balloon by cybercriminals before they went after enterprises. The trial must have been successful because now they are going after gamers and enterprises. 

 

Initial attacks on gamers move to enterprises