Risk Assessment’s Importance In Cyber Security
For many companies risk assessment has not had a prominent role in cybersecurity assessments leading to improper allocation of cybersecurity funding and staff. This has left the company ill prepared for true cost of breaches and restoration of services, applications, and company reputation.
Risk Assessment Deserves Prominent Place in Cybersecurity
New Android Spyware Variants Linked to Middle Eastern APT
The new spyware is designed to be better at hiding from protective software and more persistent in its ability to stay on the phone. When it gets installed it requests permissions that give it control over aspects of the phone.
New Android Spyware Better at Avoiding Detection
Is your Christmas present spying on you? How to assess gifts’ privacy risks
Safety of gifts has been a concern for many years, especially gifts for children. Now there is a new concern for everyone and that is what is the gift learning about you and who is it sharing that information with. As toys and devices become “smarter” they learn more about us. Convenient, probably, but what are the risks?
Safety Concerns Expand to Information Theft
Holiday Scams Drive SMS Phishing Attacks
Many are familiar with phishing attacks that use emails that entice us to click links that download malware or steal personal information. The new scams use SMS or text messages for the same purpose.
SMS is new Phishing Attack lure
HP Issues Firmware Updates for Printer Product Vulnerabilities
Printers have long been considered as not needing much security but they have also been recognized as easy targets for cybercriminals yielding access to the company network.
Fixes issued for HP printer vulnerabilities
Alignment of Business and IT Affects Cyber Risk
Business and IT alignment has been an ongoing issue. But, when it comes to cybersecurity, the differences between the business and IT have a serious impact on business risk and the cost of breaches.
Business-IT Alignment Affects Cyber Risks
SMS About Bank Fraud as a Pretext for Voice Phishing
Scammers are now combining Smishing and Phishing in a new way to steal your information. A text arrives from your bank asking about suspected fraud. There is no link to click as in most smishing, simply a question, did you authorize this transfer, reply yes or no. Seems fine. A reply is immediately followed by a phone call purporting to be the bank fraud department who has to verify you are the account owner by asking questions about personal information.
Smishing and Vishing Combine in new scam
Microsoft Fixes Exchange Server Zero-Day
The latest Microsoft update fixes 55 vulnerabilities in a number of products including six zero-days with some being actively exploited.
Microsoft fixes 55 vulnerabilities
Emotet malware: “The report of my death was an exaggeration”
Emotet was a major attack method that many thought had been conquered. But it has come back because it is way more than a attack method. It is a framework for attacks that gets used to deliver different types of malware.
Emotet is back
3 Ways to Deal With the Trojan Source Attack
While rather technical, this article can provide some good protection techniques against a malicious type of attack.
Dealing With Trojan Attacks
Cybersecurity – Why Isn’t It More Effective?
So many tools and training companies all claiming to offer protection. Yet new breaches keep occurring. What is missing?
Cyber Tools and training not stopping breaches
WordPress Plug-In Bugs Put 1 Million-Plus Sites At Risk
WordPress is one of the most popular tools for websites. A recently discovered bug in a plugin exposed the REST-API on more than 1 million websites. This is considered a high severity bug. Fortunately it has now been patched. Be sure to install the patch.
WordPress PlugIn issues patch for high severity bug
CISA Issues New Directive for Patching Known Exploited Vulnerabilities
CISA, the US Cybersecurity and Infrastructure Security Agency (CISA) released new guidelines for federal agencies on how quickly they must install patches for
bugs being actively exploited. This directive only applies to federal agencies but
all companies should consider it good advice.
CISA Provides Guidance on Installing Bug Fixes
“Customer complaint” email scam preys on your fear of getting into trouble at work
No one wants to be in trouble. That is the trick in a new spear phishing campaign directed at customer service staff. Emails are sent to staff showing a serious complaint supposedly filed against you by a customer. A link is provided to view the complaint. It also tells you to call the sender who appears to be a more senior employee within a short time frame. People are afraid and click the link sending information to the cybercriminals.
Customer Complaint Email Scam
US House Passes Acts to Help SMBs with Cybersecurity
While only the House of Representatives has passed this so far, it is a first step in helping small businesses which are the target of at least 50% of attacks to better protect themselves.
US House passes bill to help Small Business with Cybersecurity