Ransomware Can Be Fatal To Small Business
Published Sep 22 2023 11:38 AM
Ransomware attacks often make the news especially if it is large company that is attacked. However, small companies are frequent targets because they have fewer cybersecurity resources and are more likely to pay the ransom. This Insight provides guidance on how to protect against successful ransomware attacks.
Small businesses are prime ransomware targets
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
Published Sep 22 2023 11:36 AM
New Zero-Days have been found on multiple Apple platforms. These are serious vulnerabilities and should be patched as soon as possible.
New Zero-Days mean patch ASAP
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service
Published Sep 22 2023 11:32 AM
Snatch malware forces Windows systems to reboot into Safe mode. That prevents any antimalware services from running on the system allowing Snatch to encrypt files unimpeded.
Reboot to Safe mode prevents detection
MGM Restores Casino Operations 10 Days After Cyberattack
Published Sep 22 2023 11:30 AM
It took MGM 10 days to resume operations after a cyberattack. How many companies can survive for 10 days without income, not being able to sell anything, bill anything or in any way do business?
10 days to recover from ransomware attack
Fake WinRAR PoC Exploit Conceals VenomRAT Malware
Published Sep 22 2023 11:28 AM
Cybercriminals created a fake Proof of Concept, PoC, of a vulnerability and released it to researchers. Sounds very considerate except the PoC contained malware that it loaded onto the researcher’s systems.
Fake news contains malware
SEC Requires Cyber Expertise
Published Sep 15 2023 2:49 PM
The SEC has mandated cyber expertise on company Boards of Directors and at senior management level. What does this mean practically? What degree of expertise is needed and how do you prove this to the SEC. This Insight provides answers to these questions.
SEC new cyber expertise requirements
When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'
Published Sep 15 2023 2:46 PM
Cyberattackers are using two types of ransomware to infect target companies. If the first one is foiled or just doesn’t work, the second one triggers at 3 AM when there is probably less oversight on the systems.
Two ransomware strains at once
NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware
Published Sep 15 2023 2:39 PM
First cybercriminals used ransomware to encrypt your information to extract a payment. Then they exported your data first before encrypting it, threatening to release it publicly if the ransom isn’t paid. Now, they some cybercriminals aren’t bothering to encrypt the data at all but are just stealing the data and threatening to release it if you don’t pay them.
Ransomware no longer needed for extortion
Microsoft Azure HDInsight Plagued With XSS Vulnerabilities
Published Sep 15 2023 2:36 PM
HDInsight, the Microsoft’s service for managing big data analytics has received at least 8 patches. This follows concern about Microsoft’s security practices for its cloud services.
More Microsoft security issues
'Scattered Spider' Behind MGM Cyberattack, Targets Casinos
Published Sep 15 2023 2:32 PM
A cyber criminal group called “Scattered Spider” is claiming responsibility for the ransomware attacks on casinos. They are believed to be a US and UK based group using social engineering to penetrate companies. They claim it took only 10 minutes to socially engineer the credentials needed for the attack. They have been paid in the tens of millions of dollars to decrypt the information.
Social Engineering causes big damage
Protecting Against Deepfakes
Published Sep 8 2023 10:40 AM
Deepfakes are getting easier to create and very believable. Learn what they can do, how cybercriminals may use them and what you can do to protect yourself and your company.
Deepfakes harder to spot
Microsoft IDs Security Gaps that Let Threat Actors Steal Signing Key
Published Sep 8 2023 10:37 AM
Cybercriminals used vulnerabilities that allowed them to breach email accounts from users. This has been traced to errors by Microsoft.
Microsoft signing keys stolen
Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
Published Sep 8 2023 10:34 AM
A Zero day flaw has been found affecting Apple iPhones, iPads, macOS and watches. Be sure to install the patch quickly.
Serious Apple Zero day - patch now
AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses
Published Sep 8 2023 10:31 AM
AtlasVPN is a freemium VPN owned by NordVPN. It has a large user base and that is one reason cybercriminals target it. Now a vulnerability has been found that allows cybercriminals to get the IP address of users and disconnect them. Since the intent of a VPN is to mask users’ IP address, this is a serious flaw.
VPN security breached
Google's Souped-up Chrome Store Review Process Foiled by Data-Stealer
Published Sep 8 2023 10:29 AM
Google implemented the Manifest v3 security standard by cybercriminals have still found a way to get malicious extensions past the security. Be careful before installing extensions even if they are in the Google Chrome store.
Chrome store protections avoided