Insights

Being Breached Is Only Part of the Problem

Breaches are becoming all too common. But how you communicate to clients, patients, employees, suppliers and other affected parties will affect their view of you. Learn what to do and not do to improve your changes of surviving or even thriving after the breach. 

 

Being Breached is Only Part of the Problem


Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own

Pwn2Own is a white hat hacking event meaning it is done to uncover bugs and vulnerabilities and share them with the companies, not exploit them for harm or damage. In this year’s virtual event researchers were able to find ways to penetrate Microsoft Teams to execute code. And then were able to show how bugs in the Zoom client would allow a hacker to take complete control of the machine.

 

Zoom joins Microsoft Teams On List Of Enterprise Tools Hacked at pwn2own


Fake Netflix App Luring Android Users to Malware

An app on the Google Android Play store masquerades as being able to allow people to watch Netflix for free. But what it really does is spread malware by way of WhatsApp autoreply. 

 

Fake Netflix App Luring Android Users

 


FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

Fortinet FortiOS is an operating system at the heart of the Fortinet software designed to improve security. But it has vulnerabilities classes as severe. These are being actively exploited to the point where both the FBI and CISA issues a joint warning to companies and government agencies using Fortinet FortiOS. If you use this software immediately install the patches designed to close the vulnerabilities.  

 

FBI and CISA warn of active exploit of fortinet fortios vulnerabilities


LinkedIn Phishing Ramps Up With More-Targeted Attacks

Sadly, cyber criminals are taking advantage or people already suffering from being out of work. They advertise fake jobs that lure in the users with position titles taken from their LinkedIn profiles. The idea is to get people to click a link that then downloads malware to their computer. 

Linkedin-phishing-ramps-up-with-more-targeted-attacks


Make Sure Security Keeps Pace with IT

The pandemic significantly sped up a number of IT trends such as moving to the cloud and work from home. While these shifts had already begun in many companies, the pandemic shortened the time frame. With changes this massive come risks and mistakes. Make sure everything is reviewed for proper cyber security or pay the price. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Make%20Sure%20Security%20Keeps%20Pace%20With%20IT%20v1%202021-04-02.pdf

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Researchers Discover Two Dozen Malicious Chrome Extensions

The Chrome browser from Google is one of the most popular web browsers. Now browser extensions that deliver adware, redirect users to sites that download malware, or capture your credentials have been found in use. The extensions are not being blocked or flagged by security software. 

 

https://www.darkreading.com/vulnerabilities---threats/researchers-discover-two-dozen-malicious-chrome-extensions/d/d-id/1340482?fbclid=IwAR0qB0PZ_0MXhlbd_dLvnDOw9kV8jZc0RcpjzL_jU60N2pJDo_LpdV8P98A

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


College Students Targeted in Newest IRS Scam

A report issued by the Internal Revenue Service disclosed that emails purporting to be from the IRS are targeting .edu email addresses. Like any phishing email they ask you to click a link to get more information on a tax refund or recalculation of your taxes. 

 

https://www.darkreading.com/vulnerabilities---threats/college-students-targeted-in-newest-irs-scam/d/d-id/1340558?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Whistleblower: Ubiquiti Breach “Catastrophic”

Ubiquiti is one of the larger players in the Internet of Things, IoT, market selling routers, cameras, and other devices. Recently Ubiquiti reported that they experienced a breach through a compromised third-party cloud provider. A source within the company went public saying that the breach was not through a third-party cloud provider and that it was far more significant than reported. 

 

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack

The SolarWinds Orion attack has been well publicized for its skillful penetration of the software distribution process. Now researchers are finding a second SolarWinds attack named Supernova. This one has not caused the damage that the Orion attack did. But its important to know about anyway. 

 

https://www.darkreading.com/attacks-breaches/what-we-know-(and-dont-know)-so-far-about-the-supernova-solarwinds-attack-/d/d-id/1340513?_mc=NL_DR_EDT_DR_daily_20210331&cid=NL_DR_EDT_DR_daily_20210331&elq_mid=102995&elq_cid=34773767 

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Cyber Breach Responsibility

Too many firms are not taking cyber security seriously and are failing to implement the proper precautions to protect private information. Theft of private information is big business for cyber criminals and can result in identify theft, charges to credit cards, or medical identity theft. The firms may be able to afford the stricter fines being imposed by regulators, but will they survive a loss of trust by their customers/clients/patients for not properly protecting private information?

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Cyber%20Breach%20Responsibility%20v2%202021-03-26.pdf

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Nearly Half of Popular Android Apps Built With High-Risk Components

The use of open-source software has helped many companies. But some of the components haven’t been updated and contain at least one high-risk vulnerability. Some also ask for more permissions than they need which also creates risk. 

 

https://www.darkreading.com/application-security/nearly-half-of-popular-android-apps-built-with-high-risk-components/d/d-id/1340522?fbclid=IwAR0sPk7c2zwhjuwlC2SUWD4HTjgFoa9wQqEMwhU8bB2DwRNY2b8zyGleUuc

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Three billion phishing emails are sent every day. But one change could make life much harder for scammers

Phishing emails are a favorite tool of cybercriminals because they work. People click on the links and wind up sharing personal information or downloading malware or both. There is a way to reduce the number of phishing emails that allows only authorized users to send emails from a domain. This would reduce the number of phishing emails and improve protections. 

 

https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/?ftag=TREc64629f&bhid=29017885593246285133005340243949&mid=13309641&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Purple Fox malware evolves to propagate across Windows machines

Purple Fox is a malware variant that has been around since 2018. But it has returned with new capabilities that make it more dangerous. It can now scan ports on other machines and look for weaknesses in server message blocks. These new attributes allow it to spread quickly. 

 

https://www.zdnet.com/article/purple-fox-malware-evolves-to-propagate-across-windows-machines/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=13310614&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


This company was hit by ransomware. Here's what they did next, and why they didn't pay up

When hit by ransomware many firms struggle with whether to pay the ransom or not. Here is the story of a company that chose not to pay and survived. 

 

https://www.zdnet.com/article/this-company-was-hit-with-ransomware-heres-what-they-did-next-and-why-they-didnt-pay-up/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=13311355&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.