For many companies risk assessment has not had a prominent role in cybersecurity assessments leading to improper allocation of cybersecurity funding and staff. This has left the company ill prepared for true cost of breaches and restoration of services, applications, and company reputation.
The new spyware is designed to be better at hiding from protective software and more persistent in its ability to stay on the phone. When it gets installed it requests permissions that give it control over aspects of the phone.
Safety of gifts has been a concern for many years, especially gifts for children. Now there is a new concern for everyone and that is what is the gift learning about you and who is it sharing that information with. As toys and devices become “smarter” they learn more about us. Convenient, probably, but what are the risks?
Many are familiar with phishing attacks that use emails that entice us to click links that download malware or steal personal information. The new scams use SMS or text messages for the same purpose.
Printers have long been considered as not needing much security but they have also been recognized as easy targets for cybercriminals yielding access to the company network.
Business and IT alignment has been an ongoing issue. But, when it comes to cybersecurity, the differences between the business and IT have a serious impact on business risk and the cost of breaches.
Scammers are now combining Smishing and Phishing in a new way to steal your information. A text arrives from your bank asking about suspected fraud. There is no link to click as in most smishing, simply a question, did you authorize this transfer, reply yes or no. Seems fine. A reply is immediately followed by a phone call purporting to be the bank fraud department who has to verify you are the account owner by asking questions about personal information.
The latest Microsoft update fixes 55 vulnerabilities in a number of products including six zero-days with some being actively exploited.
Emotet was a major attack method that many thought had been conquered. But it has come back because it is way more than a attack method. It is a framework for attacks that gets used to deliver different types of malware.
While rather technical, this article can provide some good protection techniques against a malicious type of attack.
So many tools and training companies all claiming to offer protection. Yet new breaches keep occurring. What is missing?
WordPress is one of the most popular tools for websites. A recently discovered bug in a plugin exposed the REST-API on more than 1 million websites. This is considered a high severity bug. Fortunately it has now been patched. Be sure to install the patch.
CISA, the US Cybersecurity and Infrastructure Security Agency (CISA) released new guidelines for federal agencies on how quickly they must install patches for
bugs being actively exploited. This directive only applies to federal agencies but
all companies should consider it good advice.
No one wants to be in trouble. That is the trick in a new spear phishing campaign directed at customer service staff. Emails are sent to staff showing a serious complaint supposedly filed against you by a customer. A link is provided to view the complaint. It also tells you to call the sender who appears to be a more senior employee within a short time frame. People are afraid and click the link sending information to the cybercriminals.
While only the House of Representatives has passed this so far, it is a first step in helping small businesses which are the target of at least 50% of attacks to better protect themselves.
US House passes bill to help Small Business with Cybersecurity