Ransomware Can Be Fatal To Small Business

Ransomware attacks often make the news especially if it is large company that is attacked. However, small companies are frequent targets because they have fewer cybersecurity resources and are more likely to pay the ransom. This Insight provides guidance on how to protect against successful ransomware attacks.


Small businesses are prime ransomware targets

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

New Zero-Days have been found on multiple Apple platforms. These are serious vulnerabilities and should be patched as soon as possible. 



New Zero-Days mean patch ASAP


FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service

Snatch malware forces Windows systems to reboot into Safe mode. That prevents any antimalware services from running on the system allowing Snatch to encrypt files unimpeded. 


Reboot to Safe mode prevents detection

MGM Restores Casino Operations 10 Days After Cyberattack

It took MGM 10 days to resume operations after a cyberattack. How many companies can survive for 10 days without income, not being able to sell anything, bill anything or in any way do business? 


10 days to recover from ransomware attack

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Cybercriminals created a fake Proof of Concept, PoC, of a vulnerability and released it to researchers. Sounds very considerate except the PoC contained malware that it loaded onto the researcher’s systems. 


Fake news contains malware

SEC Requires Cyber Expertise

The SEC has mandated cyber expertise on company Boards of Directors and at senior management level. What does this mean practically? What degree of expertise is needed and how do you prove this to the SEC. This Insight provides answers to these questions. 


SEC new cyber expertise requirements

When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'

Cyberattackers are using two types of ransomware to infect target companies. If the first one is foiled or just doesn’t work, the second one triggers at 3 AM when there is probably less oversight on the systems. 


Two ransomware strains at once

NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware

First cybercriminals used ransomware to encrypt your information to extract a payment. Then they exported your data first before encrypting it, threatening to release it publicly if the ransom isn’t paid. Now, they some cybercriminals aren’t bothering to encrypt the data at all but are just stealing the data and threatening to release it if you don’t pay them. 


Ransomware no longer needed for extortion

Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

HDInsight, the Microsoft’s service for managing big data analytics has received at least 8 patches. This follows concern about Microsoft’s security practices for its cloud services. 


More Microsoft security issues

'Scattered Spider' Behind MGM Cyberattack, Targets Casinos

A cyber criminal group called “Scattered Spider” is claiming responsibility for the ransomware attacks on casinos. They are believed to be a US and UK based group using social engineering to penetrate companies. They claim it took only 10 minutes to socially engineer the credentials needed for the attack. They have been paid in the tens of millions of dollars to decrypt the information. 


Social Engineering causes big damage

Protecting Against Deepfakes

Deepfakes are getting easier to create and very believable. Learn what they can do, how cybercriminals may use them and what you can do to protect yourself and your company.  


Deepfakes harder to spot

Microsoft IDs Security Gaps that Let Threat Actors Steal Signing Key

Cybercriminals used vulnerabilities that allowed them to breach email accounts from users. This has been traced to errors by Microsoft. 


Microsoft signing keys stolen

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

A Zero day flaw has been found affecting Apple iPhones, iPads, macOS and watches. Be sure to install the patch quickly. 


Serious Apple Zero day - patch now

AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses

AtlasVPN is a freemium VPN owned by NordVPN. It has a large user base and that is one reason cybercriminals target it. Now a vulnerability has been found that allows cybercriminals to get the IP address of users and disconnect them. Since the intent of a VPN is to mask users’ IP address, this is a serious flaw.  


VPN security breached

Google's Souped-up Chrome Store Review Process Foiled by Data-Stealer

Google implemented the Manifest v3 security standard by cybercriminals have still found a way to get malicious extensions past the security. Be careful before installing extensions even if they are in the Google Chrome store.


Chrome store protections avoided