Insights

Smishing – The New Phishing

Phishing has been very profitable for cyber criminals with enough people becoming a victim. As more people get wise to these scams, cybercriminals are turning to Smishing, the use of text and SMS messages to the same end. 

 

Cybercriminals Turn to Smishing to Continue Evil Campaigns


New Techniques Emerge for Abusing Windows Services to Gain System Control

An old feature of Window originally designed to improve security is being exploited to elevate privileges. Using this exploit privileges are being elevated to full system level giving cybercriminals full control.    

 

Old Feature of Windows to Improve Security Now Being Exploited


Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Five high severity vulnerabilities in Dell notebooks, laptops and tablets have been discovered that have existed since 2009. Once access is gained by any means, these vulnerabilities allow privilege escalation to access anything on the system including the kernel. 

 

Vulnerabilities in Dell Systems Allow Privilege Escalation


Malicious Office 365 Apps Are the Ultimate Insiders

Cybercriminals have found a way to exploit Microsoft Office 365 by getting users to go to their company’s email login page and then install a harmless looking app that gives the cybercriminals full access the users files and emails without the need for a password. It also allows the installation of other malware. 

 

Attackers Gain Password Free Access to Office 365


Fighting Ransomware: A Call for Cryptocurrency Regulation

Ransomware has become a global scourge causing major disruption to businesses, hospitals, police departments, and local governments. Collaboration between government agencies and security firms produced 48 recommendations for combating ransomware. 

 

Government Agencies and Security Firms Unite to Fight Ransomware


Are Cloud Providers Safe

The move to the cloud occurred quickly last year and helped many companies adapt to Work from Home. But we also saw a number of breaches of cloud providers. So many wonder if cloud providers are safe. This Insight looks at what is necessary to be safe.  

Are Cloud Providers Safe


Apple Patches Serious MacOS Security Flaw

A grave security issue was discovered in macOS 11.3, the newly released version of the Apple desktop operating system. If exploited, it would allow attackers to avoid the Apple software protects against untrusted software from being installed on the device. This patch closes that hole and should be installed immediately. 

 

macOS Vulnerability Patched


Linux kernel vulnerability exposes stack memory, causes data leaks

Linux is used by many companies as a server operating system. A newly discovered problem allows attackers to force Linux to “leak” data and could also serve as an entry point to more serious compromises of the operating system. 

 

Linux Vulnerability Discovered


How to Secure Employees' Home Wi-Fi Networks

The pandemic caused offices and other places of work to close. Work from Home, WFH, because the answer as countless workers shifted from working in offices to working at home. But it also meant home and personal devices were being used for business. Home WiFi became a serious security risk. This article tells how to secure it. 

 

Tips to Secure Home WiFi

 


FBI, CISA Warn of Ongoing Russian Cyberthreats

In a joint statement, the FBI and Cybersecurity and Infrastructure Security Agency, CISA, alerted businesses, government agencies, and non-profits that the Russian group believed responsible for the SolarWinds attack will continue to attack to steal information and cause disruptions. 

FBI and CISA Issue Joint Warning


Cyber Threats Affect Everything

The recent cyber compromises of SolarWinds and other vendors show that software distributions that were considered safe can no longer be. Scanning and checking everything is necessary. Equally important is training everyone as cyber security is everyone’s job. 

 

Software Distributions and Updates No Longer Can Be Assumed Safe


Security Gaps in IoT Access Control Threaten Devices and Users

IoT vendors create their own clouds and manage access to devices through them. The issue is that the clouds talk to each other to make things easier for users. For example, the Google Home app can be used to control devices from different vendors. Researchers discovered a few security issues with how these clouds communicate that could allow an unauthorized user to gain access. 

 

More IoT Vulnerabilities Discovered


Google issues Chrome update patching seven security vulnerabilities

The Chrome update released by Google closed 7 vulnerabilities some of which have been actively exploited by cybercriminals.  

 

Chrome Vulnerabilities Closed


Attackers Compromised Code-Checking Vendor's Tool for Two Months

This is another supply chain compromise similar to the SolarWinds exploit that was in the news a few months ago. This one was of Codecov, a vendor whose products are used by many companies to check their software code. The exploit sent sensitive information about the client company to the cyber criminals. The attack developer is not known at this time. 

 

Another Successful Supply Chain Compromise


Hackers Use Prometei Botnet to Attack Microsoft Exchange Users

Botnets have been around for years. In a newly discovered attack, the Prometei botnet is being used to exploit vulnerabilities in Microsoft Exchange servers to steal credentials and other nefarious activities.  

 

BotNet used in Microsoft Exchange Attack