Insights

Connected Medical Devices – Friend or Foe

Medical devices are now part of the Internet of Things, IoT. And this includes a wide range from devices in hospitals to the new wearables. But with the benefits come some risks. This original Insight explains the pros and cons. 

 

https://apscdn.nyc3.digitaloceanspaces.com/resources/pdf/insights/Connected%20Medical%20Devices%20-%20Friend%20or%20Foe_%20v2%202020-09-24.pdf

  

If clicking the link does not take you to the proper page, copy and paste the link into your browser. 


iPhone 12 scam pretends to be Apple “chatbot” – don’t fall for it!

Smishing is the use of SMS, Short Message Service, commonly called text messages, for phishing schemes. In a new smishing scam, an SMS message is sent that appears to be from Apple but for someone else saying that they have an opportunity to win a new iPhone 12. Web links in text messages are shortened so it is not as easy to see that they are going to bogus sites. This link shows how to detect fake messages. 

 

https://nakedsecurity.sophos.com/2020/09/24/sms-phishing-scam-pretends-to-be-apple-chatbot-dont-fall-for-it/?fbclid=IwAR27V8yrBtIheRAdSyF_vKo8BRUQoFOZe24BJPusa-mM4vZq6LKGS_lqK60

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Remote Work Exacerbating Data Sprawl

The pandemic has accelerated the shift to working from home for many people. And with that comes the added risk of people working on personal computers or keeping files on the computer at home rather than storing the files on secure servers. Another risk is that files with company confidential or protected information are being sent over unsecured email or networks endangering the information and the company. 

 

https://www.darkreading.com/risk/remote-work-exacerbating-data-sprawl/d/d-id/1338979

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Hacking Group Used Malware to Bypass 2FA on Android Devices

An Iranian hacking group has developed malware for Android devices that bypasses 2FA, two-factor authentication. Presently researchers have only found it being used against Iranian dissidents. However, once the malware has been developed, it can easily be used by other hacking groups or against other targets. 

 

https://www.bankinfosecurity.com/hacking-group-used-malware-to-bypass-2fa-on-android-devices-a-15026?rf=2020-09-22_ENEWS_SUB_BIS__Slot3_ART15026&mkt_tok=eyJpIjoiWkRFd1pUZ3hZekpoT0dNMCIsInQiOiJkZDY4WWt3N0lCOWdsNVYwYXFnUU5KRGVIcjZYdjVXT0pXQ1J3Sm13b3pjclIwb2ZDa2NSSWhqODFWemVBOXhmejl1OEQxNURQa205RTcwVnFieUIyVjkrSU5Fd094RWdndlNLSnJ1WlYzcURUNTY0dVZcL2dGaXF1dTZJNnp4YmkifQ%3D%3D

 

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Permission Management & the Goldilocks Conundrum

Managing access to applications and data is always a balancing act. Providing enough access so people can do their jobs on one side and, limiting access so that people who don’t need access to certain data do not have it to maintain security and integrity of the data. 

 

This article discusses the issue and how the pandemic has made it worse. 

 

https://www.darkreading.com/risk/permission-management-and-the-goldilocks-conundrum/a/d-id/1338905?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


The Other Covid-19 Pandemic

Covid-19 has produced a cyber security pandemic. Thousands of sites claim Covid-19 information but are really scams to download malware or steal credentials. The desire for information about Covid-19 has made many forget their cyber security precautions and click on links they would not click under other circumstances. The result is a pandemic of stolen credentials and private information. 

 

https://apscdn.nyc3.digitaloceanspaces.com/resources/pdf/insights/The%20Other%20Covid-19%20Pandemic.pdf

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs

Small and medium businesses have turned to MSPs, Managed Service Providers, as one stop shops from their IT needs. And in many cases the MSPs have provided good service and simplified the lives of SMEs by knowing what is needed and offering it in packages. But the fact that the MSPs have the information from multiple companies has not escaped the eyes of cyber criminals who are targeting the MSPs as a single door to information from multiple companies. 

 

 

https://www.darkreading.com/vulnerabilities---threats/managed-it-providers-the-cyber-threat-actors-gateway-to-smbs/a/d-id/1338804

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels

Perimeter security is widely implemented but this article explains why it is insufficient to protect business critical applications. The move to ERP, SCM, and CRM applications combined with the move to the cloud put the most critical company information at risk. And the typical ways data has been protected are not sufficient to protect them. 

 

 

https://www.darkreading.com/cloud/8-reasons-perimeter-security-alone-wont-protect-your-crown-jewels/a/d-id/1338878?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Zerologon attack lets hackers take over enterprise networks: Patch now

A severity 10, the most severe, compromise was patched by Microsoft last month with little fanfare. The compromise was so serious it was reported to Microsoft but not publicized. The compromise allowed takeover of Windows Servers functioning as domain controllers. 

 

Be sure to update all your serviers with the August patches. 

 

https://www.zdnet.com/article/zerologon-attack-lets-hackers-take-over-enterprise-networks/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=13052006&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Coffee machines, cuddly toys and cars: The Internet of Things devices which could put you at risk from hackers

The Internet of Things is proliferating. Yet many of these devices have little to no security. Some don’t even have passwords. To make matters worse, people are connecting their own IoT devices to company networks because they like the device and it may help them. And they rarely get permission from IT before connecting jeopardizing corporate assets. 

 

 https://www.zdnet.com/article/coffee-machines-cuddly-toys-and-cars-the-internet-of-things-devices-which-could-put-you-at-risk-from-hackers/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=13052006&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.