Breaches are becoming all too common. But how you communicate to clients, patients, employees, suppliers and other affected parties will affect their view of you. Learn what to do and not do to improve your changes of surviving or even thriving after the breach.
Pwn2Own is a white hat hacking event meaning it is done to uncover bugs and vulnerabilities and share them with the companies, not exploit them for harm or damage. In this year’s virtual event researchers were able to find ways to penetrate Microsoft Teams to execute code. And then were able to show how bugs in the Zoom client would allow a hacker to take complete control of the machine.
Zoom joins Microsoft Teams On List Of Enterprise Tools Hacked at pwn2own
An app on the Google Android Play store masquerades as being able to allow people to watch Netflix for free. But what it really does is spread malware by way of WhatsApp autoreply.
Fake Netflix App Luring Android Users
Fortinet FortiOS is an operating system at the heart of the Fortinet software designed to improve security. But it has vulnerabilities classes as severe. These are being actively exploited to the point where both the FBI and CISA issues a joint warning to companies and government agencies using Fortinet FortiOS. If you use this software immediately install the patches designed to close the vulnerabilities.
FBI and CISA warn of active exploit of fortinet fortios vulnerabilities
Sadly, cyber criminals are taking advantage or people already suffering from being out of work. They advertise fake jobs that lure in the users with position titles taken from their LinkedIn profiles. The idea is to get people to click a link that then downloads malware to their computer.
The pandemic significantly sped up a number of IT trends such as moving to the cloud and work from home. While these shifts had already begun in many companies, the pandemic shortened the time frame. With changes this massive come risks and mistakes. Make sure everything is reviewed for proper cyber security or pay the price.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
The Chrome browser from Google is one of the most popular web browsers. Now browser extensions that deliver adware, redirect users to sites that download malware, or capture your credentials have been found in use. The extensions are not being blocked or flagged by security software.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
A report issued by the Internal Revenue Service disclosed that emails purporting to be from the IRS are targeting .edu email addresses. Like any phishing email they ask you to click a link to get more information on a tax refund or recalculation of your taxes.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
Ubiquiti is one of the larger players in the Internet of Things, IoT, market selling routers, cameras, and other devices. Recently Ubiquiti reported that they experienced a breach through a compromised third-party cloud provider. A source within the company went public saying that the breach was not through a third-party cloud provider and that it was far more significant than reported.
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
The SolarWinds Orion attack has been well publicized for its skillful penetration of the software distribution process. Now researchers are finding a second SolarWinds attack named Supernova. This one has not caused the damage that the Orion attack did. But its important to know about anyway.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
Too many firms are not taking cyber security seriously and are failing to implement the proper precautions to protect private information. Theft of private information is big business for cyber criminals and can result in identify theft, charges to credit cards, or medical identity theft. The firms may be able to afford the stricter fines being imposed by regulators, but will they survive a loss of trust by their customers/clients/patients for not properly protecting private information?
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
The use of open-source software has helped many companies. But some of the components haven’t been updated and contain at least one high-risk vulnerability. Some also ask for more permissions than they need which also creates risk.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
Phishing emails are a favorite tool of cybercriminals because they work. People click on the links and wind up sharing personal information or downloading malware or both. There is a way to reduce the number of phishing emails that allows only authorized users to send emails from a domain. This would reduce the number of phishing emails and improve protections.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
Purple Fox is a malware variant that has been around since 2018. But it has returned with new capabilities that make it more dangerous. It can now scan ports on other machines and look for weaknesses in server message blocks. These new attributes allow it to spread quickly.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
When hit by ransomware many firms struggle with whether to pay the ransom or not. Here is the story of a company that chose not to pay and survived.
If clicking the link does not take you to the proper page, copy and paste the link into your browser.