User Privileges – A Significant Risk
Published Apr 16 2021 2:43 PM
Each user needs privileges to access what they need to do their job, access to applications and data. But granting privileges the wrong way can lead to significant vulnerabilities.
User Privileges – A Significant Risk
Nation-State Attacks Force a New Paradigm: Patching as Incident Response
Published Apr 16 2021 2:41 PM
The pace of attacks and the seriousness of the attacks is causing a major upheaval in patching. IT teams typically performed extensive testing before releasing a new patched version of software to users. But now the approach is changing to patch quickly an get it to users before the vulnerability can be exploited.
Nation state attacks force a new paradigm - patching as incident response
Software Developer Arrested in Computer Sabotage Case
Published Apr 16 2021 2:40 PM
We have heard for years about insider threats where employees caused damage. In this case the person was a developer causing a server to crash and installing malware on the server and after being fired caused other types of damage.
Software developer arrested in computer sabotage case
Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4
Published Apr 16 2021 2:38 PM
The number of attacks increased during 2020 due to the effects of COVID-19 on teams and the shift to Work From Home. PowerShell attacks increased 208% and Office 365 attacks increased 199% during the fourth quarter of 2020.
Malicious powershell use attacks on office 365 accounts surged in q4
Modern Bank Heists: Attackers Go Beyond Account Takeover
Published Apr 16 2021 2:36 PM
Account takeover is no longer the key attack criteria it was. Now it has expanded to the non-public market information held by brokerages. This and other trends are discussed in this report.
Modern bank heists attackers go beyond account takeover
Being Breached Is Only Part of the Problem
Published Apr 9 2021 4:14 PM
Breaches are becoming all too common. But how you communicate to clients, patients, employees, suppliers and other affected parties will affect their view of you. Learn what to do and not do to improve your changes of surviving or even thriving after the breach.
Being Breached is Only Part of the Problem
Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own
Published Apr 9 2021 4:04 PM
Pwn2Own is a white hat hacking event meaning it is done to uncover bugs and vulnerabilities and share them with the companies, not exploit them for harm or damage. In this year’s virtual event researchers were able to find ways to penetrate Microsoft Teams to execute code. And then were able to show how bugs in the Zoom client would allow a hacker to take complete control of the machine.
Zoom joins Microsoft Teams On List Of Enterprise Tools Hacked at pwn2own
Fake Netflix App Luring Android Users to Malware
Published Apr 9 2021 4:03 PM
An app on the Google Android Play store masquerades as being able to allow people to watch Netflix for free. But what it really does is spread malware by way of WhatsApp autoreply.
Fake Netflix App Luring Android Users
FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited
Published Apr 9 2021 4:01 PM
Fortinet FortiOS is an operating system at the heart of the Fortinet software designed to improve security. But it has vulnerabilities classes as severe. These are being actively exploited to the point where both the FBI and CISA issues a joint warning to companies and government agencies using Fortinet FortiOS. If you use this software immediately install the patches designed to close the vulnerabilities.
FBI and CISA warn of active exploit of fortinet fortios vulnerabilities
LinkedIn Phishing Ramps Up With More-Targeted Attacks
Published Apr 9 2021 3:58 PM
Sadly, cyber criminals are taking advantage or people already suffering from being out of work. They advertise fake jobs that lure in the users with position titles taken from their LinkedIn profiles. The idea is to get people to click a link that then downloads malware to their computer.
Linkedin-phishing-ramps-up-with-more-targeted-attacks
Make Sure Security Keeps Pace with IT
Published Apr 2 2021 3:08 PM
The pandemic significantly sped up a number of IT trends such as moving to the cloud and work from home. While these shifts had already begun in many companies, the pandemic shortened the time frame. With changes this massive come risks and mistakes. Make sure everything is reviewed for proper cyber security or pay the price.
https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Make%20Sure%20Security%20Keeps%20Pace%20With%20IT%20v1%202021-04-02.pdf
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
Researchers Discover Two Dozen Malicious Chrome Extensions
Published Apr 2 2021 3:07 PM
The Chrome browser from Google is one of the most popular web browsers. Now browser extensions that deliver adware, redirect users to sites that download malware, or capture your credentials have been found in use. The extensions are not being blocked or flagged by security software.
https://www.darkreading.com/vulnerabilities---threats/researchers-discover-two-dozen-malicious-chrome-extensions/d/d-id/1340482?fbclid=IwAR0qB0PZ_0MXhlbd_dLvnDOw9kV8jZc0RcpjzL_jU60N2pJDo_LpdV8P98A
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
College Students Targeted in Newest IRS Scam
Published Apr 2 2021 3:07 PM
A report issued by the Internal Revenue Service disclosed that emails purporting to be from the IRS are targeting .edu email addresses. Like any phishing email they ask you to click a link to get more information on a tax refund or recalculation of your taxes.
https://www.darkreading.com/vulnerabilities---threats/college-students-targeted-in-newest-irs-scam/d/d-id/1340558?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
Whistleblower: Ubiquiti Breach “Catastrophic”
Published Apr 2 2021 3:06 PM
Ubiquiti is one of the larger players in the Internet of Things, IoT, market selling routers, cameras, and other devices. Recently Ubiquiti reported that they experienced a breach through a compromised third-party cloud provider. A source within the company went public saying that the breach was not through a third-party cloud provider and that it was far more significant than reported.
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
If clicking the link does not take you to the proper page, copy and paste the link into your browser.
What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack
Published Apr 2 2021 3:05 PM
The SolarWinds Orion attack has been well publicized for its skillful penetration of the software distribution process. Now researchers are finding a second SolarWinds attack named Supernova. This one has not caused the damage that the Orion attack did. But its important to know about anyway.
https://www.darkreading.com/attacks-breaches/what-we-know-(and-dont-know)-so-far-about-the-supernova-solarwinds-attack-/d/d-id/1340513?_mc=NL_DR_EDT_DR_daily_20210331&cid=NL_DR_EDT_DR_daily_20210331&elq_mid=102995&elq_cid=34773767
If clicking the link does not take you to the proper page, copy and paste the link into your browser.