Covid-19 Implications for Risk Management

Covid-19 has impacted almost every facet of life including risk management. Learn how it made IT risk management more complicated and some suggested approaches to it. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Covid-19%20Implications%20for%20Risk%20Management%20v4%202021-02-25.pdf  

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Thousands of VMware Servers Exposed to Critical RCE Bug

VMware is a popular virtual machine software company. A bug was recently discovered that rated 9.8 out of 10 in severity. It is important to install the fix as soon as possible to prevent a serious compromise to your systems.  

 

https://www.darkreading.com/threat-intelligence/thousands-of-vmware-servers-exposed-to-critical-rce-bug/d/d-id/1340255?fbclid=IwAR3dVU8trsSMadUud9bwtqSIx1ZPVmxEEK96FXdwM79qAnfpoDZ3QO7eufs

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Negotiations during a Ransomware Attack: a Perspective from 2 professional Hostage Negotiators

Ransomware infections have been likened to a hostage situation. Both demand ransoms for the valuable hostages they hold; in one case people and in the other data. Two hostage negotiators who also work with victims of ransomware discuss how to work with the attackers. 

 

https://www.seco-institute.org/negotiations-during-a-ransomware-attack-a-perspective-from-2-professional-hostage-negotiators/

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Botnet Uses Blockchain to Obfuscate Backup Command & Control Information

Blockchain is a technology for creating a trusted and enduring means of storing and using data. The blockchain creates multiple copies of important data stored in different places on different machines. Now a botnet has begun using blockchain to prevent it from being taken down by law enforcement.

 

https://www.darkreading.com/vulnerabilities---threats/botnet-uses-blockchain-to-obfuscate-backup-command-and-control-information/d/d-id/1340240?fbclid=IwAR1rzvBjmVFp47m8twKxh4neeIcFrZ15got4rR5vwV9Y759dgulnJTbCtVQ

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


These hackers sell network logins to the highest bidder. And ransomware gangs are buying

In the past, hackers stole login and other credentials and used them to steal more valuable information or sold them on the dark web. Now, they are getting more creative and auctioning the credentials in order to increase their earnings. 

 

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=13278501&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Debt Collectors May Soon Contact You By Text and Social Media. Here’s What You Should Know

Starting in November 2021, debt collectors will have text and social media as ways to contact people. This provides cyber criminals with powerful new phishing topics. It’s important to understand what they can do, and more important to know what you should and shouldn’t do to stay safe. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Debt%20Collectors%20%20v1%20%202021-02-19.pdf 


Ransomware Attackers Set Their Sights on SaaS

Ransomware has been growing by leaps and bounds as a successful tool for cyber criminals. It creates major disruptions for victims and is quickly monetized. Now instead of going after individual companies, the attackers are going after applications used by multiple clients. This significantly enlarges the number of victims with each successful attack. 

 

https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147?fbclid=IwAR2VUAMeHbzuyGpWtlZRvAsp_iyfE-XrKFt7bGeTY_CmrHsG-q00HhIKOHk  

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Pop up ads are annoying at best and often the channel for damage or theft of our information. This article details the way “ScamClub” exploited an iPhone bug to pop up the ads that appeared innocent but stole information or in a more elaborate scheme took our money with promises of big payouts. 

 

https://nakedsecurity.sophos.com/2021/02/17/scamclub-gang-outed-for-exploiting-iphone-browser-bug-to-spew-ads/?fbclid=IwAR1qwi2czd9boR-ynGTBC0ojmVWIVaylDY-GxclXIxiXyfMKHd6qUGU1eC0

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools

Microsoft 365 is one of the most widely used applications in the world. As we saw with the recent SolarWinds attack, the focus of attacks has moved to applications from individual companies. Research shows that communication between Microsoft applications can bypass security precautions and provide an avenue for attackers. 

 

https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365s-power-automate-and-ediscovery-tools-/a/d-id/1340014?fbclid=IwAR1zJ9x88awPCCqbRRYdsvLFbcu_eD1wyCfB_N8xatQTeINvtY9Y9uHoY74

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Compromised Credentials Show That Abuse Happens in Multiple Phases

The theft of user credentials has long been known as a tool for cyber criminals to gain access to a company network and resources. But recent research shows that before the attacks we see, the cyber criminals have been doing damage but in a more covert way. Then when they have capitalized on the stolen credentials for themselves, they begin to make the stolen credentials available to other cyber criminals. 

 

 

https://www.darkreading.com/attacks-breaches/compromised-credentials-show-that-abuse-happens-in-multiple-phases/d/d-id/1340179?_mc=NL_DR_EDT_DR_daily_20210217&cid=NL_DR_EDT_DR_daily_20210217&elq_mid=102170&elq_cid=34773767

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Covid and Phishing

The Covid -19 pandemic has been a nightmare for much of the world. But it has been a benefit to the cyber criminal community by providing phishing subject lines that got people to click at an alarming rate. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Covid%20and%20Phishing%20v1%20%202021-02-12.pdf

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Android App Infects Millions of Devices With a Single Update

A popular Android app called Barcode Scanner was compromised and delivered malware to the approximately 10 million people who downloaded or update the app. 

 

https://www.darkreading.com/application-security/android-app-infects-millions-of-devices-with-a-single-update/d/d-id/1340093?fbclid=IwAR2AhA7sCS2z2pYouIvdi0AjEdzKgzLvvGwV_-KtYeNxm9ETyKGtnGT6QK0

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Unemployment Fraud: As If Being Out of Work Wasn't Bad Enough

Using stolen identities cyber criminals are registering for unemployment benefits. The current estimate is that Covid-19 employment fraud cost the government over $36 billion in 2020. And if it is your identity that was stolen you would not be able to get the unemployment benefits you may be entitled to. 

 

https://www.darkreading.com/edge/theedge/unemployment-fraud-as-if-being-out-of-work-wasnt-bad-enough/b/d-id/1340088?fbclid=IwAR2Mx_NO24nnnvaElglyLRH9sy113DCSHMrHOp4uXiL5u_idZ4UXnPC7dcg

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Over 400 Valentine’s Day-Themed Phishing Campaigns Spotted Weekly

The approaching Valentine’s Day has given cyber criminals a topic of high interest. Jewelry, flowers, candy, other gifts are all topics that catch people’s eye and interest. And that gets them to click the malicious links. 

 

https://www.cxotoday.com/security/over-400-valentines-day-themed-phishing-campaigns-spotted-weekly/

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

Ransomware attacks can be devastating especially to small and medium companies. Being out of business until the systems are restored is costly, as is paying the ransom. But one company, and there probably are many more, that failed to determine how their systems were compromised. So the attackers returned and the company had to pay another ransom. 

 

https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/?ftag=TRE6a12a91&bhid=29017885593246285133005340243949&mid=13258092&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.