Cyber insurance is still necessary, but coverage is expected to change. AXA will no longer cover ransomware payments for companies in France. This trend is expected to spread. 

Cyber Insurance getting more restricted

A vulnerability in Fancy Product Designer, a WordPress plugin installed on over 17,000 websites has been discovered and is being actively exploited. 

WordPress plugin being exploited

A new backdoor has been discovered in Windows systems. It collects live data from the compromised system. This malware has been broken down into parts that individually appear harmless making it difficult to detect. 

New Windows backdoor discovered

From the good news department, researchers developed a computer processor that changes its architecture on the hopes of foiling many types of attacks.

New Architecture Morphs to defeat hacking

Nantucket and Martha’s Vineyard are two islands off the coast of Massachusetts that are major tourist spots. This attack is designed to coincide with the start of the tourist season, a major source of income to the islands. 

Ransomware hits tourist ferry service

Everyone has at least one tool on their computer. Yet breaches continue. Why? Cyber protective tools are necessary but are only one part of a holistic cyber protection plan. 

Tools alone are not the answer

Many companies are using old software with major vulnerabilities. Companies may keep systems facing the internet up to date, but internal systems are something else. A recent survey showed outdated protocols in use at 9 out of 10 companies. 

Out-of-date internal protocols aid cybercriminals

The move to the cloud was accelerated by the pandemic as way to cope with changing workloads, more remote users and other changes. It did help in many ways. In that rush cyber protections were missed resulting in breaches or information left visible without the need for a breach.   

Multi-Cloud environments add to cyber vulnerabilities

The rapid transition to the cloud due to the pandemic imposed Work from Home shift gave rise to another major shift; cybercriminals’ focus on remote workers and their additional vulnerabilities. 

Remote Workers Targeted by Cybercriminals

Companies of all sizes are vulnerable to ransomware. The $40 million ransom shows the size of the ransom gets bigger as the victim size gets bigger. 

CNA Pays $40 Million Ransom

Phishing has been very profitable for cyber criminals with enough people becoming a victim. As more people get wise to these scams, cybercriminals are turning to Smishing, the use of text and SMS messages to the same end. 

Cybercriminals Turn to Smishing to Continue Evil Campaigns

An old feature of Window originally designed to improve security is being exploited to elevate privileges. Using this exploit privileges are being elevated to full system level giving cybercriminals full control.    

Old Feature of Windows to Improve Security Now Being Exploited

Five high severity vulnerabilities in Dell notebooks, laptops and tablets have been discovered that have existed since 2009. Once access is gained by any means, these vulnerabilities allow privilege escalation to access anything on the system including the kernel. 

Vulnerabilities in Dell Systems Allow Privilege Escalation

Cybercriminals have found a way to exploit Microsoft Office 365 by getting users to go to their company’s email login page and then install a harmless looking app that gives the cybercriminals full access the users files and emails without the need for a password. It also allows the installation of other malware. 

Attackers Gain Password Free Access to Office 365

Ransomware has become a global scourge causing major disruption to businesses, hospitals, police departments, and local governments. Collaboration between government agencies and security firms produced 48 recommendations for combating ransomware. 

Government Agencies and Security Firms Unite to Fight Ransomware