Insights

Webscrapers Have Bigger Than Perceived Impact on Digital Businesses

Webscrapers are bots that crawl public sites looking for information such as products, inventories, descriptions, pricing, anything. Research shows in some industries they can account for 40-60% of web traffic significantly skewing analytics, overloading servers and internet access. Worse is when they steal your images and logos allowing cyber criminals to clone your site and steal traffic. Even when used solely for legitimate purposes, webscrapers affect your business by rendering the analytics used for marketing and product plans inaccurate.

 

https://www.darkreading.com/operations/web-scrapers-have-bigger-than-perceived-impact-on-digital-businesses/d/d-id/1337890?_mc=KJH-Twitter-2019-05&fbclid=IwAR05PLP3dt8DAXJ0wtzkNfT1nMmlGA_PGUOU86EUNi7vAIHkt2YTCwHK-Uo

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Risk: The Need For Compliance In a Post Covid-19 World

The Covid-19 pandemic has changed priorities for companies and their IT departments. Enabling work from home and other necessary shifts have been the focus of the effort and budgets. But the need for compliance has not gone away nor will it. Do not neglect compliance with all that is going on.

 

https://www.darkreading.com/risk/the-need-for-compliance-in-a-post-covid-19-world/a/d-id/1337840?fbclid=IwAR1edFmd3sQksimFr0AbDrp6gKauF8X1ya8BlDLAjDJ_oq1AyG9Y-VYMpBc

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Telcos Become Richer Hacking Targets

Telco networks used to use proprietary protocols and devices. But over the past few years as the technology changed, telcos switched to commercial networking providers. The networks did get hacked before, but the use of commercial networking equipment makes them more vulnerable. The intent of the hacks is to penetrate client company networks and insert phishing and other attacks. 

 

https://www.darkreading.com/cloud/telcos-become-richer-hacking-targets/d/d-id/1337888?_mc=KJH-Twitter-2019-05&fbclid=IwAR2eBSemd7zMLlEk2PlUZNWjjtqGKLUsPRyidy8n83y5QfhWKfmRiuIVuYk

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Microsoft Warns of Vulnerability Affecting Windows DNS Server

A new security advisory issued by Microsoft warns of a vulnerability in the DNS Servers that would allow a denial of service attack. 

 

https://www.darkreading.com/threat-intelligence/microsoft-warns-of-vulnerability-affecting-windows-dns-server/d/d-id/1337872

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

 


Paying The Ransom Can Double Ransomware Attack Recovery Costs

Law enforcement has warned against paying in a ransomware attack. Companies did pay thinking it would be a faster path to restoring business as usual. New research shows that not only isn’t it a faster path to business as usual, it can double the costs. 

 

https://healthitsecurity.com/news/paying-the-ransom-can-double-ransomware-attack-recovery-costs?eid=CXTEL000000294682&elqCampaignId=14498&utm_source=nl&utm_medium=email&utm_campaign=newsletter&elqTrackId=a00740f1ad7144b1a269f0bda64d5456&elq=09e8d68219bd4385b415a611559ac463&elqaid=15212&elqat=1&elqCampaignId=14498

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


A Cybercrime Store is Selling Access to More Than 43,000 Hacked Servers

An online marketplace selling access to hacked servers is continuing to grow becoming the largest vendor of this information. Sadly some of the hacked servers belong to hospitals, state governments and financial institutions.  

 

https://www.zdnet.com/article/a-cybercrime-store-is-selling-access-to-more-than-43000-hacked-servers/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12833929&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Covid-19 Blamed for 238% surge in Cyber Attacks Against Banks

As we have mentioned earlier, cyber criminals are quick to recognize what captures peoples’ attention, and capitalize on it. Now, it is Covid-19. Many people are looking for information or advice on Covid-19. Cyber criminals know this and create realistic looking sites or send phishing emails that offer information, PPE (Personal Protective Equipment), or faster government stimulus checks or anything else to get us to click. Don’t do it! 

 

https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12833929&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Thunderbolt Flaws Affect Millions of Computers-Even Locking Unattended Devices Won't Help

The widely used Thunderbolt interface has been shown to have a flaw allowing someone with access to the port to bypass passwords and other security. A feature of Thunderbolt is direct access to memory, and it is this that allows attackers access. The good news is that the attackers need physical access to the device. 

 

https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12828901&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Cognizant: Ransomware Attack Expense at Least $50 Million

Computer services firm Cognizant has released information saying the cost of the ransomware attack that hit it in April was over $50 million.         

 

https://www.databreachtoday.com/cognizant-ransomware-attack-expense-at-least-50-million-a-14255?rf=2020-05-12_ENEWS_SUB_DBT__Slot9_ART14255&mkt_tok=eyJpIjoiT0dabFlURXdPRGd5TTJWbSIsInQiOiJPd2doK25oUjVUbk5xdkpBVXlSNGltTllOQ2JUaDJGOHJjZXdvVmRLcWpcL3FMVHR6bngxTEplMnRJaWJmOTVIbm9TZUVkcDBrRUJjbWpYbXNpTG1kVDdSXC9CQjRQUzQyc3NBWDJobTFaR0Z6RGxWVERXN1pQeHJIdEVNWVRrUFYyIn0%3D

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Microsoft Identity VP Shares How and Why To Ditch Passwords

Passwords have been a security tool for decades. But their weaknesses have been well documented. Now a Microsoft VP provides more information on getting rid of passwords.

 

https://www.darkreading.com/operations/microsoft-identity-vp-shares-how-and-why-to-ditch-passwords/d/d-id/1337772?_mc=NL_DR_EDT_DR_weekly_20200514&cid=NL_DR_EDT_DR_weekly_20200514&elq_mid=97272&elq_cid=27694253

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Cisco: These 12 High Severity Bugs In ASA and Firepower Security Software Need Patching

Finding security bugs is serious but finding them in software and hardware designed to provide security is concerning. Fortunately, it appears these bugs were found by security companies who notified Cisco and who in turn, is notifying clients. The affected items are the Adaptive Security Appliance and Firepower Threat Defense system. Some of the bugs are rated as high-severity. Clients of these Cisco products are advised to apply patches as soon as possible. 

 

https://www.zdnet.com/article/cisco-these-12-high-severity-bugs-in-asa-and-firepower-security-software-need-patching/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12823689&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Things Keeping CISOs Up At Night During Covid-19 Pandemic

While ransomware attacks may be down, other attacks including phishing related to Covid-19 are rising fast. Cyber criminals are adept at finding ways to grab our attention and make us click or do other dangerous actions. The high demand for Covid-19 information is one of those things we are all interested in. 

 

CISOs are the ones working hard to keep us safe and these are the things keeping them up at night. 

 

https://www.darkreading.com/vulnerabilities---threats/things-keeping-cisos-up-at-night-during-the-covid-19-pandemic/a/d-id/1337675?_mc=NL_DR_EDT_DR_weekly_20200507&cid=NL_DR_EDT_DR_weekly_20200507&elq_mid=97178&elq_cid=27694253

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Ransomware Success Declines Amid Covid-19 But Resurgence is Likely

One positive aspect of the Corona-19 pandemic is that ransomware attacks are down significantly from 2019 levels. Sadly, this is not expected to continue as the pandemic declines. 

 

https://healthitsecurity.com/news/ransomware-success-declines-amid-covid-19-but-resurgence-is-likely

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

 


SAP notifying 9% of customers about security bugs in some cloud products

SAP notified a number of customers that an internal review showed that several products failed to meet security standards of contracts or legal obligations. The products affected were cloud based. The company is still working on fixes. Customers should watch for updates from Cisco and apply them as soon as possible.  

 

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=12822307&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Hacker Group Tried to Hijack 900,000 WordPress Sites Over the Last Week

A previously relatively quiet hacking group launched a massive attack against close to 1 million WordPress sites. The attack leveraged a number of vulnerabilities attempting to steal credentials. WordPress recommends that users apply updates to themes and plugins. WordPress suggests the use of an application firewall to block these and other attempts at compromise.  

 

https://www.zdnet.com/article/a-hacker-group-tried-to-hijack-900000-wordpress-sites-over-the-last-week/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=12822307&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


How Telework is Changing Cloud Security

The global pandemic has shifted workers from the office to the home leading to a higher reliance on cloud services. But security of the cloud services remains with the client company. 

 

https://www.careersinfosecurity.com/how-telework-changing-cloud-security-a-14193?rf=2020-04-30_ENEWS_SUB_CAIS__Slot3_ART14193&mkt_tok=eyJpIjoiWWpKa056VTFNRFF5TVRGaSIsInQiOiJ0azl6b2wwOWRTemEwYjRGbitpOXpWOXlIZkhnYndsUlFQMnIwUHg4SXpcL2U2VkYyYWd0WEZENkdOYWp4T3JkY1wvaFBPMTk4U0FBZVhBanRkb0hnQVwvbHBIZHVoXC9aUE1UQURzUkpDNmpBY0RCcHIwWm84NTFFUlNqbFZRUzE3QWIifQ%3D%3D

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Mobile Malware Attack Research: Kaspersky Q1 2020 Findings

Not surprisingly cyber-attacks on mobile platforms are increasing. Also, not surprisingly, COVID-19 is a popular theme to get people to click. 

 

https://www.msspalert.com/cybersecurity-research/mobile-malware-q1-2020-kaspersky/?utm_medium=email&utm_source=sendpress&utm_campaign

  

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Data Breaches: How to Respond to a Tipoff of a Problem

You receive a tipoff that your systems have been breached. Do you notify customers and suppliers? And if so, what information do you reveal?

 

https://www.careersinfosecurity.com/data-breaches-how-to-respond-to-tipoff-problem-a-14191?rf=2020-04-30_ENEWS_SUB_CAIS__Slot9_ART14191&mkt_tok=eyJpIjoiWWpKa056VTFNRFF5TVRGaSIsInQiOiJ0azl6b2wwOWRTemEwYjRGbitpOXpWOXlIZkhnYndsUlFQMnIwUHg4SXpcL2U2VkYyYWd0WEZENkdOYWp4T3JkY1wvaFBPMTk4U0FBZVhBanRkb0hnQVwvbHBIZHVoXC9aUE1UQURzUkpDNmpBY0RCcHIwWm84NTFFUlNqbFZRUzE3QWIifQ%3D%3D

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Would You Have Fallen for This Phone Scam?

Cyber criminals have found at least one major bank that will reveal the last three transactions if caller id matches the phone number on file. The criminals are spoofing your number to get the last three transactions which can be used in conjunction with the spoofed caller id to access the account. And the attack gets more complicated. 

 

https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Oracle Warns of Attacks Against Recently Patched Weblogic Security Bug

A bug discovered recently was patched by Oracle in mid-April. But now attacks on that bug have begun and Oracle issued an alert advising all Weblogic customers to install the patch.  

 

https://www.zdnet.com/article/oracle-warns-of-attacks-against-recently-patched-weblogic-security-bug/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12815612&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.