Insights

How Safe is Social Media?

Information posted on social media is never private or safe. This was brought home when Facebook’s sale of information to a company that exploited private information was made public. Now the Chinese government is using sophisticated software to monitor people and companies for anything they consider sensitive. Learn how to protect your information. 

 

State Sponsored Exploit of Social Media


Google Docs Comments Weaponized in New Phishing Campaign

Google Docs is a widely used word process package. Now, hackers are using the comments feature of Docs in an attempt to get users to click a malicious link. 

Google Docs Feature Being Exploited


FTC Threatens Action Against Orgs Failing to Mitigate Log4j

The threat of the Log4j issue has been widely publicized and written about here. As it is a feature of systems and not a bug, there will be no “fixes” but there are ways to protect against it. Now the Federal Trade Commission is stepping in to convince companies to take the necessary steps to protect information. 

 

Mitigating Risks Taken to New Level

 

 


Malware Can Fake iPhone Shutdown via ‘NoReboot’ Technique

A reboot is a common way to remove malware from phones. But hackers found a way to “fake” a reboot so the iPhone owner believes it has been rebooted but the malware stays in place. 

 

iPhone hack keeps malware on the device


New York OAG monitors hacking forums, notifies 17 companies of security breaches

The New York Office of the Attorney General has been monitoring sites used by hackers. They discovered compromised information and notified 17 restaurant chains, retailers, and food delivery services that the information of their customers has been compromised by the use of credential stuffing, a technique where compromised passwords are tried on other sites. 

OAG Notifies victims of password stuffing


What is Zero Trust and Why Is it Important?

Zero Trust is a different security model that is a better fit for the new computing model of BYOD, Work From Home, and cloud computing. Despite its name, it enhances trust making information more secure than the older models. 

 

Zero Trust fits the new computing model


Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

This has not been a good time for Apache. First the Log4J critical vulnerability and now this one. Learn more here but patch it asap. 

Another product vulnerability for Apache


Lights Out: Cyberattacks Shut Down Building Automation Systems

In a new wave of attacks cybercriminals are shutting down smart building automation systems. In some cases they take control of the individual control devices and regaining control is not easy. 

Smart Buildings May Not Be So Smart


The Future of Ransomware

This article discusses the importance of coordinated defenses at the company and government level to be effective. But it also points out that if ransomware is stopped cybercriminals will focus on new ways to make money such as selling stolen data on the Dark Web. 

A view on the future of ransomware


Phorpiex Botnet Variant Spread Across 96 Countries

A new variant of the Phorpiex botnet emerged recently that operates as a peer-to-peer network making it harder to bring down. It functions to change the payment destination in legitimate cryptocurrency payments to ones owned by the cybercriminals. 

 

New Botnet steals from cryptocurrency payments


AI and ML Have Benefits But Add to Risks

AI and ML systems are being widely adopted because of the benefits and increased productivity they offer. But then also add to risks exactly because of the benefits they offer. 

 

AI and ML benefits are also risks


40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j

Log4J are features of the Java system that have been there for years. Being features, they aren’t vulnerabilities to fix. The first fix released was incomplete so be sure to use the latest one.  

Log4J is a dangerous vulnerability


How Do I Find My Servers With the Log4j Vulnerability?

The Log4J series of vulnerabilities are very serious. This article offers ways to identify vulnerable systems. Be sure to install the latest patches as the frit set were not complete. 

 

How To Find Servers Susceptible to Log4J


5 Ways to Keep Fraudsters at Bay Over the Holidays

This season is a prime shopping season and a prime cybercrime season. If is also when staff are most busy and likely to miss things. The attacks take many forms. Here are some tips to help protect against them.
 

Holiday Season is Fraud Season


Kronos hack will likely affect how employers issue paychecks and track hours

Kronos is a leading human resources company with widely used time reporting and payroll systems. The successfully ransomware attack means that many companies cannot process hours reported or payroll. 

 

Kronos Ransomware Attack Impact