Archive for 2019
Wednesday, September 4th, 2019
Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW. Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader. The […]
Posted in Cyber Security | Comments Off on Chrome Security Fix
Tuesday, September 3rd, 2019
Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were […]
Posted in Cyber Security | Comments Off on Google Researchers Warn iPhone Users to Keep Security Up
Tuesday, September 3rd, 2019
ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run. A $500,000 payout makes better financial sense than a recovery campaign that could cost millions. The recent even in Lake City, Florida is a good example. Ransomware attacks were covered under the city’s cyber-insurance […]
Posted in Cyber Security | Comments Off on Cyber-Insurance Companies: Are They Fueling Ransomware Frequency Spikes?
Tuesday, September 3rd, 2019
According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a […]
Posted in Cyber Security | Comments Off on Surge in Ransoms Expected Due to MegaCortex 2.0
Thursday, August 15th, 2019
Cybersecurity company Glasswall’s August 2019 Threat Intelligence Bulletin stated that the technology sector accounts for nearly half of phishing campaigns. Software developers appear to be the most common target. Hackers are often looking to steal intellectual property or copy products. A key reason they target developers is the administrator privileges across multiple systems that are […]
Posted in Cyber Security | Comments Off on Threat Intelligence Bulletin Warns Software Developers are High Targets
Wednesday, August 14th, 2019
KrebsOnSecurity has reported that a ransomware outbreak that compromised QuickBooks cloud hosting firm iNSYNQ in mid-July started with a phishing attack. A sales employee for iNSYNQ apparently fell victim to the hacker tactic, and hackers were free to romp around the iNSYNQ internal network for almost ten days. They then unleashed their ransomware. iNSYNQ chief executive Elliot Luchansky briefed […]
Posted in Cyber Security | Comments Off on iNSYNQ Ransom Attack Possibly Caused by Phishing
Monday, August 12th, 2019
Despite Valve determining that a flaw submitted by their bug bounty program HackerOne was “Not Applicable”, two independent researchers confirmed a zero-day privilege escalation vulnerability in the popular Steam game client for Windows. The vulnerability allowed an attacker with limited permissions to run a program as an administrator. This posed a significant threat to Steam […]
Posted in Cyber Security | Comments Off on Steam Zero-Day Vulnerability Discovered and Fixed
Wednesday, August 7th, 2019
Muhammad Fahd, a 34-year-old Pakistani national arrested by the United States Federal Government back in February has now been charged with bribing employees at AT&T call center in Bothell, Washington, and was extradited to the U.S. on Friday. For over five years Fahd unlocked more than 2 million phones and planted malware on the telecommunication […]
Posted in Cyber Security | Comments Off on Pakistani National Faces 20 Year Sentence for AT&T Unlock Scheme
Tuesday, August 6th, 2019
Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year. The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets. Hundreds of millions of Android devices are at risk of complete take over. “One of the vulnerabilities allows attackers to compromise […]
Posted in Cyber Security | Comments Off on Tencent Discovers Android “QualPwn” Vulnerabilities
Tuesday, July 30th, 2019
ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C. The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app. Clicking the link downloads the ransomware. It then uses the victims contact list to further distribute the infected link via […]
Posted in Cyber Security | Comments Off on New Android Ransomware Filecoder.C
Tuesday, July 30th, 2019
According to a study by Ocean Tomo, intangible assets have emerged as the leading determinant of a company’s value. From 1975 to 2025, the value of tangible assets dropped from 83% down to 16% while the intangibles went from 17% to 84%. A company’s value derives from its tangible and intangible assets. Intangible assets include […]
Posted in Cyber Security | Comments Off on Cybersecurity Practices Affect the Valuation of Your Company
Tuesday, July 30th, 2019
Paige Thompson, a software engineer who formerly worked for Amazon Web Services, is accused of breaking into a Capital One server. Thompson obtained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. She also had access to over 100 million people’s names, addresses, credit scores and limits, […]
Posted in Cyber Security | Comments Off on Paige Thompson Arrested in Capital One Server Hack
Monday, July 29th, 2019
The HIPAA Privacy Rule states that clearinghouses, covered entities, and business associates are required to follow the HIPAA security and privacy rules. According to the U.S. Department of Health & Human Services, the Privacy Rule “requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the […]
Posted in Cyber Security, HIPAA | Comments Off on Business Associate Agreements & HIPAA
Friday, July 26th, 2019
With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place. According to hitconsultant.net, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best […]
Posted in Cyber Security, HIPAA | Comments Off on Access Control/Governance Improves HIPAA Security
Friday, July 26th, 2019
Equifax has agreed to pay anywhere from $575 million to $700 million in its settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories. In 2017, Equifax had one of the largest data breaches in US history when they failed to properly secure over 148 million […]
Posted in Cyber Security | Comments Off on Equifax Pays Dearly for Failed Patch
Thursday, July 18th, 2019
Microsoft Security Intelligence has sent out a new set of Tweets outlining an attack strategy that uses a number of Windows toolsets to install a remote access trojan (RAT) malware onto victims’ systems. The malware uses executables, tools, and scripts to avoid detection. According to KnowBe4, here’s how it works: The potential victim receives an […]
Posted in Cyber Security | Comments Off on “FlawedArmmy RAT”: Security Awareness Training Could Prevent It
Monday, July 15th, 2019
Ransomware is targeting systems world-wide, big and small. And every unlucky victim faces the same dilemma: to pay or not to pay. Despite the US Conference of Mayors approved resolution last week to not pay cybercriminals, there are still persistent arguments to both sides of the issue. According to the FBI’s “Ransomware Prevention and Response […]
Posted in Cyber Security | Comments Off on To Pay or Not to Pay: That is the Question
Thursday, July 11th, 2019
Scammers are using Google’s Calendar app to trick users into clicking on phishing links that upload malware hidden in a java script. Over 1.5 billion users are at risk. Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid looking link poised to send them […]
Posted in Cyber Security | Comments Off on New Scam Targets 1.5 Billion Gmail Calendar Users
Tuesday, July 2nd, 2019
Without a federal privacy law in place, individual states are starting to examine privacy legislation on their own. California already has the California Consumer Privacy Act (CCPA). It appears the next state will be New York. NY Senate Bill 224 is privacy legislation that’s even tougher than California’s bill. Though the NY Privacy Act (NYPA) […]
Posted in Cyber Security | Comments Off on NY Senate Bill 224: The Next State Consumer Privacy Act?
Monday, July 1st, 2019
A new set of malware is locking down computers instantly and demanding hundreds of bitcoin to get access to your files and network back. Recent attacks don’t appear to be derived from a particular nation but rather a group of hackers called ShadowGate. According to Malwarebytes, an antivirus developer, the attack targets exploits found in […]
Posted in Cyber Security | Comments Off on Catastrophic ShadowGate Malware Reported