Cyber Security

Microsoft issued security updates yesterday to plug roughly 80 security issues holes in its Windows operating systems and software. Over 25% of those updates are critical.  This is the fourth time this year that Microsoft has had to fix bugs in its Remote Desktop Feature. Two of the bugs resolved in this month’s patch batch […]

A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally.   Each accessible record contained a user’s Facebook ID, phone number, and location.  Some even had the user’s name. This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam […]

Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The […]

  Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were […]

ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run.  A $500,000 payout makes better financial sense than  a recovery campaign that could cost millions.  The recent even in Lake City, Florida is a good example.  Ransomware attacks were covered under the city’s cyber-insurance […]

  According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a […]

Cybersecurity company Glasswall’s August 2019 Threat Intelligence Bulletin stated that the technology sector accounts for nearly half of phishing campaigns.  Software developers appear to be the most common target.  Hackers are often looking to steal intellectual property or copy products. A key reason they target developers is the administrator privileges across multiple systems that are […]

KrebsOnSecurity has reported that a ransomware outbreak that compromised QuickBooks cloud hosting firm iNSYNQ in mid-July started with a phishing attack. A sales employee for iNSYNQ apparently fell victim to the hacker tactic, and hackers were free to romp around the iNSYNQ internal network for almost ten days. They then unleashed their ransomware. iNSYNQ chief executive Elliot Luchansky briefed […]

Despite Valve determining that a flaw submitted by their bug bounty program HackerOne was “Not Applicable”, two independent researchers confirmed a zero-day privilege escalation vulnerability in the popular Steam game client for Windows.  The vulnerability allowed an attacker with limited permissions to run a program as an administrator. This posed a significant threat to Steam […]

Muhammad Fahd, a 34-year-old Pakistani national arrested by the United States Federal Government back in February has now been charged with bribing employees at AT&T call center in Bothell, Washington, and was extradited to the U.S. on Friday. For over five years Fahd unlocked more than 2 million phones and planted malware on the telecommunication […]

Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year.  The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets.  Hundreds of millions of Android devices are at risk of complete take over. “One of the vulnerabilities allows attackers to compromise […]

ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C.  The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app.  Clicking the link downloads the ransomware.  It then uses the victims contact list to further distribute the infected link via […]

According to a study by Ocean Tomo, intangible assets have emerged as the leading determinant of a company’s value.  From 1975 to 2025, the value of tangible assets dropped from 83% down to 16% while the intangibles went from 17% to 84%.   A company’s value derives from its tangible and intangible assets. Intangible assets include […]

Paige Thompson, a software engineer who formerly worked for Amazon Web Services, is accused of breaking into a Capital One server.  Thompson obtained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.  She also had access to over 100 million people’s names, addresses, credit scores and limits, […]

The HIPAA Privacy Rule states that clearinghouses, covered entities, and business associates are required to follow the HIPAA security and privacy rules. According to the U.S. Department of Health & Human Services, the Privacy Rule “requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the […]

With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place.  According to hitconsultant.net, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best […]

Equifax has agreed to pay anywhere from $575 million to $700 million in its settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories.  In 2017, Equifax had one of the largest data breaches in US history when they failed to properly secure over 148 million […]

Microsoft Security Intelligence has sent out a new set of Tweets outlining an attack strategy that uses a number of Windows toolsets to install a remote access trojan (RAT) malware onto victims’ systems. The malware uses executables, tools, and scripts to avoid detection. According to KnowBe4, here’s how it works: The potential victim receives an […]

Ransomware is targeting systems world-wide, big and small.  And every unlucky victim faces the same dilemma:  to pay or not to pay.  Despite the US Conference of Mayors approved resolution last week to not pay cybercriminals, there are still persistent arguments to both sides of the issue. According to the FBI’s “Ransomware Prevention and Response […]

Scammers are using Google’s Calendar app to trick users into clicking on phishing links that upload malware hidden in a java script. Over 1.5 billion users are at risk. Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid looking link poised to send them […]