Archive for the ‘Cyber Security’ Category

Microsoft Security Patch Released 9/10/19

Wednesday, September 11th, 2019

Microsoft issued security updates yesterday to plug roughly 80 security issues holes in its Windows operating systems and software. Over 25% of those updates are critical.  This is the fourth time this year that Microsoft has had to fix bugs in its Remote Desktop Feature. Two of the bugs resolved in this month’s patch batch […]

Over 400 Million Facebook Users’ Phone Numbers Found Online

Wednesday, September 11th, 2019

A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally.   Each accessible record contained a user’s Facebook ID, phone number, and location.  Some even had the user’s name. This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam […]

Chrome Security Fix

Wednesday, September 4th, 2019

Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The […]

Google Researchers Warn iPhone Users to Keep Security Up

Tuesday, September 3rd, 2019

  Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were […]

Cyber-Insurance Companies: Are They Fueling Ransomware Frequency Spikes?

Tuesday, September 3rd, 2019

ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run.  A $500,000 payout makes better financial sense than  a recovery campaign that could cost millions.  The recent even in Lake City, Florida is a good example.  Ransomware attacks were covered under the city’s cyber-insurance […]

Surge in Ransoms Expected Due to MegaCortex 2.0

Tuesday, September 3rd, 2019

  According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a […]

Threat Intelligence Bulletin Warns Software Developers are High Targets

Thursday, August 15th, 2019

Cybersecurity company Glasswall’s August 2019 Threat Intelligence Bulletin stated that the technology sector accounts for nearly half of phishing campaigns.  Software developers appear to be the most common target.  Hackers are often looking to steal intellectual property or copy products. A key reason they target developers is the administrator privileges across multiple systems that are […]

iNSYNQ Ransom Attack Possibly Caused by Phishing

Wednesday, August 14th, 2019

KrebsOnSecurity has reported that a ransomware outbreak that compromised QuickBooks cloud hosting firm iNSYNQ in mid-July started with a phishing attack. A sales employee for iNSYNQ apparently fell victim to the hacker tactic, and hackers were free to romp around the iNSYNQ internal network for almost ten days. They then unleashed their ransomware. iNSYNQ chief executive Elliot Luchansky briefed […]

Steam Zero-Day Vulnerability Discovered and Fixed

Monday, August 12th, 2019

Despite Valve determining that a flaw submitted by their bug bounty program HackerOne was “Not Applicable”, two independent researchers confirmed a zero-day privilege escalation vulnerability in the popular Steam game client for Windows.  The vulnerability allowed an attacker with limited permissions to run a program as an administrator. This posed a significant threat to Steam […]

Pakistani National Faces 20 Year Sentence for AT&T Unlock Scheme

Wednesday, August 7th, 2019

Muhammad Fahd, a 34-year-old Pakistani national arrested by the United States Federal Government back in February has now been charged with bribing employees at AT&T call center in Bothell, Washington, and was extradited to the U.S. on Friday. For over five years Fahd unlocked more than 2 million phones and planted malware on the telecommunication […]

Tencent Discovers Android “QualPwn” Vulnerabilities

Tuesday, August 6th, 2019

Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year.  The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets.  Hundreds of millions of Android devices are at risk of complete take over. “One of the vulnerabilities allows attackers to compromise […]

New Android Ransomware Filecoder.C

Tuesday, July 30th, 2019

ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C.  The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app.  Clicking the link downloads the ransomware.  It then uses the victims contact list to further distribute the infected link via […]

Cybersecurity Practices Affect the Valuation of Your Company

Tuesday, July 30th, 2019

According to a study by Ocean Tomo, intangible assets have emerged as the leading determinant of a company’s value.  From 1975 to 2025, the value of tangible assets dropped from 83% down to 16% while the intangibles went from 17% to 84%.   A company’s value derives from its tangible and intangible assets. Intangible assets include […]

Paige Thompson Arrested in Capital One Server Hack

Tuesday, July 30th, 2019

Paige Thompson, a software engineer who formerly worked for Amazon Web Services, is accused of breaking into a Capital One server.  Thompson obtained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.  She also had access to over 100 million people’s names, addresses, credit scores and limits, […]

Business Associate Agreements & HIPAA

Monday, July 29th, 2019

The HIPAA Privacy Rule states that clearinghouses, covered entities, and business associates are required to follow the HIPAA security and privacy rules. According to the U.S. Department of Health & Human Services, the Privacy Rule “requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the […]

Access Control/Governance Improves HIPAA Security

Friday, July 26th, 2019

With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place.  According to, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best […]

Equifax Pays Dearly for Failed Patch

Friday, July 26th, 2019

Equifax has agreed to pay anywhere from $575 million to $700 million in its settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories.  In 2017, Equifax had one of the largest data breaches in US history when they failed to properly secure over 148 million […]

“FlawedArmmy RAT”: Security Awareness Training Could Prevent It

Thursday, July 18th, 2019

Microsoft Security Intelligence has sent out a new set of Tweets outlining an attack strategy that uses a number of Windows toolsets to install a remote access trojan (RAT) malware onto victims’ systems. The malware uses executables, tools, and scripts to avoid detection. According to KnowBe4, here’s how it works: The potential victim receives an […]

To Pay or Not to Pay: That is the Question

Monday, July 15th, 2019

Ransomware is targeting systems world-wide, big and small.  And every unlucky victim faces the same dilemma:  to pay or not to pay.  Despite the US Conference of Mayors approved resolution last week to not pay cybercriminals, there are still persistent arguments to both sides of the issue. According to the FBI’s “Ransomware Prevention and Response […]

New Scam Targets 1.5 Billion Gmail Calendar Users

Thursday, July 11th, 2019

Scammers are using Google’s Calendar app to trick users into clicking on phishing links that upload malware hidden in a java script. Over 1.5 billion users are at risk. Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid looking link poised to send them […]