Threat Intelligence Bulletin Warns Software Developers are High Targets

August 15th, 2019

57e9d1404953af14ea898675c6203f78083edbe356597941712f7c 1280 Target

Cybersecurity company Glasswall’s August 2019 Threat Intelligence Bulletin stated that the technology sector accounts for nearly half of phishing campaigns.  Software developers appear to be the most common target.  Hackers are often looking to steal intellectual property or copy products. A key reason they target developers is the administrator privileges across multiple systems that are […]

iNSYNQ Ransom Attack Possibly Caused by Phishing

August 14th, 2019

55e3dc434f53a414ea898675c6203f78083edbe35656784f7d2b7a 1280 Phish

KrebsOnSecurity has reported that a ransomware outbreak that compromised QuickBooks cloud hosting firm iNSYNQ in mid-July started with a phishing attack. A sales employee for iNSYNQ apparently fell victim to the hacker tactic, and hackers were free to romp around the iNSYNQ internal network for almost ten days. They then unleashed their ransomware. iNSYNQ chief executive Elliot Luchansky briefed […]

Steam Zero-Day Vulnerability Discovered and Fixed

August 12th, 2019

55e1d4414f51a514ea898675c6203f78083edbe35657734a762d7d 1280 Cybersecurity

Despite Valve determining that a flaw submitted by their bug bounty program HackerOne was “Not Applicable”, two independent researchers confirmed a zero-day privilege escalation vulnerability in the popular Steam game client for Windows.  The vulnerability allowed an attacker with limited permissions to run a program as an administrator. This posed a significant threat to Steam […]

Pakistani National Faces 20 Year Sentence for AT&T Unlock Scheme

August 7th, 2019

Jailbreak 1

Muhammad Fahd, a 34-year-old Pakistani national arrested by the United States Federal Government back in February has now been charged with bribing employees at AT&T call center in Bothell, Washington, and was extradited to the U.S. on Friday. For over five years Fahd unlocked more than 2 million phones and planted malware on the telecommunication […]

Tencent Discovers Android “QualPwn” Vulnerabilities

August 6th, 2019

57e9d0444d56ac14ea898675c6203f78083edbe356507349762e7e 1280 Pwn

Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year.  The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets.  Hundreds of millions of Android devices are at risk of complete take over. “One of the vulnerabilities allows attackers to compromise […]

New Android Ransomware Filecoder.C

July 30th, 2019

55e0d54b4354ab14ea898675c6203f78083edbe357547040772879 1280 Sexy Computer

ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C.  The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app.  Clicking the link downloads the ransomware.  It then uses the victims contact list to further distribute the infected link via […]

Cybersecurity Practices Affect the Valuation of Your Company

July 30th, 2019

54e1dd434951ac14ea898675c6203f78083edbe3575470487c2b79 1280 Money

According to a study by Ocean Tomo, intangible assets have emerged as the leading determinant of a company’s value.  From 1975 to 2025, the value of tangible assets dropped from 83% down to 16% while the intangibles went from 17% to 84%.   A company’s value derives from its tangible and intangible assets. Intangible assets include […]

Paige Thompson Arrested in Capital One Server Hack

July 30th, 2019

54e1d7414955aa14ea898675c6203f78083edbe357547048762e7f 1280 Arrest

Paige Thompson, a software engineer who formerly worked for Amazon Web Services, is accused of breaking into a Capital One server.  Thompson obtained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.  She also had access to over 100 million people’s names, addresses, credit scores and limits, […]

Business Associate Agreements & HIPAA

July 29th, 2019

55e3dd414f52af14ea898675c6203f78083edbe35755724d732b7b 1280 Business Partners

The HIPAA Privacy Rule states that clearinghouses, covered entities, and business associates are required to follow the HIPAA security and privacy rules. According to the U.S. Department of Health & Human Services, the Privacy Rule “requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the […]

Access Control/Governance Improves HIPAA Security

July 26th, 2019

50e1d5424a53b114a6da8c7ccf203163143ad8e15256754c7626 1280 Secure

With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place.  According to hitconsultant.net, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best […]

Equifax Pays Dearly for Failed Patch

July 26th, 2019

51e1dc434c54b114a6da8c7ccf203163143ad8e152577841732a 1280 Judge

Equifax has agreed to pay anywhere from $575 million to $700 million in its settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories.  In 2017, Equifax had one of the largest data breaches in US history when they failed to properly secure over 148 million […]

“FlawedArmmy RAT”: Security Awareness Training Could Prevent It

July 18th, 2019

2425478301 A271fec699 B Rat 3

Microsoft Security Intelligence has sent out a new set of Tweets outlining an attack strategy that uses a number of Windows toolsets to install a remote access trojan (RAT) malware onto victims’ systems. The malware uses executables, tools, and scripts to avoid detection. According to KnowBe4, here’s how it works: The potential victim receives an […]

To Pay or Not to Pay: That is the Question

July 15th, 2019

52e1d54a4853ae14ea898675c6203f78083edbe35053734b7c2c73 1280 Hamlet

Ransomware is targeting systems world-wide, big and small.  And every unlucky victim faces the same dilemma:  to pay or not to pay.  Despite the US Conference of Mayors approved resolution last week to not pay cybercriminals, there are still persistent arguments to both sides of the issue. According to the FBI’s “Ransomware Prevention and Response […]

New Scam Targets 1.5 Billion Gmail Calendar Users

July 11th, 2019

Google Calendar Scam

Scammers are using Google’s Calendar app to trick users into clicking on phishing links that upload malware hidden in a java script. Over 1.5 billion users are at risk. Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid looking link poised to send them […]

NY Senate Bill 224: The Next State Consumer Privacy Act?

July 2nd, 2019

New York Privacy

Without a federal privacy law in place, individual states are starting to examine privacy legislation on their own. California already has the California Consumer Privacy Act (CCPA).  It appears the next state will be New York. NY Senate Bill 224 is privacy legislation that’s even tougher than California’s bill. Though the NY Privacy Act (NYPA) […]

Catastrophic ShadowGate Malware Reported

July 1st, 2019

Shadlow Gate

A new set of malware is locking down computers instantly and demanding hundreds of bitcoin to get access to your files and network back. Recent attacks don’t appear to be derived from a particular nation but rather a group of hackers called ShadowGate. According to Malwarebytes, an antivirus developer, the attack targets exploits found in […]

Second Ransomware Payout in Florida

June 28th, 2019

Lake City

A ransomware attack in Florida on June 10th has resulted in another payout for cybercriminals.  Officials in Lake City voted to pay 42 bitcoins to decrypt files and get back on their network.  The 42 bit coins come to about $530,000.  Lake City’s insurance company will be paying most of that, but the city still […]

Firefox Critical Patch

June 20th, 2019

Firefox

Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 patches and you need to update ASAP. The patches repair a critical zero-day vulnerability that hackers have been repeatedly exploiting recently. Firefox for Android, iOS, and Amazon Fire TV are not affected, but any desktop Firefox is at risk. Samuel Groß, cybersecurity researcher at Google Project Zero, […]

Russia-U.S. Cyberwar Brewing

June 18th, 2019

Russian Cyber Army

The U.S. hack of Russia’s power grid could start a cyberwar.  The Kremlin issued a formal warning of potential retaliation with attacks on businesses, agencies, and infrastructure in the United States. Russia has been a continuing source of many cybercriminal groups, causing the U.S. to shift from cyber defense to cyber offense. The tactic could […]

Hefty Fines for CASL Violations

June 17th, 2019

Spam

Canadian citizens suspected of spreading malicious software could be facing fines in the millions of dollars for their criminal activities. The passage of Canada’s Anti-Spam Legislation (CASL) covers much more than just mail.  It also covers altered transmissions of data, botnets, and the installation of known malware and spyware software. Under the CASL, businesses found […]