Tencent Discovers Android “QualPwn” Vulnerabilities

Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year.  The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets.  Hundreds of millions of Android devices are at risk of complete take over. “One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air,” …

New Android Ransomware Filecoder.C

ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C.  The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app.  Clicking the link downloads the ransomware.  It then uses the victims contact list to further distribute the infected link via SMS messages that claim the …

Cybersecurity Practices Affect the Valuation of Your Company

According to a study by Ocean Tomo, intangible assets have emerged as the leading determinant of a company’s value.  From 1975 to 2025, the value of tangible assets dropped from 83% down to 16% while the intangibles went from 17% to 84%.   A company’s value derives from its tangible and intangible assets. Intangible assets include not only patents, trademarks and …

Paige Thompson Arrested in Capital One Server Hack

Paige Thompson, a software engineer who formerly worked for Amazon Web Services, is accused of breaking into a Capital One server.  Thompson obtained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.  She also had access to over 100 million people’s names, addresses, credit scores and limits, balances, credit applications, and other …

Business Associate Agreements & HIPAA

The HIPAA Privacy Rule states that clearinghouses, covered entities, and business associates are required to follow the HIPAA security and privacy rules. According to the U.S. Department of Health & Human Services, the Privacy Rule “requires that a covered entity obtain satisfactory assurances from its business associate that the business associate will appropriately safeguard the protected health information it receives …

Access Control/Governance Improves HIPAA Security

With the ever-growing monitoring of Health Insurance Portability and Accountability Act (HIPAA) violations and media attention to their subsequent soaring costs, there has never been a better time to ensure your Access Control/Governance Policy is in place.  According to hitconsultant.net, in regard to ongoing HIPAA compliance efforts, initiating an access governance program perhaps is the best place to begin with readiness …

Equifax Pays Dearly for Failed Patch

Equifax has agreed to pay anywhere from $575 million to $700 million in its settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories.  In 2017, Equifax had one of the largest data breaches in US history when they failed to properly secure over 148 million records on their storage network—a …

“FlawedArmmy RAT”: Security Awareness Training Could Prevent It

Microsoft Security Intelligence has sent out a new set of Tweets outlining an attack strategy that uses a number of Windows toolsets to install a remote access trojan (RAT) malware onto victims’ systems. The malware uses executables, tools, and scripts to avoid detection. According to KnowBe4, here’s how it works: The potential victim receives an email written in Korean containing …

To Pay or Not to Pay: That is the Question

Ransomware is targeting systems world-wide, big and small.  And every unlucky victim faces the same dilemma:  to pay or not to pay.  Despite the US Conference of Mayors approved resolution last week to not pay cybercriminals, there are still persistent arguments to both sides of the issue. According to the FBI’s “Ransomware Prevention and Response for CISOs” document, “Whether to …

New Scam Targets 1.5 Billion Gmail Calendar Users

Scammers are using Google’s Calendar app to trick users into clicking on phishing links that upload malware hidden in a java script. Over 1.5 billion users are at risk. Scammers send a calendar invite complete with meeting topic and location to fool users into clicking the innocent and valid looking link poised to send them more meeting details. Phishing is …

NY Senate Bill 224: The Next State Consumer Privacy Act?

Without a federal privacy law in place, individual states are starting to examine privacy legislation on their own. California already has the California Consumer Privacy Act (CCPA).  It appears the next state will be New York. NY Senate Bill 224 is privacy legislation that’s even tougher than California’s bill. Though the NY Privacy Act (NYPA) is still looking for a …

Catastrophic ShadowGate Malware Reported

A new set of malware is locking down computers instantly and demanding hundreds of bitcoin to get access to your files and network back. Recent attacks don’t appear to be derived from a particular nation but rather a group of hackers called ShadowGate. According to Malwarebytes, an antivirus developer, the attack targets exploits found in outdated versions of the Flash …

Second Ransomware Payout in Florida

A ransomware attack in Florida on June 10th has resulted in another payout for cybercriminals.  Officials in Lake City voted to pay 42 bitcoins to decrypt files and get back on their network.  The 42 bit coins come to about $530,000.  Lake City’s insurance company will be paying most of that, but the city still needs to pay a $10,000 …

Firefox Critical Patch

Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 patches and you need to update ASAP. The patches repair a critical zero-day vulnerability that hackers have been repeatedly exploiting recently. Firefox for Android, iOS, and Amazon Fire TV are not affected, but any desktop Firefox is at risk. Samuel Groß, cybersecurity researcher at Google Project Zero, discovered the vulnerability and reported …

Russia-U.S. Cyberwar Brewing

The U.S. hack of Russia’s power grid could start a cyberwar.  The Kremlin issued a formal warning of potential retaliation with attacks on businesses, agencies, and infrastructure in the United States. Russia has been a continuing source of many cybercriminal groups, causing the U.S. to shift from cyber defense to cyber offense. The tactic could trigger escalation in retribution. Evgeniy …

Hefty Fines for CASL Violations

Canadian citizens suspected of spreading malicious software could be facing fines in the millions of dollars for their criminal activities. The passage of Canada’s Anti-Spam Legislation (CASL) covers much more than just mail.  It also covers altered transmissions of data, botnets, and the installation of known malware and spyware software. Under the CASL, businesses found to be in violation can …

Google

Google Joins Facebook & Twitter in Password Storage Issues

Twitter did it. Facebook did it. Now Google’s done it. Google revealed Tuesday in a blog post that it accidentally stored its users’ passwords unprotected in plain text.  For fourteen years, any Google employee with access to the Google internal servers could read them. G Suite, previously known as Google Apps and mainly a business version of everything Google offers, …

Five Ways to Avoid a Ransomware Attack

Ransomware attacks are on the rise, and while most attacks are aimed at large entities who can provide large payoffs, individuals are still at personal risk. Until money is paid, you could be looking at a total lockout of all of your files, email, and financial systems. Here are just a few ways to minimize your risk of a ransomware …