Expert Insights Announces Winners of Spring 2022 Best-Of Awards with TitanHQ Collecting 5 Awards
Expert Insights, an online publication that provides insights into enterprise business IT and cybersecurity solutions, has announced the winners of the Expert Insights Spring 2022 Best-Of Awards. Expert Insights has editorial and technical teams in the UK and US that conduct research into products, produce buyers’ guides, provide industry analyses, publish technical product reviews, and conduct interviews with industry experts to help...
Microsoft Takes Control of ZLoader Botnet Infrastructure
Microsoft’s Digital Crimes Unit (DCU) has taken control of 65 domains that were being used as the command-and-control mechanism for the ZLoader botnet. The botnet consisted of Windows devices infected with malware from the ZeuS family, such as Zloader and Zbot. Originally, Zloader malware was used for financial theft, credential theft, and stealing money from personal accounts; however, the threat actors behind the malware started...
APT Actors Have Demonstrated the Capability to Attack ICS/SCADA Systems
Certain Advanced Persistent Threat Actors (APT) have demonstrated they have the capability to gain access to industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, including Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers, according to a joint cybersecurity alert issued by the U.S....
What are Hidden Passwords?
Hidden passwords are a feature of most commercial password managers. The feature allows system administrators to change the appearance of shared read-only passwords so they display to end users as a series of dots or asterisks. While a useful feature to prevent shoulder surfing, hidden passwords should not be relied upon as a security feature. Many password managers have a password sharing capability that provides a secure and...
Microsoft Fixes 128 Vulnerabilities Including 2 Zero Day Bugs
Microsoft has released patches to fix 128 vulnerabilities across its product range on April 2022 Patch Tuesday, including 10 flaws rated critical, and two zero-day bugs, one of which is being actively exploited in the wild. Three of the critical flaws are wormable and can be exploited remotely with no user action to achieve code execution. The two zero-day bugs have been rated important, even though one is being actively exploited in...
Microsoft Windows Autopatch to Replace Patch Tuesday
Microsoft intends to replace Patch Tuesday with a new Windows Autopatch managed service, which is due to be launched in July 2022. The new automated patching service aims to speed up the patching of known vulnerabilities and reduce the cost of patch management and will turn Patch Tuesday into “just another Tuesday.” Microsoft will be making the Windows Autopatch managed service available free of charge to Windows 10 and 11...
Five Best Practices for Corporate Password Management
Yubico´s State of Password Management and Authentication Security Behaviors Report paints a very bleak picture of corporate password management. The bleak picture mirrors multiple recent surveys which attribute the majority of data breaches to weak and compromised passwords. Statistics taken out of context can give a misleading impression of corporate password management. For example, the statistic that 80% of data breaches are...
HHS Seeks Comment on HITECH Act Requirements Concerning HIPAA Enforcement
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has requested comments from the public on two outstanding requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 that relate to its enforcement of compliance with the Health Insurance Portability and Accountability Act (HIPAA). OCR is the main enforcer of HIPAA compliance and investigates complaints and data...
FBI Disrupts the Russia-Linked Cyclops Blink Botnet
The massive Cyclops Blink botnet that was being used to target firewall appliances and SOHO networking devices has been neutralized by the U.S. Federal Bureau of Investigation (FBI). The botnet consisted of an army of devices that had been infected by Cyclops Blink malware, which infects Internet-connected devices through malicious firmware updates. The botnet was first identified by the US and UK governments in February this year and...
New Borat RAT Makes Ransomware and DDoS Attacks Simple
A new Remote Access Trojan (RAT) has been identified that makes it easy for threat actors to conduct ransomware and DDoS attacks. The malware – dubbed Borat – takes its name from the character created by Sasha Baron Cohen and was discovered by researchers at the cybersecurity firm Cyble following attacks in the wild using the malware. Their analysis of the Borat RAT revealed it has extensive features. Thoe features are delivered...
WhatsApp Voicemail Phishing Campaign Distributes Information Stealing Malware
A new WhatsApp phishing campaign has been identified by researchers at Armorblox that has been sent to at least 27,655 email addresses. The emails impersonate WhatsApp and relate to the voice message feature of the instant messaging app to get recipients of the messages to install information-stealing malware. The malware targets passwords stored in browsers and applications, steals cryptocurrency wallets, and can be used to...
Three Steps for Securing Your Password Manager
Considering that your password manager contains “the keys to the kingdom”, securing your password manager should be a priority in order to prevent unauthorized third parties accessing your login credentials, payment details, and other personal data you want to keep confidential. Password managers are incredibly useful for people who understand the importance of using unique, complex passwords for each online account. They enable you...
Time for A Rethink on Your Password Policies
If you own a business, you will appreciate the need to close all your windows and lock your doors when you finish work for the night. Leave anything open and you are asking for trouble. Someone will come along in the dead of night, access your premises, and will steal everything of value. The same is true in the digital world. Everything must be protected because if you leave anything open, your digital assets will be stolen. In order...
OCR Annouces 4 Financial Penalties to Resolve HIPAA Violations
The Department of Health and Human Services’ Office for Civil Rights has imposed four financial penalties on healthcare providers to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA). Three dental practices were hit with sizable fines, one for a violation of the HIPAA Right of Access and two for impermissible disclosures of patients’ protected health information (PHI). The HIPAA Right of Access is a...
Why Personal Password Vaults are an Important Security Feature of Business Password Managers
When an organization implements a business-wide, vault-based password manager, personal password vaults can be seen as “a nice thing to have” rather than an important security feature. However, personal vaults can do a lot more to enhance security than they are given credit for. When organizations evaluate vault-based business password managers, it is understandable they prioritize security features such as zero knowledge encryption,...
Agreement In Principle Reached Between EU and US on Replacement for EU-US Privacy Shield
The EU and US have an agreement in principle on a framework to replace the EU-US Privacy Shield, which was invalidated by the Schrems II judgment as it was determined to violate the principles of the EU General Data Protection Regulation (GDPR). The EU-US Privacy Shield is a legal framework regulating exchanges of data for commercial purposes between the European Union and the United States. Companies relied on this framework when...
Thursday 31st March is World Backup Day
There are numerous “cybersecurity holidays” throughout the year, but none are as important as World Backup Day on Thursday – a day dedicated to encouraging individuals and businesses around the world to back up data. How often do you back up your data? Daily? Weekly? Monthly? Less Frequently? Never? If you back up your data daily, weekly, or monthly, you are in the minority according to a survey commissioned by the cloud backup...
Over 5 Dozen Software Flaws Added to CISA’s Known Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 66 vulnerabilities to its Known Exploited Vulnerabilities Catalog that should be given priority when patching, which brings the total number of vulnerabilities on the list to 570. The Known Exploited Vulnerabilities was first published by CISA in November 2021 as part of its efforts to reduce the significant risk of vulnerabilities being exploited by...
Losses to Cybercrime Increased 64% in 2021 to $6.9 Billion
The 2021 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3) shows there was a 64% increase in losses to cybercrime in 2021, rising from $4.2 billion in reported losses in 2020 to $6.9 billion in 2021. 2021 broke the previous record in submitted complaints, with IC3 receiving 847,376 complaints from victims of cybercrime – a 7% increase from 2020. 2021 saw increases in significant rises in phishing, ransomware,...
Average Ransom Payments Increased by 78% in 2021
The average ransomware payment increased by 78% to $541,010 in 2021, according to the recently published 2022 Unit 42 Ransomware Threat Report from Palo Alto Networks, with the average ransom demand increasing by 144% to $2.2 million. Many ransomware gangs conducted attacks last year, but the Conti ransomware gang was the most prolific and was responsible for around one-fifth of all attacks worked on by the Unit 42 team. The REvil...
Malware Infection at Dental Clinic Operator Affects More Than 1 Million Texans
JDC Healthcare Management, which operates more than 70 dental clinics in Texas as Jefferson Dental & Orthodontics, has recently notified the Texas Attorney General about a malware incident that was detected in August 2021. JDC said it identified a security breach on or around August 9, 2021, and steps were immediately taken to secure its systems. A third-party forensic firm was engaged to investigate the breach and determine the...
Critical Infrastructure Organizations Warned About AvosLocker Ransomware Attacks
AvosLocker ransomware is being used in attacks on U.S. critical infrastructure organizations, according to a recent joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), U.S. Department of the Treasury, and the U.S. Treasury Financial Crimes Enforcement Network (FinCEN). AvosLocker is a relatively new ransomware group that first appeared in June 2021. Initially, the ransomware was used in attacks on Windows...
Feds Issue Security Alert About MFA Bypass and Vulnerability Exploitation
State-sponsored Russian hackers have bypassed multi-factor authentication and exploited the PrintNightmare vulnerability in an attack on a non-governmental organization (NGO), according to a recent security alert from the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). The attack in question occurred in May 2021. The hackers gained a foothold in the network in a brute force attack and...
Almost 500,000 Patients Affected by Mon Health Data Breach
In December 2021, Monongalia Health System (Mon Health) started notifying almost 400,000 individuals about a business email compromise attack, where threat actors compromised email accounts and used them to arrange fraudulent wire transfers. The attackers had access to email accounts from May 10, 2021, until August 15, 2021. On December 18, 2021, just a few days after the announcement about the BEC attack was made, Mon Health...
Why an 8-Character Password is No Longer Long Enough
Passwords need to be unique and complex to resist brute force attacks by cybercriminals, but how long does it take a hacker to guess a password? Even if the password is complex if it does not contain enough characters it can be guessed in seconds. Why Complex Passwords are Required When passwords are required, there are usually policies applied that require passwords to contain a minimum number of characters and meet minimum...
SEC Proposes 4-Day Cybersecurity Incident Reporting Deadline for Publicly Traded Companies
New data breach reporting rule amendments have been proposed by the U.S. Securities and Exchange Commission (SEC) that require all publicly traded companies to report a material cybersecurity incident within 4 business days of discovery that a material cybersecurity incident has occurred. A material cybersecurity incident is any cybersecurity incident that shareholders would likely consider important. There are existing state and...
Alleged REvil Hacker Extradited to U.S. to Face Charges Over Kaseya Ransomware Attack
One of the alleged affiliates of the notorious REvil/Sodinokibi ransomware-as-a-service (RaaS) operation has been extradited to the United States to face charges related to the ransomware attacks on Kaseya and other entities in the United States. The U.S. Department of Justice believes Yaroslav Vasinskyi, 22, a Ukrainian national, is a long-standing affiliate of the REvil ransomware gang who was responsible for breaching corporate...
Feds Issue Update on Conti Ransomware
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have issued an update on Conti Ransomware as attacks on U.S. businesses pass the 1,000 mark. The update includes information gathered from the recent leak of internal private messages between gang members by a Ukrainian researcher, who also released the source code for the ransomware and...
Microsoft Issues Patches for 71 Vulnerabilities Including 3 Critical Bugs and 3 Zero-days
Microsoft has provided patches to fix 71 vulnerabilities on March 2022 Patch Tuesday, including 3 critical bugs, 68 important issues, and three flaws that have been publicly disclosed before a patch was released. None of the vulnerabilities are believed to have been exploited in the wild at the time the patches were released. The critical flaws affect HEVC Video Extensions – CVE-2022-22006 (CVSS 7.8), VP9 Video Extensions (CVSS 7.8),...
FBI Issues Security Alert About Ongoing RagnarLocker Ransomware Attacks
The Federal Bureau of Investigation (FBI), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), has issued a TLP: White flash alert warning organizations in critical infrastructure sectors about RagnarLocker ransomware attacks. Ragnar Locker ransomware started to be used in attacks in December 2019, with the FBI first learning of the ransomware in April 2020. The FBI says RagnarLocker ransomware actors work...
Survey Highlights Struggles Companies Have with User-Friendly Access Management
The password manager provider LastPass has recently published the findings of an IDC Global Survey on Identity and Access Management that has revealed many businesses are struggling to strike a balance between security and the user experience. Passwordless authentication is gaining traction, but passwords remain the primary way of preventing unauthorized account access. Password guidelines require passwords to be set that are of...
Think Password Strength Rather Than Password Length
Some people believe that password strength is dependent on password length, and the longer a password is, the harder it is for bad actors to guess or crack using brute force algorithms. While this may be true for complex, machine-generated passwords, it is not true in all cases. Indeed, some longer passwords can be easier to crack than passwords half their length. Although password length is a contributory factor to password strength,...
Recommended Password Manager Capabilities for SOC 2 Audits
An SOC 2 certification is a valuable attestation for businesses such as cloud service providers, software providers, web marketing companies, and financial services organizations, as it certifies the business has acceptable controls in place to address risks associated with the use of their systems and/or services. In order to achieve SOC 2 certification, businesses have to pass an SOC 2 audit conducted by an accredited representative...
A Brief Guide to Two Step Login
Two step login is a security process used by many websites and apps to prevent unauthorized access to online accounts containing sensitive data. Also known as Two Factor Authentication (2FA), Multi Factor Authentication (MFA), or Two Step Verification (2SV), the security process requires you to enter something you know (usually a username and password), and an additional verification code sent to – or generated by – a secondary...
Poor Cybersecurity Practices Put Organizations’ Security at Risk
A recent survey commissioned by Mobile Mentor has revealed poor cybersecurity practices are commonplace working in highly regulated industries and those bad practices are a major threat to security. The survey was conducted by the Center for Generational Kinetics on 1,000 employees in the United States and 500 in Australia, all of whom worked in healthcare, education, finance, or the government. The study examined the endpoint...
Lapsus Ransomware Gang Continues with High Profile Attacks
The Lapsus ransomware gang only is a new threat group that first appeared in December 2021 but has already started building a name for itself with several high-profile attacks already conducted, the latest being the ransomware attack on GPU giant NVIDIA. Sensitive Employee Data and Source Code Stolen from NVIDIA NVIDIA said it detected the attack on February 23, 2021, and announced on February 25 that it was investigating a security...
HHS’ Office for Civil Rights Director Urges HIPAA-Regulated Entities to Improve Cybersecurity
In the United States, healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities are required to comply with the standards of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. The HIPAA Security Rule calls for HIPAA-regulated entities to implement safeguards to ensure the confidentiality, integrity, and availability of...
A Guide to the Bitwarden Client Apps
Bitwarden is the highest rated password manager on this website, and one of the reasons for its high rating is the comprehensive range of Bitwarden client apps. This article provides further information on the Bitwarden client application range. Bitwarden is a web-based password manager you can use to generate, save, and manage passwords safely and securely. This means that, unless you self-host Bitwarden (which is an option under...
How to Share Passwords Securely
Despite some sources suggesting that password sharing is a bad thing, families, friends, and work colleagues can share passwords securely. How else might your partner get access to a shared Netflix account, an elderly neighbor navigate a complex online transaction, or your marketing team get into corporate social media accounts? The problem is not so much that password sharing is a bad thing, it is how they are shared that´s the...
Phishing Campaign Capitalizes on Ukrainian Crisis
A new phishing campaign has been detected that piggybacks on the current crisis in Ukraine to trick people into divulging their credentials. Emails are being sent warning about suspicious account access from Russia to scare people into clicking the link and logging into their account to change the password. The campaign targets Microsoft customers and attempts to steal Microsoft 365 credentials. The campaign was discovered by security...
Source Code and Internal Conti Ransomware Communications Leaked Online
An unknown individual, believed to be a member of the Conti ransomware gang, has leaked sensitive internal Conti ransomware communications and the source code of its encryptor, decryptor, builder, BazarBackdoor APIs, and TrickBot C&C infrastructure. This week has seen the Conti ransomware gang suffer a series of damaging data leaks. First came the publication of internal communications between gang members that had been stolen...
Warnings Issued About Hermetic Wiper with Worm-like Capabilities
A destructive new malware dubbed Hermetic Wiper is being used in cyberattacks in Ukraine and there are fears that there could be spill over into other countries akin to the NotPetya wiper malware attacks in 2017. According to a recent report by cybersecurity firm ESET, Hermetic Wiper has been used in several attacks in Ukraine starting on February 24, 2022. The malware masquerades as ransomware and victims are told that their files...
TrickBot Trojan Retired as Developers Switch to Stealthier Malware
The TrickBot Trojan has been a major malware threat for the past 6 years but appears to have now been retired. The main developers of the TrickBot Trojan are believed to have joined the Conti ransomware gang to work on stealthier malware such as the BazarBackdoor and Anchor malware families. The TrickBot Trojan is a modular malware that first emerged in 2016. The malware was initially a banking Trojan but has had several capabilities...
Association with Crypto Sees Customers Looking For 1Password Alternative
The 1Password password manager is one of the most popular password managers; however, a recent update that added new features to the platform has attracted criticism online, with 1password users taking to Twitter to voice their displeasure about the platform and several have stated their intention to switch to a 1Password alternative. Updates to software solutions that provide users with new features are usually a good thing, but it...
U.S. Organizations Warned About Elevated Risk of Cyberattacks as New Wiper Malware Used in Attacks in Ukraine
Cyberattacks in Ukraine have recommenced following the Russian invasion of Ukrainian territory. Ukrainian government agencies have also been hit with DDoS attacks that took their websites offline, in what appears to be an attempt to destabilize the country, and a new wiper malware has been identified that has been used on hundreds of targets in the country. In contrast to ransomware, wiper malware’s sole purpose is the destruction of...
83% of Businesses Experienced a Successful Phishing Attack in 2021
Phishing is the most common method used to attack businesses. Phishing attacks are performed to steal credentials, obtain sensitive data, install malware, or gain a foothold in a network for a more extensive compromise. Phishing attacks target individuals and exploit human rather than technical weaknesses, and use social engineering to trick people into taking an action that allows the attacker to achieve their aims. The UK...
CISA Warns Critical Infrastructure Entities About the Risk of Foreign Influence Operations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to critical infrastructure organizations about the threat of foreign influence operations. Malicious actors use a range of tactics to shape public opinion in targeted countries and undermine trust in critical infrastructure. These tactics can amplify division and sow discord, and typically involve the distribution of misinformation, disinformation,...
Free Cybersecurity Tools to Adopt to Improve Your Security Capabilities
Cybersecurity budgets are usually limited, so it is not possible to purchase multiple best-in-class cybersecurity solutions, but the good news is there are many free cybersecurity tools that can be adopted to improve security capabilities at zero cost. There is no silver bullet when it comes to cybersecurity. Several cybersecurity solutions must be used to protect against intrusions and detect and block attacks in progress, which can...
NSA Issues Best Practices for Choosing Cisco Password Types
The U.S. National Security Agency (NSA) has recently issued guidance on the use of passwords to secure Cisco devices. Cisco devices are extensively used to secure network infrastructure devices and Cisco devices are often targeted by cyber threat actors. There have been cases where cyber threat actors have gained access to the configuration files and have used the information in those files to compromise network devices. Configuration...
TitanHQ Acquires Cyber Risk Aware to Add Security Awareness Training to its Cybersecurity Portfolio
The Irish cybersecurity firm TitanHQ, a leading SaaS business offering a portfolio of cloud-based cybersecurity solutions with a focus on email, has announced the acquisition of the Dublin-based security awareness firm Cyber Risk Aware. Cyber Risk Aware was formed in 2016 and provides the only behavior-driven security awareness platform that provides real-time training to help counter the threat from phishing and other cybersecurity...
2021 Was a Record-breaking Year for Vulnerability Disclosures
Risk Based Security has released its 2021 vulnerability report which shows 2021 was a record-breaking year for vulnerability disclosures. 28,695 flaws were disclosed in 2021, which is a 23.3% increase from the 23,269 vulnerabilities disclosed in 2020. The exploitation of unpatched vulnerabilities is a common way for cybercriminals to gain access to business networks, especially ransomware actors, so it is vital for businesses to patch...
46% of Emails in 2021 Were Spam
The Russian cybersecurity firm Kaspersky has released its 2021 Spam and Phishing Report which identifies the key annual trends in spamming and phishing. The report shows 45.56% of global email volume consisted of spam emails, with Russia the biggest culprit, with 24.77% of spam emails coming from Russian IP addresses and German IP addresses used to send 14.12% of the year’s spam emails. Legitimate organizations such as banks and...
Inmediata and CaptureRx Agree to Settle Class Action Data Breach Lawsuits
It is common for victims of healthcare data breaches to take legal action against healthcare organizations that have experienced cyberattacks and data theft incidents. In order for lawsuits to have standing, the plaintiffs must usually demonstrate they have suffered actual harm as a result of the breach. Recently, a federal judge recommended a lawsuit against Practicefirst Medical Management Solutions, which experienced a ransomware...
Bipartisan Bill Proposes Creation of Commission to Investigate U.S. Health Data Privacy Laws
Bipartisan legislation has been introduced in the U.S. to create a commission to analyze federal and state health data privacy laws and make recommendations for closing regulatory privacy gaps. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) sets minimum standards for privacy and security of healthcare data, including placing restrictions on uses and disclosures of personally identifiable...
These Critical Vulnerabilities in SAP Business Applications Require Immediate Patching
SAP has released patches to fix a set of critical vulnerabilities in the SAP Internet Communication Manager (ICM), which is used by SAP business applications such as SAP NetWeaver, S/4HANA, and SAP Web Dispatcher. One of the vulnerabilities has been given the highest possible CVSS severity score of 10. The vulnerabilities were identified by security researchers at Onapsis Research Labs, who reported them to SAP. The researchers have...
51 Patches Released by Microsoft on February 2022 Patch Tuesday
Microsoft has released 51 patches on February 2022 Patch Tuesday to fix vulnerabilities, including one zero-day bug. There are considerably fewer patches than in recent months when over 100 patches a month has been the norm; that said, Microsoft did release around 20 patches to fix vulnerabilities in the Chromium-based Microsoft Edge browser earlier this month. None of this month’s patches are critical issues – All have been rated...
Next-Gen Phishing Kits Used to Bypass Multifactor Authentication
Proofpoint has revealed cyber threat actors are now using a new class of phishing kit that is allowing them to bypass multi-factor authentication (MFA). Multi-factor authentication is strongly recommended on accounts to improve security. Multifactor authentication requires an additional form of identification to be provided in addition to a password. In the event of a password being obtained by an unauthorized individual, access to...
Safer Internet Day 2022: Improve Well-Being Online and Privacy and Security
Every year, a day is dedicated to making the Internet a safer place for children and young people; however, this year, rather than having a single day of activities, resources are being made available and events have been scheduled for every day of the week, with Tuesday, February 8, 2022, set as Safer Internet Day 2022. Safer Internet Day 2022 Each year has a different theme, and this year the event is focused is Improving Well-Being...
LastPass versus Dashlane
Our comparison of LastPass versus Dashlane suggests it can be worth paying a little extra for more security. However, when you compare LastPass and Dashlane to the rest of the password manager market, you see how overpriced these password managers are for the protection they provide. Password managers generally have two purposes. The first is to empower users to be more security-conscious when performing online transactions. The...
LastPass versus 1Password
Ever since LastPass announced it was limiting it free password manager service in February 2021, there has been a plethora of LastPass versus 1Password comparison articles aiming to attract dissatisfied customers from one password manager to the other. However, readers would be advised to think carefully before exporting their passwords out of LastPass and into 1Password, because there are better options. Ironically, the plethora of...
Bitwarden versus LogMeOnce
No comparison of Bitwarden versus LogMeOnce is going to be an apples-for-apples evaluation; for although both password managers operate under a “zero-knowledge” vault-based model for managing login credentials, payment details, and other data, there are significant differences between Bitwarden and LogMeOnce that may influence a user´s choice of one over another. Selecting a password manager often happens in several stages. A user (or...
Hacker Steals $326 Million from the Wormhole Cryptocurrency Platform
A hacker has exploited a zero-day vulnerability in the Wormhole cryptocurrency platform and stole approximately $326 million in cryptocurrency. After exploiting the vulnerability, the hacker minted and stole 120,000 wrapped Ether tokens on the Solana blockchain, then converted 80,000 to Ethereum, then started to trade what remained on the Solana blockchain. The Wormhole platform is used to transfer cryptocurrency across different...
California Attorney General Shares Tips for Avoiding Identity Theft
California Attorney General Rob Bonta has provided Californians with tips for avoiding identity theft and fraud in recognition of Identity Theft Awareness Week 2022. Identity theft is where someone steals an individual’s personal data and uses the information to impersonate that individual in order to commit fraud, such as opening lines of credit in the victim’s name. As more people now rely on online services for work and personal...
Cisco Releases Patches to Fix Multiple Critical Vulnerabilities in its Small Business Routers
Cisco has released patches to fix 15 vulnerabilities in its Small Business V160, RV260, RV340, and RV345 Series Routers, several of which are critical flaws and three have the maximum CVSS severity score of 10/10. The vulnerabilities could be exploited to execute arbitrary code with root privileges, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, and...
Zoho Vault Review
The Zoho Vault password manager is one of multiple productivity, collaboration, and online security products developed by the Zoho Corporation; but, whereas the provision of integrated solutions can sometimes mean quality is sacrificed for the sake the integration, our Zoho Vault review reveals that this password manager ticks most of the right boxes as a standalone product. Although most password managers have some degree of...
NordPass Review
Our NordPass review finds that the NordPass password manager is more than just an add-on for customers of NordVPN. NordPass can be used independently of the Virtual Private Network software to save and autofill login credentials, payment details, and addresses, which customers can access from a cloud-based web vault or numerous mobile and desktop apps. The NordPass is a relatively new password manager, having been launched in 2019...
SEO Poisoning to Distribute Malware Disguised as Legitimate Software Installers
Mandiant has identified a campaign that uses fake software installers for free productivity apps such as Zoom, Team Viewer, and Visual Studio to distribute Batloader, Ursnif, and Atera Agent malware. The campaign uses search engine optimization (SEO) poisoning to get web pages listed high in the search engine listings for certain search terms to drive traffic to the pages offering the software downloads. The researchers report that...
Banking Trojan Masquerades as Android Password Security App
A password security app that is available through the Google Play Store that has been downloaded more than 10,000 times is actually a malware dropper that delivers a banking Trojan. The malicious app – 2FA Authenticator – was identified by security researchers at Pradeo and was discovered to deliver a banking Trojan called Vultur that targets financial services and steals banking information and other sensitive data. 2FA...
8 Vulnerabilities Added to CISA’s Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added a further 8 actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. These 8 vulnerabilities are known to have been exploited by threat actors in real-world attacks, and as such these vulnerabilities pose a significant risk to organizations. The vulnerabilities are a mix of old and new, with the earliest vulnerabilities dating back to 2014...
January 28, 2022 is Data Privacy Day – A Day to Take Steps to Improve the Privacy of Personal Data
Today is Data Privacy Day – An annual day with a focus on raising awareness of best practices for keeping personal data private and confidential along with the techniques and tools that can be adopted by all individuals to better protect them against data theft, identity theft, and other types of fraud. Data Privacy Day – January 28 – started as Data Protection Day in 2006 and was initiated by the Council of Europe. Two years later,...
Utilities Urged to Improve Password Security
Ransomware gangs often work with Initial Access Brokers (IABs) who provide access to organizations’ networks. IABs specialize in breaching organizations’ defenses, then sell access to ransomware gangs, who are highly specialized in the next phase of the attack. To gain an initial foothold in networks, IABs use a variety of tactics including exploiting known vulnerabilities that have not been patched, conducting brute force attacks on...
QNAP: Immediate Action Required to Prevent Deadbolt Ransomware Attacks on NAS Devices
QNAP, a Taiwanese manufacturer of network-attached storage (NAS) devices, has issued a warning to all customers to ensure they are running the latest software and to reconfigure their systems to improve resilience to ransomware attacks. A campaign has been identified involving a new ransomware variant called Deadbolt, which is being used in attacks on QNAP NAS devices that are exposed to the Internet. The campaign has only recently...
ITRC Says Record-breaking Numbers of Data Compromises Were Reported in 2021
New data from the Identity Theft Resource Center (ITRC) shows record numbers of data breaches were reported in 2021, beating the previous record of 1,506 data breaches set in 2017 by 23%. 1,862 data compromises were reported in 2021, which is a 68% increase from 2020. There was also a slight increase in the number of reported breaches involving sensitive information such as Social Security numbers, which jumped from 80% in 2020 to 83%...
F5 Releases Patches to Fix 25 Vulnerabilities in its BIG-IP, BIG-IQ, and NGINX Solutions
F5, the multi-cloud management and application delivery and security solution provider has released 25 patches to address vulnerabilities in its BIG-IP, BIG-IQ, and NGINX Controller API Management solutions in its January 2022 quarterly security notification. 15 of the vulnerabilities are high-severity issues, with 9 medium-severity flaws, and one low-severity issue. The vulnerabilities could be exploited by an attacker in a...
Analysis of Brute Force Attacks Confirms Importance of Long Passwords and Complexity
A researcher at Microsoft has recently conducted an analysis of more than 25 million brute force attack attempts that were identified across Microsoft’s sensor network and found that most passwords were sufficiently complex to resist brute force attacks. According to the analysis, more than three-fourths of the brute force attacks (77%) attempted passwords of between 1 and 7 characters, and only 6% of the attack attempts used...
FBI Shares IoCs Associated with Diavol Ransomware Attacks
The Federal Bureau of Investigation (FBI) has issued a TLP:WHITE Flash Alert sharing indicators of compromise (IoCs) associated Diavol ransomware attacks and recommended mitigations. Diavol ransomware is believed to be used by the operators of the TrickBot banking Trojan and botnet, who are also believed to operate Conti and Ryuk ransomware. The new ransomware family was first detected in July 2021 and came to the attention of the FBI...
Prepare for Wiper Malware Attacks, Warns CISA
A warning has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) to organizations in the United States to take steps to strengthen their defenses against wiper malware attacks following the recent cyberattacks in Ukraine. The attacks in Ukraine involved a new wiper malware – dubbed Whispergate by Microsoft – that was used in attacks on multiple government, non-profit, and information technology...
Password Boss Review
Although Password Boss is allegedly “built for MSPs by an MSP”, our Password Boss review looks at the password manager from the perspective of individuals, family groups, and direct business users (rather than customers of Managed Service Providers) in order to determine how this option compares to other password managers competing in the public space. When we compile password manager reviews, we sometimes have to think outside the...
Almost 6 Billion Credentials Were Leaked Online in 2021
A new report from Atlas VPN has revealed nearly 6 billion accounts were affected by data leaks and data breaches in 2021, which made 2021 a record-breaking year for credential theft. Atlas VPN obtained information on data breaches from multiple sources and includes reported data breaches between January 1st, 2021, and December 31st, 2021. In total, more than 5.9 million unique sets of credentials were stolen or leaked online in 2021....
Accellion Proposes $8.1 Million Settlement to Resolve Class Action Data Breach Lawsuit
Accellion has proposed an $8.1 million settlement to resolve a class action data breach lawsuit related to the December 2020 cyberattack on its legacy File Transfer Appliance. In December 2020, two Advanced Persistent Threat groups linked to FIN11 and the CLOP ransomware gang exploited vulnerabilities in the Accellion File Transfer Appliance (FTA) and exfiltrated a large about of customer data. Customers included law firms, insurance...
DHL Was the Most Imitated Brand in Phishing Campaigns in Q4, 2021
A recent report from the cybersecurity firm Check Point has revealed DHL was the most impersonated brand in phishing attacks in Q4, 2021, overtaking Microsoft. Check Point’s data show 23% of phishing emails impersonating brands in Q4, 2021 spoofed DHL, up 9% from the previous quarter. Microsoft is usually the brand most impersonated by cybercriminals due to the huge number of customers. In Q4, 20% of all brand impersonation...
Padloc Review
The inclusion of a Padloc review in our password manager review series is attributable to the growing number of open source password managers on the market and the desire to make our review series representative of the market. Furthermore, although it has some shortcomings, the Padloc password manager is not a bad alternative to some better known commercial solutions. Open source password managers can have a mixed reputation. Despite...
New Wiper Malware Was Used in Recent Cyberattacks in Ukraine
Last week, Ukraine experienced a massive cyberattack that affected around 70 government websites, including those of the Ministry of Foreign Affairs and the education ministry. A post on one of the attacked websites read, “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The attack was mitigated quickly, with Ukraine now reporting that most of the affected...
14 REvil Ransomware Gang Members Arrested by Russian Government
The Federal Security Service (FSB) of the Russian Federation has announced 14 individuals suspected of being part of the notorious REvil ransomware operation have been arrested in coordinated raids on 25 properties in the Leningrad, Lipetsk, Moscow, and St. Petersburg regions of Russia. The FSB said the arrests were made after information was passed to the FSB from U.S. authorities about the leader of the REvil operation, along with a...
New York Attorney General Issues Business Guide for Credential Stuffing Attacks
The Bureau of Internet and Technology at the Office of the New York State Attorney General (OAG) has issued a Business Guide for Credential Stuffing Attacks to raise awareness of the threat and offer advice on steps that can be taken to prevent and mitigate attacks. Credential stuffing is a type of brute force attack where credentials stolen in previous data breaches are used to gain access to other online accounts. Bots are used to...
Purple Fox Malware Being Delivered Disguised as a Telegram Installer
Threat actors often add malware to software installers, so it is no surprise that researchers at Minerva Labs have discovered installers for legitimate software being used to deliver the Purple Fox rootkit, but what makes this campaign different is the techniques used allow the threat actors to evade most AV engines. Most of the attack is kept under the radar and it has low detection rates by AV engines. The Purple Fox rootkit was...
Developer Changes Open Source Libraries Corrupting Thousands of Applications
The developer of two widely used open-source libraries has intentionally added an update to brick the many thousands of applications that depend on those libraries. The libraries in question are colors.js and faker.js – Colors has more than 22.4 million downloads a week and faker has more than 2.8 million weekly downloads on npm. The developer has added malignant commits to the libraries that result in the applications that...
How Do Hackers Steal Passwords?
You often hear about cyberattacks that utilized stolen credentials to gain access to business networks, but how do hackers steal passwords? In this article, we explain the most common methods used by hackers to steal passwords and provide some tips that will help you keep your passwords safe. Hackers ask what your password is The easiest way to obtain a password is to ask someone what it is. They are unlikely to tell you, but it is...
Google Announces the Acquisition of the Israeli Cybersecurity Company Siemplify
Google has confirmed the acquisition of the Israeli cybersecurity firm Siemplify as it continues its push into the cloud-based and enterprise cybersecurity market. Siemplify was founded in Tel Aviv in 2015 by Amos Stern, Alon Cohen, and Garry Fatakhov and specializes in SOAR (security orchestration, automation, and response) technology that automates the security operations lifecycle. Siemplify has raised $58 million in investment...
1.3 Million Record Data Breach Reported By Florida’s Broward Health
A major data breach was reported by Florida’s Broward Health on January 1, 2022, that involved the personal and protected health information of more than 1.3 individuals. Hackers gained access to its network on October 15, 2021, through the office of a third-party healthcare provider that had been granted access to Broward Health’s network to provide medical services. The cyberattack was detected four days later on October 19, 2021,...
LogMeOnce Review
The LogMeOnce password manager claims to provide “password security with convenience”; however, as our LogMeOnce review demonstrates, there can be circumstances in which this password manager is neither convenient nor secure. One of the problems of developing a password manager is working out who your target audience is. At one end of the scale, there are password management “newbies” who understand the need for strong passwords and a...
Patch Released to Fix Year 2022 Bug in Microsoft Exchange
Microsoft has issued an update to fix a year 2022 bug in MS Exchange that has been causing on-premises Exchange servers to stop delivering emails. The bug is present in on-premises Exchange Server 2016 and Exchange Server 2019 and causes emails to be stuck in transport queues. At midnight on New Year’s Eve, on-premises Exchange servers stopped delivering emails, which remained in a queue to be delivered. Exchange Server logs displayed...
Major Healthcare Data Breaches Reported in December 2021
2021 has been a particularly bad year for healthcare data breaches and the attacks did not let up in December. 4 major healthcare data breaches have been reported this month that collectively resulted in the exposure of the personal and protected health information of more than 2 million Americans So far in 2021, 686 healthcare data breaches of 500 or more records have been reported to the HHS’ Office for Civil Rights, and almost 45...
Redline Malware Used to Steal Passwords from Browsers and Corporate VPNs
Redline malware is now the most commonly used information stealer and is being used in attacks on businesses and consumers. Redline malware first appeared in early 2020 and the number of victims has been steadily growing, and on some cybercrime forums, around half of all stolen credentials listed for sale have come from Redline malware infections. Redline malware is a commodity malware that is being sold on cybercrime forums for...
LastPass Denies Data Breach After Users Claim Their Master Passwords Were Used to Access Their Vaults
Several LastPass users have claimed their master passwords have been used by unauthorized individuals to access their password vaults, including individuals who claim never to have shared their master password with any other platform, which led to claims there had been LastPass data breach. The first attacks on users’ password vaults appear to have started on Monday, December 27, 2021. A password manager allows users to easily create...
New RCE Vulnerability Patched in Log4j Version 2.17.1
Another remote code execution vulnerability has been identified in the Log4j Java-based logging utility, this time in version 2.17.0. Several vulnerabilities in Log4j have been identified over the past month, the first of which was the Log4Shell vulnerability – CVE-2021-44228 – that was fixed in version 2.15.0. The vulnerability was rapidly exploited by threat actors, with the first attacks exploiting the vulnerability occurring...
Log4J Vulnerability Scanning Tool Released by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a scanner that can be used to identify web services affected by the two recently disclosed Apache Log4J remote code execution vulnerabilities CVE-2021-44228 (Log4Shell) and CVE-2021-45046, which have been fixed, along with a further DoS vulnerability (CVE-2021-45105) in version 2.17. The scanner – available on GitHub here – was assembled with...
3 Million Websites Vulnerable to Critical Vulnerability in All in One SEO WordPress Plugin
Two vulnerabilities have been identified in the All in One SEO plugin for WordPress, that could be chained and exploited allowing a full site takeover. The search engine optimization plugin has been installed on more than 3 million websites, many of which are still vulnerable. The two vulnerabilities can be chained in an attack by any user with an account on a vulnerable site, even if the account only has low-level privileges such as...
Microsoft Urges Customers to Patch These 2 Active Directory Vulnerabilities
On November 2021 Patch Tuesday Microsoft released patches to fix two vulnerabilities in Active Directory that can be exploited to gain administrative AD privileges if chained together. Microsoft explained that combining the vulnerabilities creates a straightforward path to a Domain Admin user in an Active Directory environment, first by compromising a regular user in the domain and then elevating privileges to admin. Proof-of-concept...
Log4j Version 2.17.0 released to Address High Severity DoS Bug
The patch (version 2.15.0) to fix the critical Log4Shell vulnerability in the Log4j Java-based logging utility (CVE-2021-44228) did not fully correct the vulnerability and certain non-default configurations of Log4j were still vulnerable. The issue was assigned a different CVE – CVE-2021-45046 – and was corrected in version 2.16.0. The CVE-2021-45046 vulnerability could be exploited and used to craft malicious input data using a...