Microsoft Research Develops Undetectable Malware Scanner for Virtual Machines
Jul09

Microsoft Research Develops Undetectable Malware Scanner for Virtual Machines

Many businesses have replaced traditional desktops with virtual machines located in the cloud. Each virtual machine is an exact replica of a standard desktop complete with an operating system that is located on a cloud service provider’s server. One cloud server can house many virtual machines that run simultaneously. While antivirus software can be used on virtual machines, the signature-based detection is only good at identifying...

Read More
More Than 15 Billion Credentials are up for Sale on Hacking Forums
Jul08

More Than 15 Billion Credentials are up for Sale on Hacking Forums

New research conducted by Digital Shadows has provided insight into the scale of credential theft and the extent to which stolen credentials are being sold on hacking forums and darknet marketplaces. A wide range of credentials are up for sale including social media accounts, streaming services, Office 365 accounts, and bank accounts. According to the Digital Shadows analysis, there are currently more than 15 billion username and...

Read More
ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic
Jun30

ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic

Cybersecurity firm ESET has analyzed its telemetry data and found there has been a major increase in brute force attacks on remote desktop services during the COVID-19 pandemic. There was a steady increase in attacks between December 1, 2019 and May 1, 2020, rising from around 30,000 brute force attacks a day in early December to around 60,000 daily attacks by the end of the month. Then followed a slight decline, before a sharp rise...

Read More
REvil Ransomware Gang Observed Scanning Compromised Networks for PoS Software
Jun24

REvil Ransomware Gang Observed Scanning Compromised Networks for PoS Software

The REvil gang behind Sodinokibi ransomware are using a new tactic in their attacks. The gang is already known for compromising systems and stealing data before the ransomware payload is deployed. The gang had previously threatened to publish data stolen in their attacks if the ransom was not paid and followed through with that threat for the first time in January 2020. After gaining access to a system, the attackers move laterally...

Read More
Massive Global Surveillance Campaign Used Rogue Chrome Extensions to Steal Data
Jun22

Massive Global Surveillance Campaign Used Rogue Chrome Extensions to Steal Data

Researchers at Awake Security have uncovered a massive global surveillance campaign that used malicious Google Chrome extensions to steal sensitive data. The extensions had been downloaded millions of times before Google removed them from the Chrome Web Store. These Trojan browser extensions were used to steal corporate data and gain a persistent foothold in corporate networks. Awake Security researchers identified 111 malicious...

Read More
Exposed Elasticsearch Instances are Found by Hackers in a Matter of Hours
Jun12

Exposed Elasticsearch Instances are Found by Hackers in a Matter of Hours

How long does it take hackers to find exposed Elasticsearch servers and exposed S3 Buckets? Just a few hours according to Comparitech. Comparitech researchers are no strangers to exposed cloud data. They commonly find unprotected databases and report the lack of protections to the data owners. In many cases, exposed Elasticsearch servers are secured quickly, although it is often not clear for how long data has been exposed. The...

Read More
June 23, 2020: MVP GrowthFest: Join Magic Johnson and Channel All-Stars at this Must Attend Virtual MSP Event
Jun11

June 23, 2020: MVP GrowthFest: Join Magic Johnson and Channel All-Stars at this Must Attend Virtual MSP Event

  Businesses in all industry sectors have faced difficult challenges during the COVID-19 pandemic and have had to make considerable changes in order to survive. Managed Service Providers (MSPs) have similarly had to adjust their business practices in response to the pandemic, and while some have struggled there have been several success stories. Overall, the Channel has demonstrated considerable strength and resilience and some...

Read More
Zoom Patches Two Serious RCE Flaws and States E2E Encryption Will Not Be Available to Free Users
Jun04

Zoom Patches Two Serious RCE Flaws and States E2E Encryption Will Not Be Available to Free Users

Two high severity vulnerabilities in the Zoom videoconferencing platform have been identified by researchers at the Cisco Talos threat intelligence team that could allow a remote attacker to send files to the system of a Zoom meeting participant, which could potentially allow remote execution of arbitrary code on the target’s system. The flaws were reported to Zoom and have now been patched in version 4.6.12 of the Zoom video...

Read More
What is the Legal Recommended Email Archiving Retention Period?
May29

What is the Legal Recommended Email Archiving Retention Period?

Virtually all businesses, non-profits, and educational institutions are required to retain email data, but what is the legal recommended email archiving retention period? In this post we will explain how long you should be arching your emails and how this differs based on email content. Why Do I Need to Retain Copies of Emails? Emails can contain important data that may be relevant for litigation. As with other forms of electronic...

Read More
StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps
May28

StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps

The Norwegian security researchers who identified the StrandHogg vulnerability in the Android platform have identified another vulnerability that is even more dangerous that the original. The vulnerability – tracked as CVE-2020-0096 – is a critical flaw that allows hackers to masquerade as virtually any legitimate app on a targeted device. The vulnerability is present on all versions of Android apart from the latest...

Read More
67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks
May22

67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks

The Verizon 2020 Data Breach Investigations Report shows financial gain is the biggest motivator for cyberattacks, accounting for 86% of the 32,002 security incidents analyzed for this year’s report, up from 71% in 2019. 55% of the financially motivated attacks were conducted by cybercriminal organizations. The majority of data breaches involve the theft of credentials, which has meant malware is being used much less than in previous...

Read More
Webinar: Double Up on Protection for Your Remote Workers
May21

Webinar: Double Up on Protection for Your Remote Workers

TitanHQ is hosting a webinar on Thursday May 21, 2020 to explain how you can better protect your remote workers from phishing attacks and block malware and ransomware downloads during the COVID-19 public health emergency and beyond. Many businesses have been forced to rapidly transition from an office-based workforce to a largely at-home workforce due to COVID-19, and by doing so have greatly increased cybersecurity risks. Remote...

Read More
REvil Gang Releases 2GB of Celebrity Data and Increases Ransom Demand to $2 Million
May18

REvil Gang Releases 2GB of Celebrity Data and Increases Ransom Demand to $2 Million

Last week, a celebrity New York law firm – Grubman Shire Meiselas and Sacks – whose client list includes Lady Gaga, Madonna, Bruce Springsteen, U2, and Mariah Carey confirmed it has been the victim of a cyberattack. The group behind the attack has now been confirmed as REvil, a prolific threat group that has conducted many attacks on high profile targets, including the foreign exchange company Travelex. As is typical for...

Read More
Ramsay Malware Designed to Steal Data from Air-Gapped Networks
May15

Ramsay Malware Designed to Steal Data from Air-Gapped Networks

A new malware toolkit has been discovered that appears to have been developed to steal sensitive data from air-gapped networks. Researchers at ESET have named the malware Ramsay and report it has a range of advanced features that allow it to keep under the radar and steal highly sensitive data from victims. One of the most effective ways of protecting sensitive data is to ensure that it is not saved on any device accessible through...

Read More
13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic
May12

13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic

The transition from a largely office-based workforce to having most employees working from home has left many organizations exposed to cyberattacks. While having employees working from home does not necessarily mean a weakening of security defenses, the problem has been the speed at which the changes had to be made. The rapid change to an at-home workforce as a result of the Covid-19 pandemic has meant organizations have not had...

Read More
Cognizant Ransomware Attack Expected to Cost Between $50 and $70 Million
May11

Cognizant Ransomware Attack Expected to Cost Between $50 and $70 Million

The ransomware attack on the IT services company Cognizant is expected to cost between $50 million and $70 million, according to a recent financial report filed by the company last week. The firm was attacked with ransomware on April 17, 2020. Upon discovery of the attack, systems were rapidly taken offline to limit the extent of the attack. Had it not been for the immediate response, the outcome could have been far worse. The group...

Read More
Europe’s Largest Private Hospital Operator Hit with Snake Ransomware Attack
May08

Europe’s Largest Private Hospital Operator Hit with Snake Ransomware Attack

A large-scale Snake ransomware campaign is underway after a period of low-level activity. Snake ransomware was first identified by MalwareHunter Team in January 2020 and has only been used in limited attacks, but there was a major spike in attacks on May 4, when 25 attacks were reported. Snake ransomware is unusual as it targets industrial control systems (ICS), SCADA systems, and processes related to enterprise management tools. The...

Read More
InfinityBlack Hacking Group Dismantled
May07

InfinityBlack Hacking Group Dismantled

The InfinityBlack hacking group has been dismantled following an operation by law enforcement agencies in Switzerland and Poland. The InfinityBlack hacking group sold millions of stolen credentials and hacking tools on hacking forums, and also conducted its own attacks. The groups activity resulted in losses of hundreds of millions of euros. The hacking group, believed to have been formed in 2018, operated the infinity.black website...

Read More
Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom
Apr30

Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom

The U.S. pharmaceutical company ExecuPharm recently announced it suffered a ransomware attack on March 13, in which certain corporate and employee information was compromised. The attack started with phishing emails sent to its employees, with the subsequent investigation indicating the attackers may have viewed or obtained sensitive data prior to the deployment of the ransomware. The types of data that were potentially compromised...

Read More
IT Services Firm Cognizant Suffers Maze Ransomware Attack
Apr20

IT Services Firm Cognizant Suffers Maze Ransomware Attack

The IT services firm Cognizant experienced a ransomware attack over the weekend that has affected its internal systems and has caused some disruption for its clients. The Fortune 500 firm is one of the largest IT services providers in the world, with more than a quarter of a million employees and revenues in excess of $16.8 billion in 2019. Cognizant has a diverse range of clients that include several Fortune 500 firms, along with...

Read More
Zoom Announces New Measures Have Been Implemented to improve Privacy and Security
Apr17

Zoom Announces New Measures Have Been Implemented to improve Privacy and Security

Zoom has faced considerable criticism over privacy and security over the past few weeks. The company was claiming to have implemented end-to-end encryption when Zoom itself had access to users’ video calls, zero-days have been discovered for which exploits are allegedly being offered for sale, data was found to be routed through China, and hackers have stolen at least 2,300 user credentials. There have also been many reported cases of...

Read More
Travelex Paid Ransomware Gang $2.3 Million for Keys to Unlock Encrypted Files
Apr10

Travelex Paid Ransomware Gang $2.3 Million for Keys to Unlock Encrypted Files

The Sodinokibi ransomware attack on Travelex that started on New Year’s Eve and caused weeks of disruption was resolved by paying the ransom demand. The attack saw Travelex’s online currency exchange service taken offline preventing banks such as Lloyds and Barclays from offering currency exchange services. Travelex was also forced to shut down operations at its 1,500 locations around the world. Some of its systems remained offline...

Read More
More Than 82% of Public-Facing Exchange Servers Still Vulnerable to Critical Exchange Control Panel Flaw
Apr07

More Than 82% of Public-Facing Exchange Servers Still Vulnerable to Critical Exchange Control Panel Flaw

An analysis of public-facing Exchange servers by Rapid7 has revealed 82.5% are still vulnerable to a critical remote code execution vulnerability in the Exchange Control Panel (ECP) that Microsoft released a patch for on February 2020 Patch Tuesday.  While the vulnerability can only be exploited post-authorization, all an attacker would need to exploit the flaw is previously compromised email credentials. One successful phishing...

Read More
Zoom Security Concerns Mount as New Flaws Identified
Apr03

Zoom Security Concerns Mount as New Flaws Identified

The 2019 Novel Coronavirus pandemic has forced many employees into telecommuting with them maintaining contact with the office through videoconferencing apps such as Zoom. Zoom has proven to be one of the most popular choices during the COVID-19 crisis, registering a 535% increase in traffic in the past month, but the number of Zoom security concerns have been mounting. Zoom Security Concerns are Mounting Zoom security concerns have...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
New Vulnerabilities Identified in Popular Password Managers
Mar23

New Vulnerabilities Identified in Popular Password Managers

Password managers help you create complex and unique passwords for every application, service, and website but how secure are password managers? Could a password manager actually weaken security? According to a study conducted by researchers at the University of York, password managers are not totally secure. Vulnerabilities in password managers have been found that could potentially be exploited by cybercriminals to gain access to a...

Read More
Manual Ransomware Attacks Increasing in Sophistication and Pose Growing Threat to Businesses
Mar12

Manual Ransomware Attacks Increasing in Sophistication and Pose Growing Threat to Businesses

Automated ransomware attack techniques such as those utilized by the threat actors behind WannaCry and NotPetya certainly have potential to cause massive disruption, but human-operated ransomware attacks are increasing and now pose a major threat to businesses, according to Microsoft. These manual attacks provide attackers with unrestricted access to networks and allow them to cause maximum disruption, increasing the probability that...

Read More
Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws
Mar10

Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws

Microsoft released a record number of patches on March Patch Tuesday. 115 vulnerabilities have been patched across the entire product range, including 26 vulnerabilities that have been rated critical and 88 that have been rated important. None of the flaws in the March round of updates are believed to have been exploited in the wild and none have been made public prior to the patches being released. 17 of the critical flaws affect...

Read More
At Least $144.35 Million Has Been Paid by Victims of Ransomware Attacks Since 2013
Mar05

At Least $144.35 Million Has Been Paid by Victims of Ransomware Attacks Since 2013

Figures from the U.S. Federal Bureau of Investigation (FBI) show that at least $144.35 million in Bitcoin was paid by victims of ransomware attacks between January 2013 and July 2019 – Around $1.83 million a month. That only includes ransoms paid in Bitcoin and the FBI is not notified about all ransom payments, so the true figure is likely to be substantially higher. Over the past 6.5 years there have been many ransomware variants...

Read More
More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability
Mar04

More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability

A vulnerability has been identified in Wi-Fi chips manufactured by Broadcom and Cypress which are used in more than a billion devices, according to a paper recently published by ESET. Smartphones, tablets, laptops, and IoT devices are all affected, including Apple iPhones, iPads, and MacBooks; Samsung Galaxy and Google Nexus smartphones; Amazon Echo and Kindle; Raspberry Pi3; Asus and Huawei access points and routers; and many IoT...

Read More
At Least 15.1 Billion Records Were Exposed in Data Breaches in 2019
Feb14

At Least 15.1 Billion Records Were Exposed in Data Breaches in 2019

A new report from Risk Based Security has revealed 15.1 billion records were exposed in publicly reported data breaches in 2019 – A 284% increase from 2018 and a 91% increase from 2017. While the number of records exposed in data breaches was substantially higher in 2019, the number of breaches only increased by 1% from 7,035 in 2018 to 7,098 in 2019. However, it should be noted that further incidents may be added to that total...

Read More
BEC Attacks Account for More Than Half of All Losses to Cybercrime
Feb13

BEC Attacks Account for More Than Half of All Losses to Cybercrime

Business email compromise attacks are the most financially damaging form of cybercrime, according to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). In 2019, IC3 received 467,361 complaints about cybercrime and victims of those crimes reported losses of $3.5 billion. BEC attacks only accounted for 23,775 of those attacks (5.08%), yet they resulted in losses of $1.77 billion – 50.57% of all reported...

Read More
Avast and AVG Customers’ Sensitive Browsing Data Will No Longer Be Collected and Sold to Third Parties
Jan30

Avast and AVG Customers’ Sensitive Browsing Data Will No Longer Be Collected and Sold to Third Parties

There’s some good news today for users of Avast and AVG antivirus products. Personal search histories, clicks, and details of online purchases will no longer be covertly collected and sold to third parties. Avast, which owns AVG, has announced that it is shutting down its subsidiary, Jumpshot, which was doing just that. Jumpshot would likely still be fully operational were it not for a joint investigation by Motherboard and PCMag....

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
Microsoft Database of 250 Million Records Exposed Online
Jan23

Microsoft Database of 250 Million Records Exposed Online

Microsoft has announced that one of its databases has been accidentally exposed online. The database could over the internet without the need for authentication. The database was found by security researchers at Comparitech, who reported the security issue to Microsoft. Microsoft immediately secured the database and launched an investigation to determine how long the data had been exposed and whether it had been accessed by...

Read More
$1.38 Billion Settlement Reached in Equifax Data Breach Class Action Lawsuit
Jan16

$1.38 Billion Settlement Reached in Equifax Data Breach Class Action Lawsuit

A $1.38 billion settlement has been reached to resolve the Equifax data breach class action lawsuit filed on behalf of victims of the 2017 data breach that affected 147 million Americans and 15.2 million individuals in the United Kingdom. The settlement was given final approval by a court in the Northern District of Georgia on Monday, January 13, 2020. Class members will be able to claim up to $20,000 to cover out-of-pocket losses....

Read More
January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities
Jan14

January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities

January 2020 Patch Tuesday has seen Microsoft issue patches for 49 vulnerabilities including 7 rated critical, along with a fix for the Crypt32.dll vulnerability discovered and publicly disclosed by the U.S. National Security Agency. Microsoft has also issued its last round of updates for Windows 7, which reached end of life on January 14. None of the vulnerabilities in this month’s updates are being exploited in the wild and details...

Read More
NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server
Jan14

NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server

The U.S. National Security Agency has taken the unusual step of publicly disclosing a vulnerability to a software vendor. This is the first time that such a disclosure has been attributed to the NSA. The vulnerability, tracked as CVE-2020-0601, affects Windows 10 and Windows Server 2016 and 2019, and has been rated as critical by the NSA, but only important by Microsoft. When the NSA discovers vulnerabilities they are usually kept...

Read More
Erie, Colorado Loses $1 Million To BEC Scam
Jan08

Erie, Colorado Loses $1 Million To BEC Scam

The town of Erie in Colorado has been duped by a business email compromise (BEC) scam. A payment of $1.01 million intended for the construction firm contracted to build the Erie Parkway bridge was sent to a bank account controlled by the scammers. In contrast to most BEC scams that are conducted via email, this scam was performed via the town’s website. A form on the website was used to make a change to the payment method for SEMA...

Read More
Travelex Cyberattack Forces Shutdown of Online Currency Services
Jan06

Travelex Cyberattack Forces Shutdown of Online Currency Services

The world’s largest foreign exchange company, Travelex, experienced a cyberattack on New Year’s Eve which took its website out of action and affected companies such as Tesco, Barclays, and HSBC which used its FX services. Since the attack occurred, Tesco, Sainsbury’s, and other companies that use Travelex FX services have been unable to provide online currency exchanges to their customers. Travelex discovered a virus on its...

Read More
Ransomware Victim Takes Legal Action Against Attackers and ISP Hosting its Stolen Data
Jan03

Ransomware Victim Takes Legal Action Against Attackers and ISP Hosting its Stolen Data

Southwire, one of the largest manufacturers of cabling and wire in the United States, has taken legal action against the unknown individuals behind the attack and an internet service provider hosting a website where its stolen data has been published. The threat actors infiltrated Southwire’s network in December 2019, stole 120 GB of company data, and then deployed Maze ransomware on 878 computers. A ransom demand of 850 Bitcoin ($6...

Read More
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Jan02

Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group

Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...

Read More
Three Members of Goznym Banking Trojan Gang Sentenced
Dec26

Three Members of Goznym Banking Trojan Gang Sentenced

Three individuals who were part of the criminal organization responsible for the Goznym malware attacks in Europe and North America between 2015 and 2016 have been sentenced for their role in the operation, according to a recent announcement by the U.S. Department of Justice. The Goznym banking Trojan was a hybrid of the Nymaim malware dropper and Gozi banking malware and was primarily distributed via massive email spamming campaigns....

Read More
Data of 267 Million Facebook Users Exposed Online
Dec23

Data of 267 Million Facebook Users Exposed Online

A database containing the user IDs, names, and telephone numbers of 267 million Facebook users has been exposed online for a period of around two weeks as a result of a misconfigured Elasticsearch cluster.  The exposed database was discovered by Bob Diachenko and security researchers at Comparitech. It is believed to have been created by individuals based in Vietnam. Most of the individuals whose data has been exposed are based in the...

Read More
435,000 Weak RSA Keys Identified in IoT Devices
Dec18

435,000 Weak RSA Keys Identified in IoT Devices

RSA is a commonly used encryption protocol for securing communications. RSA encryption uses asymmetric cryptographic keys, one of which is public and can be shared and the other is private. In order to decrypt data, the private key is required. RSA keys are created by multiplying two random prime numbers. These prime factors should be different. No two RSA keys should share the same prime factors, but researchers at Keyfactor have...

Read More
Unsecured Web Filtering Database Exposed Private Browsing Histories and PII
Dec17

Unsecured Web Filtering Database Exposed Private Browsing Histories and PII

A database containing around 1 million web browsing records of internet users has been left unprotected online. The 890GB database contained daily logs of internet activity of customers of various internet service providers along with personally identifiable information that tied the browsing histories to specific end users. In many cases, highly sensitive internet histories were exposed, including specific videos that were viewed on...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More
Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise
Dec10

Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise

A hacker succeeds in gaining access to the computer systems of a business and ransomware is deployed, but there is a fair chance that the business will recover its files from backups and not pay the ransom. However, if backups are not available, there is a high chance that the business will have to pay since data loss is simply not an option. It is therefore no surprise that hackers are now targeting backups and Network Attached...

Read More
Ransomware Attack on IT Company Impacts more than 100 Dental Practices
Dec09

Ransomware Attack on IT Company Impacts more than 100 Dental Practices

More than 100 dental practices have had essential files encrypted as a result of a ransomware attack on an IT service provider. On November 25, 2019, the Englewood, Colorado-based IT firm Complete Technology Solutions (CTS) was attacked and its data was encrypted by Sodinokibi ransomware, aka rEvil. The firm was reportedly issued with a ransom demand of $700,000 in cryptocurrency for the keys to unlock the encrypted files. The firm...

Read More
Elaborate Man-in-the-Middle Attack Diverts $1 Million Payment to Israeli Startup
Dec05

Elaborate Man-in-the-Middle Attack Diverts $1 Million Payment to Israeli Startup

$1 million in venture capital funding intended for an Israeli startup was diverted to an attacker-controlled bank account in an elaborate wire transfer email scam. The funding was being transferred from a Chinese VC firm and the funds were intended to help the Israeli firm kick start its business. The scam was uncovered by researchers at Check Point Software who called it the “ultimate man-in-the-middle attack.” The researchers...

Read More
FBI Issues Warning Following Increase in E-Skimming Attacks
Oct28

FBI Issues Warning Following Increase in E-Skimming Attacks

The FBI has issued a warning following an increase in e-skimming attacks on small and medium sized businesses and government agencies. E-skimming is the term given to the loading of malicious code onto e-commerce websites that captures credit card information when consumers purchase products online. The code sends personal information and credit card details to an attacker-controlled domain in real-time. These attacks are performed on...

Read More
Google Rolls out DNS-over-HTTPS in Chrome 78 and Fixes 37 Vulnerabilities
Oct24

Google Rolls out DNS-over-HTTPS in Chrome 78 and Fixes 37 Vulnerabilities

Google has released Version 78 of Chrome, which includes fixes for 37 vulnerabilities in the browser and several new features, including DNS-over-HTTPS (DoH). DoH is an experimental addition to the browser to test the new technology and comes a month after Firefox added DoH to its browser. DoH has already been implemented by several DNS providers to improve privacy and security. Essentially, DoH introduces the same security benefits...

Read More
Free Decyptor for STOP Ransomware Released
Oct21

Free Decyptor for STOP Ransomware Released

Researchers at New Zealand-based cybersecurity firm Emsisoft have released a free decryptor for STOP ransomware. STOP ransomware is primarily used to attack consumers rather than businesses and is usually delivered via cracked software and adware bundles distributed on websites that offer cracks for legitimate software applications such as Photoshop. The threat actors behind the campaign are highly active. In fact, STOP ransomware is...

Read More
How Much Does Cisco Umbrella Cost?
Oct18

How Much Does Cisco Umbrella Cost?

If you are looking for a content filtering solution that will protect your business from web-based threats, Cisco Umbrella will no doubt be one of the solutions you look at, but how much does Cisco Umbrella cost? Many cybersecurity solution providers offer price lists on their websites to allow potential customers to decide whether the solution falls within their budget. The lack of pricing on the Cisco website may give you an idea...

Read More
Only 32% of Companies are Adopting a Security-First Approach to Cloud Data Storage
Oct17

Only 32% of Companies are Adopting a Security-First Approach to Cloud Data Storage

A recent survey conducted by the Poenmon Institute has revealed less than a third (32%) of companies are adopting a security-first approach to data stored in the cloud. The survey was conducted for the 2019 Thales Global Cloud Security Study on 3,000 IT and IT security professionals in 8 countries – Australia, Brazil, France, Germany, India, Japan, the UK and the US. The survey revealed 48% of corporate data is now stored in the...

Read More
U.S. Senate Passes Cybersecurity Legislation to Protect Infrastructure & Aid Recovery from Ransomware and Other Cyberattacks
Oct02

U.S. Senate Passes Cybersecurity Legislation to Protect Infrastructure & Aid Recovery from Ransomware and Other Cyberattacks

The U.S. Senate has passed a new bill – the DHS Cyber Hunt and Incident Response Teams Act – that calls for the Department of Homeland Security (DHS) to create dedicated Cyber Hunt and Incident Response Teams to help private and public sector organizations respond to and recover from cyberattacks. A similar bill (H.R. 1158) was recently passed by the House of Representatives and both will now be consolidated and will head...

Read More
Healthcare Industry Cybersecurity Matrix of Information Sharing Organizations Issued by HSCC
Sep27

Healthcare Industry Cybersecurity Matrix of Information Sharing Organizations Issued by HSCC

The U.S. Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new resource to help healthcare organizations start participating in threat intelligence sharing and stay abreast of the latest cybersecurity threats affecting the healthcare sector. Many healthcare organizations understand the importance of cybersecurity information sharing but have yet to make a start. Getting started can be somewhat daunting,...

Read More
58% of CISOs Believe Surviving a Data Breach Will Make Them More Attractive to Future Employers
Sep24

58% of CISOs Believe Surviving a Data Breach Will Make Them More Attractive to Future Employers

Data breaches are best avoided by Chief Information Security Officers (CISOs) through the implementation of a strong cybersecurity framework, but should disaster strike it could actually be good for a CISO’s job prospects, provided of course that the breach is successfully remediated. Otherwise, the reverse is likely to be the case. That is the view of a majority of CISOs who took part in a recent Optiv Security survey for the...

Read More
Flaws in GPS Trackers Can be Exploited to Reveal the Location of Children
Sep06

Flaws in GPS Trackers Can be Exploited to Reveal the Location of Children

Many parents are using GPS trackers to monitor the location of their children, but a recent study conducted by researchers at Avast Threat Labs has shown that far from improving safety, parents could be putting their children at risk. GPS trackers allow parents to see where their children are at all times, but they also allow others to locate their children due to the number of bugs in the devices and associated apps. The study was...

Read More
Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019
Sep02

Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019

The first 6 months of 2019 have seen significant increases in business email compromise (BEC) attacks, ransomware attacks, and other forms of cyber extortion, according to a mid-year cybersecurity roundup from Trend Micro. The report, titled Evasive Threats, Pervasive Effects, provides insights into the current threat landscape and the main threats currently faced by businesses. Ransomware attacks have increased significantly, but the...

Read More
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
Aug28

Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks

A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...

Read More
Even When Warned, Many Users Do Not Change Breached Passwords
Aug23

Even When Warned, Many Users Do Not Change Breached Passwords

In February, Google launched its Password Checkup service on chrome, which displays a warning to users when they login to a website using a password that is known to have been compromised in a previous data breach. Each username is checked against a database of more than 5 billion compromised logins. If the password used matches one associated with the same username in the database, the warning is triggered. The chrome extension has...

Read More
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
Aug22

Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks

A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...

Read More
Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms
Aug19

Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms

A new phishing campaign has been detected by security researchers at Microsoft that uses custom 404 pages to display a fake Office 365 login form. A single domain is used in this campaign and a custom 404 page is created that displays the fake Office 365 login form. The custom 404 page is displayed when any visitor to the website attempts to visit a non-existent web page. Since any URL could be entered to generate the 404 page, the...

Read More
Texas Ransomware Attack Affects 23 Government Agencies
Aug19

Texas Ransomware Attack Affects 23 Government Agencies

The Texas Department of Information Resources (DIR) has issued a statement confirming the state has experienced a major ransomware incident that has affected multiple agencies. For security reasons, the names of the affected agencies have not been released, but DIR has confirmed that at least 23 government entities have been affected by “a coordinated ransomware attack.’ The systems and networks of the State of Texas were not...

Read More
2019: A Particularly Bad Year for Healthcare Data Breaches
Aug07

2019: A Particularly Bad Year for Healthcare Data Breaches

Cyberattacks on healthcare organizations have continued to increase throughout the first half of 2019 and this year has seen the discovery of the second largest healthcare data breach ever reported. American Medical Collection Agency experienced a cyberattack in which the records of more than 20 million patients were exposed and potentially stolen. It should be no surprise to hear that in terms of both the number of healthcare data...

Read More
Capital One Data Breach Impacts 106 Million Customers: Hacker Arrested
Jul31

Capital One Data Breach Impacts 106 Million Customers: Hacker Arrested

Capital One, the 7th largest U.S. commercial bank and the 5th largest credit card issuer in the United States, has announced it has recently suffered a major data breach that has impacted more than 100 million credit card applicants in the United States and a further 6 million in Canada. The data breach was discovered on July 19, 2019 after the hacker allegedly responsible for the attack posted information on her Github and social...

Read More
Equifax to Pay up to $700 Million to Settle Data Breach Case
Jul23

Equifax to Pay up to $700 Million to Settle Data Breach Case

The massive data breach at the credit reporting firm Equifax in 2017 exposed the personal and financial information of 147 million Americans. The breach triggered a series of federal and state investigations to determine how the breach occurred, whether it could have been prevented, and whether Equifax had implemented sufficient security controls. The investigation has been completed and the subsequent data breach case has now been...

Read More
Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month
Jul01

Second Major Florida Ransomware Attack Raises Ransom Total to $1.1 Million in a Month

Two Florida cities suffered major ransomware attacks in the past month that wiped out their computer and phone systems. First came the news that Riviera Beach had suffered a major ransomware attack. The attack started on May 29, 2019 and was detected the following day. The ransomware took the city’s phone system, email system, and water payment system out of action. A ransom demand of 65 Bitcoin ($592,000) was issued by the attackers...

Read More
Florida City Pays $600,000 Ransom to Hackers for Keys to Unlock Encrypted Files
Jun21

Florida City Pays $600,000 Ransom to Hackers for Keys to Unlock Encrypted Files

A ransomware attack on the city of Riviera Beach in Florida has paralyzed the city’s computer system for more than 3 weeks and has caused widespread disruption. The attack started on May 29 with a single email. A member of the Riviera Beach police department received an email with an infected email attachment. When the attachment was opened, ransomware was deployed. The attack took down the city’s online services and computer systems....

Read More
Radware Survey Reveals the 2019 Cost of a Cyberattack is now $4.6 Million
Jun20

Radware Survey Reveals the 2019 Cost of a Cyberattack is now $4.6 Million

A recent survey by Radware has confirmed there has been a significant increase in the cost of a cyberattack in 2019. The average cost of remediating a cyberattack is now $4.6 million which is a 53% increase from 2018 when the survey was last conducted. Further, the number of companies that are now spending more than $10 million remediating cyberattacks has increased from 7% in 2018 to 13% in 2019 – An increase of more than 85%. The...

Read More
Norsk Hydro Ransomware Attack Estimated to Cost Firm Between $58 and $70 Million
Jun06

Norsk Hydro Ransomware Attack Estimated to Cost Firm Between $58 and $70 Million

Disaster strikes and ransomware is installed on the network. If backups have been made and they have also not been encrypted, files can be unlocked without having to pay the ransom. Even in such cases, the cost of the attack can be considerable, as the Norwegian aluminum and renewable energy company Norsk Hydro discovered. Ransomware had been installed on its systems on March 18, 2019. The ransomware strain used was a variant of Vega...

Read More
Google Has Been Storing Unhashed G-Suite Passwords for 14 Years
May24

Google Has Been Storing Unhashed G-Suite Passwords for 14 Years

Google has recently announced it has discovered an error was made in its enterprise password recovery feature that has resulted in G Suite passwords being stored on internal servers in plaintext for 14 years. The passwords could not be accessed remotely by anyone outside of Google, but the error does pose a security risk.  Any Google employee with access to its servers could have viewed those passwords. The problem does not affect...

Read More
International Law Enforcement Operation Shuts Down Goznym Malware Gang
May17

International Law Enforcement Operation Shuts Down Goznym Malware Gang

The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...

Read More
New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs
May16

New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs

Four Microarchitectural Data Sampling (MDS) vulnerabilities have been discovered in Intel processers which could be exploited using a variety of different attack methods to gain access to sensitive information. The flaws can be exploited on computers as well as in cloud environments and can allow information to be obtained from the operating system, applications, virtual machines, and trusted execution environments. The information...

Read More
Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw
May15

Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw

May 2019 Patch Tuesday has seen Microsoft release security updates to correct 79 vulnerabilities including one critical flaw that could potentially be exploited in a WannaCry-style malware attack. The wormable vulnerability (CVE-2019-0708) is in Remote Desktop Services and can be exploited by sending specially crafted requests via Remote Desktop Protocol (RDP). The vulnerability is pre-authentication and requires no user interaction....

Read More
Cost of the Equifax Data Breach? $1.5 Billion and Counting
May15

Cost of the Equifax Data Breach? $1.5 Billion and Counting

In 2017, the Atlanta-based credit bureau Equifax suffered a massive data breach that saw the personal information of 150 million people compromised. According to the company’s recent earnings release, the cost of the Equifax data breach has risen to $1.5 billion plus legal fees. The Department of Homeland Security had warned Equifax about a software vulnerability a few months prior to the attack, which was exploited to gain access to...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
City of Baltimore Suffers Second Ransomware Attack in 14 Months
May09

City of Baltimore Suffers Second Ransomware Attack in 14 Months

A ransomware attack on the City of Baltimore has forced the city to take most of its servers offline. This is the second such attack to hit the city in a little over a year. Baltimore suffered a similar attack in March 2018. In that attack, it’s 911 and 311 systems were taken out of action due to ransomware file encryption. The latest incident has not affected the 911 and 311 systems nor its core essential services, although many...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Businesses Are Not Well Prepared to Deal with Serious Security Breaches
May06

Businesses Are Not Well Prepared to Deal with Serious Security Breaches

A recent survey conducted by Vanson Bourne on 600 IT decision makers has revealed confidence in the ability to respond to a serious data breach is low. 77% of respondents did not believe they were extremely well prepared to deal with a major data breach, which is especially worrying considering 60% of respondents said they had experienced such a breach in the past two years. Just under a third (31%) of respondents said they had...

Read More
PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database
May03

PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database

An unsecured Elasticsearch database containing the personally identifiable information of approximately 137,000 people has been exposed over the Internet. The database was discovered by security researcher Jeremiah Fowler, who determined that the data belonged to the medical emergency evacuation service provider SkyMed. Fowler discovered the security settings for the database had not been correctly configured and the database could be...

Read More
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
Apr24

FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...

Read More
297 Flaws Patched by Oracle in its April Security Update
Apr18

297 Flaws Patched by Oracle in its April Security Update

Oracle’s April security update includes patches for 297 vulnerabilities across its product suite. Users of Oracle products have been advised to update the products as soon as possible to prevent the vulnerabilities from being exploited. This is especially important for this security update as it includes 53 critical bugs that have been assigned a CVSS v3 base score of 9.0 or above. 47 of those have a CVSS v3 score of 9.8. The patches...

Read More
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Apr16

Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed

Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...

Read More
SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd
Apr15

SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd

Selecting the best business security software can be a headache. Even when business leaders know exactly what they want from a software solution, choosing the right product can be difficult. After determining that a software solution ticks all the boxes and has all the required features, many businesses discover that it is a nightmare to use. When it comes to security software it is important to choose a solution that’s user friendly...

Read More
Pharmaceutical Giant Targeted in Long-Term Cyber Espionage Campaign
Apr08

Pharmaceutical Giant Targeted in Long-Term Cyber Espionage Campaign

The German pharmaceutical giant Bayer has announced that it has been targeted by hackers who installed malware on its network. The attack was contained, but the malware was not removed for months. Instead, Bayer has been observing the malware in an attempt to determine the ultimate goal of the attack and the identity of the threat actors behind the campaign. The malware was installed on its network in early 2018. The affected systems...

Read More
Restaurant Chain Data Breach Impacts more than 2 Million Customers
Apr02

Restaurant Chain Data Breach Impacts more than 2 Million Customers

A malware infection has impacted around 2 million customers of the Planet Hollywood, Earl of Sandwich, Chicken Guy!, Tequila Taqueria, Mixology, and Buca di Beppo restaurant chains. The announcement about the attack was recently made by Earl Enterprises, which operates all of the above brands. The breach was detected by Brian Krebs of KrebsonSecurity, who discovered credit cards were being sold on the darknet marketplace, Joker’s...

Read More
Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files
Mar11

Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files

After considering the potential costs and benefits, Jackson County, Georgia determined that paying the ransom demand to unlock files encrypted in ransomware attack was the best option, even though the ransom demand was around $400,000. The attack occurred over the weekend of March 2/3, 2019, and resulted in the widespread encryption of data. The email system of the country’s government was taken out of action, and even systems used by...

Read More
STOP Ransomware Delivered via Software Cracks
Jan22

STOP Ransomware Delivered via Software Cracks

STOP ransomware, a crypto-ransomware variant that uses the .rumba file extension on encrypted files, is being delivered via software cracks. Software cracking programs that generate licenses for popular software programs are commonly used to deliver malware. The executable files often install spyware and adware code during the cracking process and while it is not unknown for other malware to be installed when the programs are run, it...

Read More
Cryptocurrency Mining Malware Tops Most Wanted Malware List
Jan21

Cryptocurrency Mining Malware Tops Most Wanted Malware List

Check Point’s Most Wanted Malware report for December 2018 shows that cryptocurrency mining malware was the leading malware threat in December. The top four malware threats in December 2018 were all cryptocurrency miners. Top spot goes to the Monero miner Coinhive: An online miner that uses the processing power of visitors’ computers whenever they visit a website that has had the miner installed. Coinhive has topped the Most Wanted...

Read More
Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked
Jan03

Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked

A free decryptor for Fileslocker ransomware has been developed following the leaking of the master key for the ransomware on Pastebin. The master key is the key used by threat actors to decrypt files that have been encrypted by the ransomware. The post was created on December 29, 2018 and states that the master key, which decrypts the private key, is “applicable to V1, V2 version” and that the poster is “waiting for security personnel...

Read More
More Than 50 Accounts Compromised in San Diego School District Data Breach
Dec27

More Than 50 Accounts Compromised in San Diego School District Data Breach

A major data breach has been reported by the San Diego School District that has potentially resulted in the theft of the personal information of more than half a million current and former staff and students. The data exposed as a result of the breach date back to the 2008/2009 school year. The breach was detected following reports from district staff of a spate of phishing emails. The emails were highly believable and fooled users...

Read More
Webinar: Cost-Effective DNS-Based Web Filtering
Dec04

Webinar: Cost-Effective DNS-Based Web Filtering

In order to protect against web-based threats such as malware, ransomware, viruses, exploit kits, malvertising, and phishing, businesses need to implement a web filtering solution. A web filter allows businesses to carefully control the websites and webpages that employees can access while connected to the wired and wireless networks. All Internet traffic is routed through the filter where controls are applied to block malware...

Read More
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
Nov30

Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data

The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...

Read More
75% of Employees Lack Security Awareness
Oct26

75% of Employees Lack Security Awareness

MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...

Read More
Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability
Oct10

Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability

Almost 50 vulnerabilities have been patched by Microsoft on October Patch Tuesday including one zero-day vulnerability that is being actively exploited in the wild by the FruityArmor APT group. The zero-day (CVE-2018-8453) is linked to the Win32k component of Windows and is an elevation-of-privilege vulnerability discovered by Kaspersky Lab. If exploited, a threat actor could run arbitrary code in kernel mode and could create new...

Read More
Increased Remote Desktop Protocol Attacks Prompts IC3 to Issue Warning
Oct03

Increased Remote Desktop Protocol Attacks Prompts IC3 to Issue Warning

The FBI’s Internet Crime Complaint Center (IC3) has issued a warning to businesses about the abuse of remote administration tools such as Remote Desktop Protocol. The warning was prompted by a significant rise in attacks and darknet marketplaces selling RDP access. Remote Desktop Protocol was first introduced into Windows in 1996 and has proven to be a valuable tool. It allows employees to connect to their office computer remotely and...

Read More
Cofense Takes a Closer Look at Healthcare Phishing Attacks
Sep24

Cofense Takes a Closer Look at Healthcare Phishing Attacks

Cofense, the leading provider of human-based phishing threat management solutions, has published new research that shows the healthcare industry lags behind other industry sectors for phishing defenses and is routinely attacked by cybercriminals who often succeed in gaining access to sensitive patient health data. The Department of Health and Human Services’ Office for Civil Rights publishes a summary of data breaches reported by...

Read More
Study Reveals SMB Employees Are Taking Major Data Security Risks
Sep14

Study Reveals SMB Employees Are Taking Major Data Security Risks

Cyberattacks on large enterprises often make the headlines as they tend to involve the theft of large quantities of data, but small to medium sized businesses also face a high risk of cyberattacks and data breaches. According to a new report from the Chicago-based SMB consultancy firm Switchfast, there are now 4,000 cyberattacks on SMBs every day. SMBs are often viewed as easy targets. The rewards for a successful attack may not be so...

Read More