Trend Micro Reports 20% Increase in Blocked Threats in 2020
Feb24

Trend Micro Reports 20% Increase in Blocked Threats in 2020

Trend Micro reports a 20% increase in the number of threats it identified and blocked in 2020. In total, 62.6 billion threats were blocked at an average of 112,000 per day, according to the Trend Micro 2020 Annual Cybersecurity Report – A constant State of Flux. “In 2020, businesses faced unprecedented threat volumes hitting their extended infrastructure, including the networks of home workers,” said Jon Clay, director of global...

Read More
Accellion FTA Extortion Attacks Linked to FIN11 and CL0P Ransomware Gang
Feb23

Accellion FTA Extortion Attacks Linked to FIN11 and CL0P Ransomware Gang

In mid-December, threat actors started exploiting zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) product, and over the next few weeks it became apparent that many companies had suffered data breaches. The Accellion FTA was originally launched around 20 years ago to get around the problem of emailing large file attachments. Rather than emailing large files, individuals are sent links to the files hosted on the...

Read More
What are the HIPAA Password Requirements?
Feb18

What are the HIPAA Password Requirements?

Considering how important passwords are for preventing unauthorized access, you may be surprised to hear that passwords are only an addressable requirement of the administrative safeguards of the HIPAA Security Rule, rather than a required element. That does not mean the HIPAA password requirements are optional. Passwords must be considered as an administrative safeguard for securing accounts and preventing unauthorized access to...

Read More
US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020
Feb18

US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020

An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers. There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all...

Read More
Microsoft: Over 1,000 Hackers Suspected to be Involved in SolarWinds Hack
Feb16

Microsoft: Over 1,000 Hackers Suspected to be Involved in SolarWinds Hack

Microsoft President Brad Smith recently claimed the SolarWinds supply chain attack was “the largest and most sophisticated attack the world has ever seen” and may have involved more than 1,000 Russian operatives. The attack saw the code of the SolarWinds Orion solution updated so that when it was automatically updated a backdoor was inserted into all users’ networks that gave the attackers remote access. Many thousands of IT...

Read More
Ethical Hacker Breached 35 Companies Including PayPal, Microsoft, and Apple
Feb11

Ethical Hacker Breached 35 Companies Including PayPal, Microsoft, and Apple

An ethical hacker developed a novel supply chain attack that allowed him to gain access to the systems of more than 35 technology companies, including Microsoft, PayPal, Apple, Shopify, Netflix, Uber, and Tesla. Alex Birsan developed a technique that involved injecting malicious code into open source developer tools commonly used to install dependencies in developer projects. Dependencies are blocks of code that are shared across...

Read More
U.S. Companies Slow to Terminate Access to Systems When Employees Leave the Company
Feb05

U.S. Companies Slow to Terminate Access to Systems When Employees Leave the Company

When an employee is terminated or leaves a company for other reasons, access to systems should be immediately revoked, but in the U.S., many companies are slow to block access, according to a study conducted by the Identity Defined Security Alliance (IDSA). The study was conducted on 313 U.S. professionals in HR, sales, and help-desk positions who had responsibility for setting up or revoking system access. All respondents worked at...

Read More
More Than 37 Billion Records Were Exposed in Data Breaches in 2020
Jan25

More Than 37 Billion Records Were Exposed in Data Breaches in 2020

A new report from Risk Based Security suggests the number of data breaches fell by 48% globally in 2020; however, the number of breached records increased by 141% to 37 billion. The data for the Risk Based Security 2020 Year End Report came from crawls of the Internet to find information on data breaches, with all cases then subject to manual review. The researchers identified 3,932 breaches that had been disclosed in 2020 and. The...

Read More
Patients Rerouted to Other Hospitals After Cyberattack on Belgian Hospital
Jan21

Patients Rerouted to Other Hospitals After Cyberattack on Belgian Hospital

A hospital in Belgium has suffered a cyberattack that has seen approximately between 40 and 80 of its 300 servers encrypted using Windows BitLocker. The hackers claim to have encrypted around 100TB of data but maintain that they do not steal data prior to file encryption so there will be no data leak if the hospital does not pay the ransom. The attack differs from many of the attacks on U.S. healthcare providers in recent months....

Read More
Cloud and Medical Device Security are the Top Challenges for Healthcare IT Teams
Jan15

Cloud and Medical Device Security are the Top Challenges for Healthcare IT Teams

A recent 2021 IDG research study sponsored by Masergy and Fortinet explored the state of IT in the healthcare industry and revealed the key challenges faced by IT security teams. 2020 has certainly been a challenging year for the healthcare IT teams. In response to the pandemic, IT teams have had to accelerate digital transformations, greatly expand telemedicine, support an increasingly remote workforce, and cope with an increasing...

Read More
Hackers Behind European Medicines Agency Cyberattack Publish Stolen COVID-19 Vaccine Data
Jan14

Hackers Behind European Medicines Agency Cyberattack Publish Stolen COVID-19 Vaccine Data

The hackers behind the cyberattack on the European Medicines Agency (EMA) have leaked some of the COVID-19 vaccination data that was stolen in the attack. The EMA is responsible for the evaluation and supervision of medicines and vaccines in the European Union and is the EU equivalent of the U.S. Food and Drug Administration (FDA). As such, all COVID-19 vaccines and medicines must be approved by the EMA before they can be used in the...

Read More
Third Malware Variant was Used by SolarWinds Hackers
Jan12

Third Malware Variant was Used by SolarWinds Hackers

As the investigations into the SolarWinds hack continue, CrowdStrike reports a third malware variant was used in the attack. Researchers at CrowdStrike discovered a malware variant dubbed Sunspot that consists of sophisticated novel code that was used to ensure the Sunburst backdoor was correctly delivered without raising flags to the SolarWinds developers that their build environment had been compromised. The main malware used in the...

Read More
Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat
Jan06

Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat

Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat. In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the...

Read More
Microsoft Says SolarWinds Hackers Viewed its Source Code
Jan02

Microsoft Says SolarWinds Hackers Viewed its Source Code

In December, Microsoft confirmed that it had downloaded the compromised SolarWinds Orion software update that contained the Sunburst/Solarigate backdoor. Microsoft previously announced that the backdoor had been detected but no evidence had been found to indicate its software was compromised and used in similar supply chain attacks on its customers. Investigations into the breach have been continuing and Microsoft has now confirmed...

Read More
CISA and CrowdStrike Release Free Azure/O365 Analysis Tools to Identify Malicious Activity
Dec29

CISA and CrowdStrike Release Free Azure/O365 Analysis Tools to Identify Malicious Activity

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool for detecting unusual and potentially malicious activity in Azure/Office 365 environments. The tool can be downloaded free of charge and used by incident response teams to identify the identity- and authentication-based attacks that have been observed in multiple sectors in the wake of the SolarWinds...

Read More
SolarWinds Supply Chain Attack Impacts up to 18,000 Customers
Dec15

SolarWinds Supply Chain Attack Impacts up to 18,000 Customers

Hackers successfully compromised the SolarWinds Orion software solution and incorporated a backdoor dubbed SUNBURST that has been downloaded by up to 18,000 of its customers, including many large enterprises and government agencies. SolarWinds Orion is a software solution used by large enterprises and government agencies to manage their IT networks and IT infrastructure. The software is used by all five branches of the U.S. military,...

Read More
Ransomware Gangs Cold Call Victims Attempting to Restore Files from Backups
Dec07

Ransomware Gangs Cold Call Victims Attempting to Restore Files from Backups

Several ransomware threat actors have taken to cold calling victims who are attempting to restore their files from backups to pressure them into paying the ransom demand. Several ransomware gangs including Sekhmet, Maze, Conti, and Ryuk are known to be using this tactic, which started around August/September this year. The calls are scripted and are very similar across all of the different ransomware variants, which led Bill Siegel,...

Read More
Cyberattacks Increased During the Pandemic as Enterprises Struggled with Security with a Remote Workforce
Nov30

Cyberattacks Increased During the Pandemic as Enterprises Struggled with Security with a Remote Workforce

A recent study conducted by the California based endpoint security and systems management company Tanium suggests enterprises have struggled with security during the pandemic and have experienced an increase in cyberattacks. Tanium commissioned a Censuswide survey of 1,000 CXOs and vice presents at enterprise and government organizations in the United States, United Kingdom, France and Germany in June 2020 to explore how they coped...

Read More
BEC Gang Members who Scammed More Than 50,000 Organizations Arrested
Nov26

BEC Gang Members who Scammed More Than 50,000 Organizations Arrested

Image source: INTERPOL Three members of a cybercriminal gang that has attacked more 50,000 organizations have been arrested in Lagos, Nigeria. The arrests come at the end of a year-long investigation into the prolific business email compromise scammers by INTERPOL, Group-IB, and the Nigerian Police Force. The three gang members arrested are believed to be responsible for phishing scams, BEC attacks, and malware distribution on tens of...

Read More
FBI Issues Warning Following Increase in Ragnar Locker Ransomware Activity
Nov23

FBI Issues Warning Following Increase in Ragnar Locker Ransomware Activity

A recent increase in Ragnar Locker ransomware activity has prompted the Federal Bureau of Investigation (FBI) to issue a warning to private industry partners. The alert provides information to help system administrators and security professionals protect against attacks. Ragnar Locker is a relatively new ransomware strain, first identified in April 2020. The ransomware variant was used in an attack by unknown threat actors on a large,...

Read More
Study Reveals New Financial Services Employees are Immediately Given Access to Millions of Files
Nov19

Study Reveals New Financial Services Employees are Immediately Given Access to Millions of Files

A recent study conducted by Varonis has revealed new employees are given excessive permissions and can access a huge amount of company data from their first day on the job. The study was conducted on 56 companies in the financial services and Varonis analyzed a dataset of around 4 billion files. The study revealed employees have access to an average of 10.8 million files as soon as they join the company, with the number rising to...

Read More
Time to Switch from SMS and Phone-Based MFA to More Secure Authentication Methods
Nov16

Time to Switch from SMS and Phone-Based MFA to More Secure Authentication Methods

Multi-factor authentication is an important security measure to prevent compromised credentials from being used to gain access to accounts and sensitive data, but not all forms of MFA are equal. Earlier this year, Microsoft explained in a blog post that MFA is effective at blocking 99.9% of automated attacks on Microsoft accounts. While the advice remains the same – enable MFA on all accounts if possible – Microsoft is now urging...

Read More
Ransomware Gang Uses Hacked Facebook Account to Run Adverts Threatening Release of Campari Group Data
Nov13

Ransomware Gang Uses Hacked Facebook Account to Run Adverts Threatening Release of Campari Group Data

It is now common for ransomware gangs to steal data prior to encrypting files and to issue threats to publish or sell the stolen data if the ransom is not paid. This double extortion tactic was started by the Maze ransomware gang in 2019 but has since been adopted by many different threat groups. While companies attacked with ransomware usually have backups and can restore their systems in the event of an attack, the reputation damage...

Read More
Unprotected AWS S3 Bucket of Hotel Reservation System Contained 10 Million+ Files Containing Guests’ PII
Nov10

Unprotected AWS S3 Bucket of Hotel Reservation System Contained 10 Million+ Files Containing Guests’ PII

Another day, another cloud misconfiguration. This time, more than 10 million files have been exposed that contained the personal information and credit card data of well over 10 million hotel guests. The exposed AWS S3 bucket was discovered by security researchers at Website Planet, who linked the data to the Spanish developer Prestige Software. Prestige Software is the developer of ‘Cloud Hospitality’, a software solution used by...

Read More
October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020
Nov05

October Threat Report Shows 1,200% Increase in Emotet Attacks in Q3, 2020

New data from HP Inc. shows cyberattacks involving the Emotet Trojan increased by more than 1,200% between Q2, 2020 and Q3, 2020. The data for the company’s October 2020 Threat Insights Report come from HP Sure Click Enterprise, a security solution used on enterprise desktops and laptops that captures malware and allows it to run in a secure container. Data were collected from 1 July to 30 September 2020, with the report proving...

Read More
Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals
Oct30

Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals

The U.S Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a warning to healthcare providers and public health agencies of an imminent threat of attacks using Ryuk ransomware. An advisory was issued on October 28, 2020 after credible evidence was uncovered indicating the operators of Ryuk...

Read More
Maze Ransomware Gang Shuts Down Operations
Oct29

Maze Ransomware Gang Shuts Down Operations

The Maze ransomware gang, which operated one to the most prolific ransomware campaigns over the past 18 months year, has shut down. The Maze ransomware operators were the first to utilize a double-extortion tactic involving the theft of data prior to the encryption of files to increase the likelihood of the ransom being paid. While all ransomware operations involve the encryption of files and the payment of a ransom in order to obtain...

Read More
78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication
Oct28

78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication

Despite the risk of phishing attacks and email account compromises, 78% of Microsoft 365 admins have not enabled multi-factor authentication and 97% of all Microsoft 365 users are not using MFA, according to a recent report published by CoreView Research. Multi-factor authentication is one of the most effective measures to prevent stolen credentials from being used to gain access to accounts. It is alarming that so few users and...

Read More
French IT Giant Suffers Ryuk Ransomware Attack
Oct26

French IT Giant Suffers Ryuk Ransomware Attack

One of the largest French information technology consultancies, Sopra Steri, has been hit with a serious ransomware attack that forced its systems offline. Sopra Steri has a global customer base and provides outsourcing services to the UK National Health Service (NHS). According to a statement released by the French-headquartered IT firm, the attack impacted “all geographies”. The attack was detected on the evening of October 20,...

Read More
Coalition of Tech Firms Takedown TrickBot Botnet
Oct13

Coalition of Tech Firms Takedown TrickBot Botnet

The backend infrastructure of the TrickBot botnet has been taken down by a coalition of tech companies and government agencies, including Microsoft ESET, NTT, Black Lotus Labs, Symantec, and FS-ISAC. The takedown is the result of several months of painstaking work involving the analysis of more than 125,000 samples of the TrickBot Trojan by the coalition members, who studied the content and extracted and mapped information about how...

Read More
$23 Million Ransom Demand Issued to Major German IT Firm
Oct12

$23 Million Ransom Demand Issued to Major German IT Firm

Software AG, a German IT firm that specializes in enterprise IoT software, has suffered a ransomware attack.  Darmstadt, Germany-based Software AG serves around 10,000 customers in more than 70 countries, has around 5,000 employees, and annual revenues in excess of €800 million. On the evening of October 3, 2020, malware was installed on its network, according to a company press release. The attack was limited to its internal...

Read More
Surveys Raise Concerns About Security with a WFH Workforce
Sep30

Surveys Raise Concerns About Security with a WFH Workforce

The COVID-19 pandemic has forced many businesses to allow employees to work from home or to adopt hybrid working, where employees spend some of their time in the office and some time working form home. During the lockdowns imposed by governments, most workers were using corporate-owned or personal devices to work from home. A recent survey conducted by cybersecurity firm Tessian explored the perceived risks of home working among 250...

Read More
Outbound Email Volume Grows During Pandemic, Increasing the Risk of an Email Data Breach
Sep17

Outbound Email Volume Grows During Pandemic, Increasing the Risk of an Email Data Breach

A recent survey conducted on 538 IT leaders has revealed 93% have experienced a data breach as a result of an email error, with 70% believing the move to remote working has increased the risk of outbound email breaches of sensitive data. The research was conducted by email security firm Egress and highlights the risk associated with outbound email and why it is important to implement an email security solution capable of scanning...

Read More
Almost a Quarter UK Corporate-Owned Computers and Smartphones Have No Antivirus Software Installed
Sep10

Almost a Quarter UK Corporate-Owned Computers and Smartphones Have No Antivirus Software Installed

A worrying percentage of businesses are not adequately protecting the devices they issue to their employees, according to new research commissioned by Kaspersky. Kaspersky commissioned Arlington Research to conduct interviews with 2,000 UK adult consumers in June 2020 to gain a better understanding of the state of cybersecurity at UK businesses. 32% of respondents said they had been provided with a desktop computer by their employer,...

Read More
CISA Issues Guidance on Malicious Network Activity Detection and Incident Response
Sep07

CISA Issues Guidance on Malicious Network Activity Detection and Incident Response

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory offering technical guidance on identifying malicious activity and remediating cyberattacks. The guidance is based on research conducted by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States. The guidance has been written to help incident response teams...

Read More
Gartner Predicts CEOs Will be Held Personally Liable Cyber-Physical Incidents by 2024
Sep03

Gartner Predicts CEOs Will be Held Personally Liable Cyber-Physical Incidents by 2024

Garter has predicted 75% of CEOs will be held personally liable for attacks on cyber-physical systems (CPSs) by 2024. CPSs are defined by Gartner as “systems engineered orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans).” Cyberattacks on these systems would not only result in data loss, outages, and equipment failure, they could also easily cause physical harm and...

Read More
Google to Add MitM Protection Mechanism to Chrome 86 Warning Users About Insecure Forms
Aug18

Google to Add MitM Protection Mechanism to Chrome 86 Warning Users About Insecure Forms

Google has announced that the Google Chrome browser will soon alert individuals about insecure forms on websites. Google is planning on rolling out the new feature in Chrome 86 to protect users from man-in-the-middle attacks. The new feature will generate an alert for mixed forms, which are forms on secure (HTTPS) websites that are delivered insecurely and pose a risk to users’ privacy and security. These insecure forms can be visible...

Read More
Netwalker Ransomware Gang Generates Over $25 Million in Ransom Payments in 5 Months
Aug04

Netwalker Ransomware Gang Generates Over $25 Million in Ransom Payments in 5 Months

2020 has seen the Netwalker ransomware gang step up attacks on government organizations, healthcare providers, educational institutions, and private companies. In late July the FBI issued a Flash Alert warning about the increase in attacks. This week, McAfee has published data showing how successful those attacks have been. McAfee has been tracking payments made to the Bitcoin addresses known to be used by the threat group and $25...

Read More
Spear Phishing Used in Twitter Hack: Three Individuals Charged
Aug03

Spear Phishing Used in Twitter Hack: Three Individuals Charged

In July 2020, Twitter was hacked and hackers temporarily took control of several high-profile Twitter accounts with millions of followers. The accounts were used to send Tweets as part of a Bitcoin scam, announcing that if Bitcoin was transferred, the payment would be sent back at double the amount sent. Approximately $120,000 in Bitcoin was sent to the Bitcoin wallets used by the scammers. The Twitter accounts of Elon Musk, Bill...

Read More
The Average Cost of a Data Breach is Now $3.86 Million
Jul29

The Average Cost of a Data Breach is Now $3.86 Million

The 2020 Cost of a Data Breach Report from IBM Security has revealed the global average cost of a data breach is now $3.86 million, down 1.5% from 2019. While data breach costs fell on average year-over-year, in healthcare they increased by 10.5% to $7.13 million per breach, on average. There was also considerable variation in breach costs from country to country, with the United States having the costliest breaches. In the US, the...

Read More
Malware Attacks Down, but Ransomware and IoT Attacks Have Surged in 2020
Jul24

Malware Attacks Down, but Ransomware and IoT Attacks Have Surged in 2020

Cybercriminals were quick to respond to the COVID-19 pandemic and changed their tactics, techniques and procedures to capitalize on the uncertainly surrounding the 2019 novel coronavirus and COVID-19. With the pandemic forcing many businesses to drastically increase the number of employees working from home, cybercriminals started targeting home workers. SonicWall has been tracking cyber threats throughout the pandemic and its...

Read More
Search and Destroy ‘Meow’ Bot has Wiped More Than 1,000 Online Databases
Jul23

Search and Destroy ‘Meow’ Bot has Wiped More Than 1,000 Online Databases

Companies that fail to secure their Elasticsearch and MongoDB instances are being targeted by an attacker who destroys the data, overwriting the databases with a string of random numbers and the word ‘meow’. The attacks appear to be automated, no note is left, no ransom demand is issued, and there is no explanation as to why the attack has occurred. The attacks are ongoing and, so far, at least 1,269 Elasticsearch servers and 276...

Read More
$7.5 Million Ransom Demanded from Argentinian ISP
Jul21

$7.5 Million Ransom Demanded from Argentinian ISP

One of Argentina’s largest internet service providers, Telecom Argentina, has suffered a major ransomware attack involving around 18,000 computers. The attack started on Saturday July 18 with the attackers taking control of the internal domain admin, which allowed them to spread the ransomware across the entire network. According to sources at the company, the attack was detected rapidly and steps were taken to limit the spread of the...

Read More
Twitter Confirms Admin Tool Hacked and Used in Massive Cryptocurrency Scam
Jul16

Twitter Confirms Admin Tool Hacked and Used in Massive Cryptocurrency Scam

Several high-profile Twitter accounts have been ‘hacked’ and used in a major cryptocurrency scam. The first Tweets were sent from the accounts around 3pm on July 15, 2020 and asked account followers to transfer Bitcoin to a specific address. In return, the account holder promised to double the amount sent. The Twitter accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Michael Bloomberg, Joe Biden, Barack Obama,...

Read More
Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System
Jul14

Maximum Severity Flaw in SAP Could Allow Full Takeover of Enterprise System

The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency has issued an alert about a critical vulnerability in the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. The flaw, tracked as CVE-2020-6287, can be exploited through HTTP and would allow an attacker to take full control of vulnerable SAP applications. The flaw was discovered by researchers at Onapsis who named...

Read More
Microsoft Research Develops Undetectable Malware Scanner for Virtual Machines
Jul09

Microsoft Research Develops Undetectable Malware Scanner for Virtual Machines

Many businesses have replaced traditional desktops with virtual machines located in the cloud. Each virtual machine is an exact replica of a standard desktop complete with an operating system that is located on a cloud service provider’s server. One cloud server can house many virtual machines that run simultaneously. While antivirus software can be used on virtual machines, the signature-based detection is only good at identifying...

Read More
More Than 15 Billion Credentials are up for Sale on Hacking Forums
Jul08

More Than 15 Billion Credentials are up for Sale on Hacking Forums

New research conducted by Digital Shadows has provided insight into the scale of credential theft and the extent to which stolen credentials are being sold on hacking forums and darknet marketplaces. A wide range of credentials are up for sale including social media accounts, streaming services, Office 365 accounts, and bank accounts. According to the Digital Shadows analysis, there are currently more than 15 billion username and...

Read More
ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic
Jun30

ESET Reports Doubling of Brute Force Attacks on Remote Desktop Services During the COVID-19 Pandemic

Cybersecurity firm ESET has analyzed its telemetry data and found there has been a major increase in brute force attacks on remote desktop services during the COVID-19 pandemic. There was a steady increase in attacks between December 1, 2019 and May 1, 2020, rising from around 30,000 brute force attacks a day in early December to around 60,000 daily attacks by the end of the month. Then followed a slight decline, before a sharp rise...

Read More
REvil Ransomware Gang Observed Scanning Compromised Networks for PoS Software
Jun24

REvil Ransomware Gang Observed Scanning Compromised Networks for PoS Software

The REvil gang behind Sodinokibi ransomware are using a new tactic in their attacks. The gang is already known for compromising systems and stealing data before the ransomware payload is deployed. The gang had previously threatened to publish data stolen in their attacks if the ransom was not paid and followed through with that threat for the first time in January 2020. After gaining access to a system, the attackers move laterally...

Read More
Massive Global Surveillance Campaign Used Rogue Chrome Extensions to Steal Data
Jun22

Massive Global Surveillance Campaign Used Rogue Chrome Extensions to Steal Data

Researchers at Awake Security have uncovered a massive global surveillance campaign that used malicious Google Chrome extensions to steal sensitive data. The extensions had been downloaded millions of times before Google removed them from the Chrome Web Store. These Trojan browser extensions were used to steal corporate data and gain a persistent foothold in corporate networks. Awake Security researchers identified 111 malicious...

Read More
Exposed Elasticsearch Instances are Found by Hackers in a Matter of Hours
Jun12

Exposed Elasticsearch Instances are Found by Hackers in a Matter of Hours

How long does it take hackers to find exposed Elasticsearch servers and exposed S3 Buckets? Just a few hours according to Comparitech. Comparitech researchers are no strangers to exposed cloud data. They commonly find unprotected databases and report the lack of protections to the data owners. In many cases, exposed Elasticsearch servers are secured quickly, although it is often not clear for how long data has been exposed. The...

Read More
June 23, 2020: MVP GrowthFest: Join Magic Johnson and Channel All-Stars at this Must Attend Virtual MSP Event
Jun11

June 23, 2020: MVP GrowthFest: Join Magic Johnson and Channel All-Stars at this Must Attend Virtual MSP Event

  Businesses in all industry sectors have faced difficult challenges during the COVID-19 pandemic and have had to make considerable changes in order to survive. Managed Service Providers (MSPs) have similarly had to adjust their business practices in response to the pandemic, and while some have struggled there have been several success stories. Overall, the Channel has demonstrated considerable strength and resilience and some...

Read More
Zoom Patches Two Serious RCE Flaws and States E2E Encryption Will Not Be Available to Free Users
Jun04

Zoom Patches Two Serious RCE Flaws and States E2E Encryption Will Not Be Available to Free Users

Two high severity vulnerabilities in the Zoom videoconferencing platform have been identified by researchers at the Cisco Talos threat intelligence team that could allow a remote attacker to send files to the system of a Zoom meeting participant, which could potentially allow remote execution of arbitrary code on the target’s system. The flaws were reported to Zoom and have now been patched in version 4.6.12 of the Zoom video...

Read More
What is the Legal Recommended Email Archiving Retention Period?
May29

What is the Legal Recommended Email Archiving Retention Period?

Virtually all businesses, non-profits, and educational institutions are required to retain email data, but what is the legal recommended email archiving retention period? In this post we will explain how long you should be arching your emails and how this differs based on email content. Why Do I Need to Retain Copies of Emails? Emails can contain important data that may be relevant for litigation. As with other forms of electronic...

Read More
StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps
May28

StrandHogg 2.0 Android Flaw Allows Hackers to Hijack Legitimate Apps

The Norwegian security researchers who identified the StrandHogg vulnerability in the Android platform have identified another vulnerability that is even more dangerous that the original. The vulnerability – tracked as CVE-2020-0096 – is a critical flaw that allows hackers to masquerade as virtually any legitimate app on a targeted device. The vulnerability is present on all versions of Android apart from the latest...

Read More
67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks
May22

67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks

The Verizon 2020 Data Breach Investigations Report shows financial gain is the biggest motivator for cyberattacks, accounting for 86% of the 32,002 security incidents analyzed for this year’s report, up from 71% in 2019. 55% of the financially motivated attacks were conducted by cybercriminal organizations. The majority of data breaches involve the theft of credentials, which has meant malware is being used much less than in previous...

Read More
Webinar: Double Up on Protection for Your Remote Workers
May21

Webinar: Double Up on Protection for Your Remote Workers

TitanHQ is hosting a webinar on Thursday May 21, 2020 to explain how you can better protect your remote workers from phishing attacks and block malware and ransomware downloads during the COVID-19 public health emergency and beyond. Many businesses have been forced to rapidly transition from an office-based workforce to a largely at-home workforce due to COVID-19, and by doing so have greatly increased cybersecurity risks. Remote...

Read More
REvil Gang Releases 2GB of Celebrity Data and Increases Ransom Demand to $2 Million
May18

REvil Gang Releases 2GB of Celebrity Data and Increases Ransom Demand to $2 Million

Last week, a celebrity New York law firm – Grubman Shire Meiselas and Sacks – whose client list includes Lady Gaga, Madonna, Bruce Springsteen, U2, and Mariah Carey confirmed it has been the victim of a cyberattack. The group behind the attack has now been confirmed as REvil, a prolific threat group that has conducted many attacks on high profile targets, including the foreign exchange company Travelex. As is typical for...

Read More
Ramsay Malware Designed to Steal Data from Air-Gapped Networks
May15

Ramsay Malware Designed to Steal Data from Air-Gapped Networks

A new malware toolkit has been discovered that appears to have been developed to steal sensitive data from air-gapped networks. Researchers at ESET have named the malware Ramsay and report it has a range of advanced features that allow it to keep under the radar and steal highly sensitive data from victims. One of the most effective ways of protecting sensitive data is to ensure that it is not saved on any device accessible through...

Read More
13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic
May12

13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic

The transition from a largely office-based workforce to having most employees working from home has left many organizations exposed to cyberattacks. While having employees working from home does not necessarily mean a weakening of security defenses, the problem has been the speed at which the changes had to be made. The rapid change to an at-home workforce as a result of the Covid-19 pandemic has meant organizations have not had...

Read More
Cognizant Ransomware Attack Expected to Cost Between $50 and $70 Million
May11

Cognizant Ransomware Attack Expected to Cost Between $50 and $70 Million

The ransomware attack on the IT services company Cognizant is expected to cost between $50 million and $70 million, according to a recent financial report filed by the company last week. The firm was attacked with ransomware on April 17, 2020. Upon discovery of the attack, systems were rapidly taken offline to limit the extent of the attack. Had it not been for the immediate response, the outcome could have been far worse. The group...

Read More
Europe’s Largest Private Hospital Operator Hit with Snake Ransomware Attack
May08

Europe’s Largest Private Hospital Operator Hit with Snake Ransomware Attack

A large-scale Snake ransomware campaign is underway after a period of low-level activity. Snake ransomware was first identified by MalwareHunter Team in January 2020 and has only been used in limited attacks, but there was a major spike in attacks on May 4, when 25 attacks were reported. Snake ransomware is unusual as it targets industrial control systems (ICS), SCADA systems, and processes related to enterprise management tools. The...

Read More
InfinityBlack Hacking Group Dismantled
May07

InfinityBlack Hacking Group Dismantled

The InfinityBlack hacking group has been dismantled following an operation by law enforcement agencies in Switzerland and Poland. The InfinityBlack hacking group sold millions of stolen credentials and hacking tools on hacking forums, and also conducted its own attacks. The groups activity resulted in losses of hundreds of millions of euros. The hacking group, believed to have been formed in 2018, operated the infinity.black website...

Read More
Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom
Apr30

Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom

The U.S. pharmaceutical company ExecuPharm recently announced it suffered a ransomware attack on March 13, in which certain corporate and employee information was compromised. The attack started with phishing emails sent to its employees, with the subsequent investigation indicating the attackers may have viewed or obtained sensitive data prior to the deployment of the ransomware. The types of data that were potentially compromised...

Read More
IT Services Firm Cognizant Suffers Maze Ransomware Attack
Apr20

IT Services Firm Cognizant Suffers Maze Ransomware Attack

The IT services firm Cognizant experienced a ransomware attack over the weekend that has affected its internal systems and has caused some disruption for its clients. The Fortune 500 firm is one of the largest IT services providers in the world, with more than a quarter of a million employees and revenues in excess of $16.8 billion in 2019. Cognizant has a diverse range of clients that include several Fortune 500 firms, along with...

Read More
Zoom Announces New Measures Have Been Implemented to improve Privacy and Security
Apr17

Zoom Announces New Measures Have Been Implemented to improve Privacy and Security

Zoom has faced considerable criticism over privacy and security over the past few weeks. The company was claiming to have implemented end-to-end encryption when Zoom itself had access to users’ video calls, zero-days have been discovered for which exploits are allegedly being offered for sale, data was found to be routed through China, and hackers have stolen at least 2,300 user credentials. There have also been many reported cases of...

Read More
Travelex Paid Ransomware Gang $2.3 Million for Keys to Unlock Encrypted Files
Apr10

Travelex Paid Ransomware Gang $2.3 Million for Keys to Unlock Encrypted Files

The Sodinokibi ransomware attack on Travelex that started on New Year’s Eve and caused weeks of disruption was resolved by paying the ransom demand. The attack saw Travelex’s online currency exchange service taken offline preventing banks such as Lloyds and Barclays from offering currency exchange services. Travelex was also forced to shut down operations at its 1,500 locations around the world. Some of its systems remained offline...

Read More
More Than 82% of Public-Facing Exchange Servers Still Vulnerable to Critical Exchange Control Panel Flaw
Apr07

More Than 82% of Public-Facing Exchange Servers Still Vulnerable to Critical Exchange Control Panel Flaw

An analysis of public-facing Exchange servers by Rapid7 has revealed 82.5% are still vulnerable to a critical remote code execution vulnerability in the Exchange Control Panel (ECP) that Microsoft released a patch for on February 2020 Patch Tuesday.  While the vulnerability can only be exploited post-authorization, all an attacker would need to exploit the flaw is previously compromised email credentials. One successful phishing...

Read More
Zoom Security Concerns Mount as New Flaws Identified
Apr03

Zoom Security Concerns Mount as New Flaws Identified

The 2019 Novel Coronavirus pandemic has forced many employees into telecommuting with them maintaining contact with the office through videoconferencing apps such as Zoom. Zoom has proven to be one of the most popular choices during the COVID-19 crisis, registering a 535% increase in traffic in the past month, but the number of Zoom security concerns have been mounting. Zoom Security Concerns are Mounting Zoom security concerns have...

Read More
Database Containing Extensive Information of 200 Million Americans Exposed Online
Mar24

Database Containing Extensive Information of 200 Million Americans Exposed Online

A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...

Read More
New Vulnerabilities Identified in Popular Password Managers
Mar23

New Vulnerabilities Identified in Popular Password Managers

Password managers help you create complex and unique passwords for every application, service, and website but how secure are password managers? Could a password manager actually weaken security? According to a study conducted by researchers at the University of York, password managers are not totally secure. Vulnerabilities in password managers have been found that could potentially be exploited by cybercriminals to gain access to a...

Read More
Manual Ransomware Attacks Increasing in Sophistication and Pose Growing Threat to Businesses
Mar12

Manual Ransomware Attacks Increasing in Sophistication and Pose Growing Threat to Businesses

Automated ransomware attack techniques such as those utilized by the threat actors behind WannaCry and NotPetya certainly have potential to cause massive disruption, but human-operated ransomware attacks are increasing and now pose a major threat to businesses, according to Microsoft. These manual attacks provide attackers with unrestricted access to networks and allow them to cause maximum disruption, increasing the probability that...

Read More
Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws
Mar10

Microsoft Releases Patches for 115 Vulnerabilities Including 26 Critical Flaws

Microsoft released a record number of patches on March Patch Tuesday. 115 vulnerabilities have been patched across the entire product range, including 26 vulnerabilities that have been rated critical and 88 that have been rated important. None of the flaws in the March round of updates are believed to have been exploited in the wild and none have been made public prior to the patches being released. 17 of the critical flaws affect...

Read More
At Least $144.35 Million Has Been Paid by Victims of Ransomware Attacks Since 2013
Mar05

At Least $144.35 Million Has Been Paid by Victims of Ransomware Attacks Since 2013

Figures from the U.S. Federal Bureau of Investigation (FBI) show that at least $144.35 million in Bitcoin was paid by victims of ransomware attacks between January 2013 and July 2019 – Around $1.83 million a month. That only includes ransoms paid in Bitcoin and the FBI is not notified about all ransom payments, so the true figure is likely to be substantially higher. Over the past 6.5 years there have been many ransomware variants...

Read More
More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability
Mar04

More Than 1 Billion Devices Affected by Kr00k Wi-Fi Encryption Vulnerability

A vulnerability has been identified in Wi-Fi chips manufactured by Broadcom and Cypress which are used in more than a billion devices, according to a paper recently published by ESET. Smartphones, tablets, laptops, and IoT devices are all affected, including Apple iPhones, iPads, and MacBooks; Samsung Galaxy and Google Nexus smartphones; Amazon Echo and Kindle; Raspberry Pi3; Asus and Huawei access points and routers; and many IoT...

Read More
At Least 15.1 Billion Records Were Exposed in Data Breaches in 2019
Feb14

At Least 15.1 Billion Records Were Exposed in Data Breaches in 2019

A new report from Risk Based Security has revealed 15.1 billion records were exposed in publicly reported data breaches in 2019 – A 284% increase from 2018 and a 91% increase from 2017. While the number of records exposed in data breaches was substantially higher in 2019, the number of breaches only increased by 1% from 7,035 in 2018 to 7,098 in 2019. However, it should be noted that further incidents may be added to that total...

Read More
BEC Attacks Account for More Than Half of All Losses to Cybercrime
Feb13

BEC Attacks Account for More Than Half of All Losses to Cybercrime

Business email compromise attacks are the most financially damaging form of cybercrime, according to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). In 2019, IC3 received 467,361 complaints about cybercrime and victims of those crimes reported losses of $3.5 billion. BEC attacks only accounted for 23,775 of those attacks (5.08%), yet they resulted in losses of $1.77 billion – 50.57% of all reported...

Read More
Avast and AVG Customers’ Sensitive Browsing Data Will No Longer Be Collected and Sold to Third Parties
Jan30

Avast and AVG Customers’ Sensitive Browsing Data Will No Longer Be Collected and Sold to Third Parties

There’s some good news today for users of Avast and AVG antivirus products. Personal search histories, clicks, and details of online purchases will no longer be covertly collected and sold to third parties. Avast, which owns AVG, has announced that it is shutting down its subsidiary, Jumpshot, which was doing just that. Jumpshot would likely still be fully operational were it not for a joint investigation by Motherboard and PCMag....

Read More
CISA Warns of Increase in Emotet Malware Activity
Jan24

CISA Warns of Increase in Emotet Malware Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...

Read More
Microsoft Database of 250 Million Records Exposed Online
Jan23

Microsoft Database of 250 Million Records Exposed Online

Microsoft has announced that one of its databases has been accidentally exposed online. The database could over the internet without the need for authentication. The database was found by security researchers at Comparitech, who reported the security issue to Microsoft. Microsoft immediately secured the database and launched an investigation to determine how long the data had been exposed and whether it had been accessed by...

Read More
$1.38 Billion Settlement Reached in Equifax Data Breach Class Action Lawsuit
Jan16

$1.38 Billion Settlement Reached in Equifax Data Breach Class Action Lawsuit

A $1.38 billion settlement has been reached to resolve the Equifax data breach class action lawsuit filed on behalf of victims of the 2017 data breach that affected 147 million Americans and 15.2 million individuals in the United Kingdom. The settlement was given final approval by a court in the Northern District of Georgia on Monday, January 13, 2020. Class members will be able to claim up to $20,000 to cover out-of-pocket losses....

Read More
January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities
Jan14

January 2020 Patch Tuesday Sees Microsoft Patches 49 Vulnerabilities

January 2020 Patch Tuesday has seen Microsoft issue patches for 49 vulnerabilities including 7 rated critical, along with a fix for the Crypt32.dll vulnerability discovered and publicly disclosed by the U.S. National Security Agency. Microsoft has also issued its last round of updates for Windows 7, which reached end of life on January 14. None of the vulnerabilities in this month’s updates are being exploited in the wild and details...

Read More
NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server
Jan14

NSA Issues Cybersecurity Advisory on Critical Flaw Affecting Windows 10 and Windows Server

The U.S. National Security Agency has taken the unusual step of publicly disclosing a vulnerability to a software vendor. This is the first time that such a disclosure has been attributed to the NSA. The vulnerability, tracked as CVE-2020-0601, affects Windows 10 and Windows Server 2016 and 2019, and has been rated as critical by the NSA, but only important by Microsoft. When the NSA discovers vulnerabilities they are usually kept...

Read More
Erie, Colorado Loses $1 Million To BEC Scam
Jan08

Erie, Colorado Loses $1 Million To BEC Scam

The town of Erie in Colorado has been duped by a business email compromise (BEC) scam. A payment of $1.01 million intended for the construction firm contracted to build the Erie Parkway bridge was sent to a bank account controlled by the scammers. In contrast to most BEC scams that are conducted via email, this scam was performed via the town’s website. A form on the website was used to make a change to the payment method for SEMA...

Read More
Travelex Cyberattack Forces Shutdown of Online Currency Services
Jan06

Travelex Cyberattack Forces Shutdown of Online Currency Services

The world’s largest foreign exchange company, Travelex, experienced a cyberattack on New Year’s Eve which took its website out of action and affected companies such as Tesco, Barclays, and HSBC which used its FX services. Since the attack occurred, Tesco, Sainsbury’s, and other companies that use Travelex FX services have been unable to provide online currency exchanges to their customers. Travelex discovered a virus on its...

Read More
Ransomware Victim Takes Legal Action Against Attackers and ISP Hosting its Stolen Data
Jan03

Ransomware Victim Takes Legal Action Against Attackers and ISP Hosting its Stolen Data

Southwire, one of the largest manufacturers of cabling and wire in the United States, has taken legal action against the unknown individuals behind the attack and an internet service provider hosting a website where its stolen data has been published. The threat actors infiltrated Southwire’s network in December 2019, stole 120 GB of company data, and then deployed Maze ransomware on 878 computers. A ransom demand of 850 Bitcoin ($6...

Read More
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Jan02

Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group

Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...

Read More
Three Members of Goznym Banking Trojan Gang Sentenced
Dec26

Three Members of Goznym Banking Trojan Gang Sentenced

Three individuals who were part of the criminal organization responsible for the Goznym malware attacks in Europe and North America between 2015 and 2016 have been sentenced for their role in the operation, according to a recent announcement by the U.S. Department of Justice. The Goznym banking Trojan was a hybrid of the Nymaim malware dropper and Gozi banking malware and was primarily distributed via massive email spamming campaigns....

Read More
Data of 267 Million Facebook Users Exposed Online
Dec23

Data of 267 Million Facebook Users Exposed Online

A database containing the user IDs, names, and telephone numbers of 267 million Facebook users has been exposed online for a period of around two weeks as a result of a misconfigured Elasticsearch cluster.  The exposed database was discovered by Bob Diachenko and security researchers at Comparitech. It is believed to have been created by individuals based in Vietnam. Most of the individuals whose data has been exposed are based in the...

Read More
435,000 Weak RSA Keys Identified in IoT Devices
Dec18

435,000 Weak RSA Keys Identified in IoT Devices

RSA is a commonly used encryption protocol for securing communications. RSA encryption uses asymmetric cryptographic keys, one of which is public and can be shared and the other is private. In order to decrypt data, the private key is required. RSA keys are created by multiplying two random prime numbers. These prime factors should be different. No two RSA keys should share the same prime factors, but researchers at Keyfactor have...

Read More
Unsecured Web Filtering Database Exposed Private Browsing Histories and PII
Dec17

Unsecured Web Filtering Database Exposed Private Browsing Histories and PII

A database containing around 1 million web browsing records of internet users has been left unprotected online. The 890GB database contained daily logs of internet activity of customers of various internet service providers along with personally identifiable information that tied the browsing histories to specific end users. In many cases, highly sensitive internet histories were exposed, including specific videos that were viewed on...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More
Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise
Dec10

Ransomware Attacks on Network Attached Storage (NAS) Devices on the Rise

A hacker succeeds in gaining access to the computer systems of a business and ransomware is deployed, but there is a fair chance that the business will recover its files from backups and not pay the ransom. However, if backups are not available, there is a high chance that the business will have to pay since data loss is simply not an option. It is therefore no surprise that hackers are now targeting backups and Network Attached...

Read More
Ransomware Attack on IT Company Impacts more than 100 Dental Practices
Dec09

Ransomware Attack on IT Company Impacts more than 100 Dental Practices

More than 100 dental practices have had essential files encrypted as a result of a ransomware attack on an IT service provider. On November 25, 2019, the Englewood, Colorado-based IT firm Complete Technology Solutions (CTS) was attacked and its data was encrypted by Sodinokibi ransomware, aka rEvil. The firm was reportedly issued with a ransom demand of $700,000 in cryptocurrency for the keys to unlock the encrypted files. The firm...

Read More
Elaborate Man-in-the-Middle Attack Diverts $1 Million Payment to Israeli Startup
Dec05

Elaborate Man-in-the-Middle Attack Diverts $1 Million Payment to Israeli Startup

$1 million in venture capital funding intended for an Israeli startup was diverted to an attacker-controlled bank account in an elaborate wire transfer email scam. The funding was being transferred from a Chinese VC firm and the funds were intended to help the Israeli firm kick start its business. The scam was uncovered by researchers at Check Point Software who called it the “ultimate man-in-the-middle attack.” The researchers...

Read More
FBI Issues Warning Following Increase in E-Skimming Attacks
Oct28

FBI Issues Warning Following Increase in E-Skimming Attacks

The FBI has issued a warning following an increase in e-skimming attacks on small and medium sized businesses and government agencies. E-skimming is the term given to the loading of malicious code onto e-commerce websites that captures credit card information when consumers purchase products online. The code sends personal information and credit card details to an attacker-controlled domain in real-time. These attacks are performed on...

Read More
Google Rolls out DNS-over-HTTPS in Chrome 78 and Fixes 37 Vulnerabilities
Oct24

Google Rolls out DNS-over-HTTPS in Chrome 78 and Fixes 37 Vulnerabilities

Google has released Version 78 of Chrome, which includes fixes for 37 vulnerabilities in the browser and several new features, including DNS-over-HTTPS (DoH). DoH is an experimental addition to the browser to test the new technology and comes a month after Firefox added DoH to its browser. DoH has already been implemented by several DNS providers to improve privacy and security. Essentially, DoH introduces the same security benefits...

Read More
Free Decyptor for STOP Ransomware Released
Oct21

Free Decyptor for STOP Ransomware Released

Researchers at New Zealand-based cybersecurity firm Emsisoft have released a free decryptor for STOP ransomware. STOP ransomware is primarily used to attack consumers rather than businesses and is usually delivered via cracked software and adware bundles distributed on websites that offer cracks for legitimate software applications such as Photoshop. The threat actors behind the campaign are highly active. In fact, STOP ransomware is...

Read More
How Much Does Cisco Umbrella Cost?
Oct18

How Much Does Cisco Umbrella Cost?

If you are looking for a content filtering solution that will protect your business from web-based threats, Cisco Umbrella will no doubt be one of the solutions you look at, but how much does Cisco Umbrella cost? Many cybersecurity solution providers offer price lists on their websites to allow potential customers to decide whether the solution falls within their budget. The lack of pricing on the Cisco website may give you an idea...

Read More
Only 32% of Companies are Adopting a Security-First Approach to Cloud Data Storage
Oct17

Only 32% of Companies are Adopting a Security-First Approach to Cloud Data Storage

A recent survey conducted by the Poenmon Institute has revealed less than a third (32%) of companies are adopting a security-first approach to data stored in the cloud. The survey was conducted for the 2019 Thales Global Cloud Security Study on 3,000 IT and IT security professionals in 8 countries – Australia, Brazil, France, Germany, India, Japan, the UK and the US. The survey revealed 48% of corporate data is now stored in the...

Read More

Immediate Access

Privacy Policy