Trending Security Topics
Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
The new campaign begins with phishing emails which reference the recent Lion Air crash just off the coast of Indonesia. The Microsoft Word document is named Lion Air Boeing 737.docx and claims to have an author named 'Joohn'. The reason this subject has been chosen for the lure is likely simply that people respond to emails which are related to current events. From “Tech Republic” Danny Palmer (11/20/2018)
It’s extremely important to raise awareness about charity scams to help ensure that donors’ hard-earned money goes to the worthy causes they seek to support, not to fraudsters. From “Federal Trade Commission” (10/22/2018)
A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen account credentials to add a new phone number to the customer’s account and then use that added device to siphon cash from hijacked accounts at cardless ATMs. From “Krebs on Security” Brian Krebs (11/02/2018)
The internal alert — sent by the Secret Service on Nov. 6 to its law enforcement partners nationwide — references a recent case in Michigan in which seven people were arrested for allegedly stealing credit cards from resident mailboxes after signing up as those victims at the USPS’s Web site. From “Krebs on Security” (11/18/2018)
The new website, created in cooperation with the US Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Small Business Administration (SBA), was officially launched on Oct. 18. It includes cybersecurity basics and best practices including the NIST cybersecurity framework for SMBs, and covers security threats, such as phishing, ransomware, email spoofing, and tech support scams. From “Dark Reading” Kelly Jackson Higgins (10/26/2018)
With more data breaches in the news than ever before, you need to be a company that proactively protects your customer data, rather than one trying to explain why that data is now for sale on the dark net. Here are five ways to maximize customers' data security. From “Tech Republic” Tom Merritt (10/18/2018)
3 Cyberattacks on organizations are predicted to skyrocket during the online holiday shopping season. Here is how to identify possible threats. From “Tech Republic” Macy Bayern (11/27/2018)
As the holidays approach, NCCIC reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, which could result in security breaches, identify theft, or financial loss. From “US-CERT” (11/19/2018)
Grayware refers to any program, file, or application that raises suspicions or otherwise seems untrustworthy to your security team or endpoint security solution. The programs or files may carry unfamiliar names or have familiar names and publishers but are offered through suspicious sites or platforms. The issue is not these programs and files being malicious. Instead, the issue is they are impossible to distinguish from malicious programs or innocent ones. Often, these programs create new vulnerabilities not by being actively malicious but by being so poorly coded they create new attack vectors. Alternatively, grayware’s activities can create security issues exacerbating actual malicious programs. From “Solutions Review” Ben Canner (11/13/2018)
The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details. From “US-CERT” (10/16/2018)
Online advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border Gateway Protocol-hijacked IP addresses. From “US-CERT” (11/27/2018)
As many of you may have read by now, Marriot has announced that their Starwood reservation database was hacked, putting upwards of 500 million records potentially compromised. Marriott (which acquired Starwood hotels in 2016) is one of the largest hotel chains in the world. Anyone who made a reservation for a Starwood property on or before September 18, 2018 may have been compromised. This includes names, credit card numbers, birth dates, arrival and check out dates, and potentially passport numbers. From “SANS” (12/3/2018)
New Small Business Resources For The New Year - CyberSecure My Business™ Webinar – December 11, 2018
National Cybersecurity Awareness Month featured some great new resources for the business community including the National Initiative for Cybersecurity Education's “Cybersecurity is Everyone’s Job.” This guidebook provides things to know, and things to do, for everyone in an organization, regardless of its type or size. The Department of Homeland Security also unveiled its new “Cybersecurity Resources Road Map,” a Guide for Critical Infrastructure. Join NCSA and our partners to hear an overview about each report and discuss the quick tips and takeaways your small business needs to know!
Be sure to register for the third webinar in Gladiator’s Maturing Your Cybersecurity Program series. • What the Disaster Taught Us –A Bank's Lessons Learned from Executing their Business Continuity Plan Wednesday, December 12 at 2 p.m. CT You can find more details about these webinars and registration links in Gladiator’s resource center – and don’t miss the new Become More #CyberAware video. Gladiator will also be announcing additional cybersecurity webinar dates within the resource center in the future.
Am I Hacked
Just like driving a car, sooner or later you may have an accident no matter how secure you are. Below are clues to help figure out if you have been hacked and, if so, what to do. The sooner you identify something bad has happened, the more likely you can fix the problem. From “SANS OUCH! November” (11/07/2018)
Clues You Have Been Hacked
•Your anti-virus program generates an alert that your system is infected. Make sure it is your anti-virus software generating the alert, and not a pop-up window from a website trying to fool you into calling a number or installing something else. Not sure? Open your anti-virus program. •You get a pop-up window saying your computer has been encrypted and you have to pay a ransom to get your files back.
•Your browser is taking you to all sorts of websites that you did not want to go to.
•Your computer or applications are constantly crashing or there are icons for unknown apps or strange windows popping up.
•Your password no longer works even though you know it is correct.
•Friends ask you why you are spamming them with emails that you know you never sent.
•There are charges to your credit card or withdrawals from your bank account you never made.
How to Respond
If you suspect you have been hacked, the sooner you act the better. If the hack is work related, do not try to fix the problem yourself; instead, report it immediately. If it is a personal system or account that has been hacked, here are some steps you can take:
•Change Your Passwords: This includes not only changing the passwords on your computers and mobile devices, but for your online accounts. Do not use the hacked computer to change your passwords; use a different system that you know is secure. If you have a lot of accounts, start with the most important ones first. Can’t keep track of all your passwords? Use a password manager.
•Financial: For issues with your credit card or any financial accounts, call your bank or credit card company right away. Use a trusted phone number to call them, such as from the back of your bank card, your financial statements, or visit their website from a trusted computer. In addition, consider putting a credit freeze on your credit files.
•Anti-virus: If your anti-virus software informs you of an infected file, follow the actions it recommends. Most anti-virus software will have links you can follow to learn more about the specific infection.
•Reinstalling: If you are unable to fix an infected computer or you want to be surer your system is safe, reinstall the operating system. Do not reinstall from backups; instead, backups should 6 only be used for recovering your personal files. If you feel uncomfortable rebuilding, consider using a professional service to help you. Or, if your computer or device is old, it may be easier to purchase a new one. Finally, once you have rebuilt your system or purchased a new one, make sure it is updated and enable automatic updating whenever possible.
•Backups: A key step to protecting yourself is to prepare ahead of time with regular backups. Many solutions will automatically back up your files daily or hourly. Regardless of which solution you use, periodically check that you are able to restore those files. Quite often, recovering your data backups is the only way you can recover from being hacked.
•Law Enforcement: If you feel in any way threatened, report the incident to local law enforcement. If you are the victim of identity theft and are based in the United States, then visit https://www.identitytheft.gov.