Trending Security Topics

Cybersecurity Awareness Basics

How to avoid identity theft, frauds, scams and more. Click below for more information.

Cybersecurity Basics


Internet Explorer’s Days Are Finally Numbered, And It’s Good News For Online Security

The use of Internet Explorer by the average personal computer user has pretty much vanished, as Microsoft no longer includes the software within new versions of Windows.

From “Verdict” (5/07/2019)


The 5 Most Hacked Passwords

The report includes the top 100,000 passwords from the Have I Been Pwned data set to determine which regularly used passwords have been hacked the most often.

From “Tech Republic” Alison DeNisco Rayome (4/22/2019)


5 Ways Hackers Use Digital Channels To Launch VIP Attacks

Often the most dangerous attacks of all, spear-phishing targets specific victims, rather than being carried out en-masse. After forming an intimate profile of their target victim, attackers will attempt to build trust before trying to obtain sensitive information from them. Given the fact they have access to highly valuable data, corporate executives are some of the most common targets of these scams. However, other spear-phishing attacks instead target the most vulnerable persons (MVPs) in the organization, which tend to be those who are further down the corporate ladder but still have access to valuable data, such as HR or IT managers.

From “SafeGuard Cyber” Jim Zuffoletti (4/30/2019)


North Korean Tunneling Tool: ELECTRICFISH

This report provides analysis of one malicious 32-bit Windows executable file. The malware implements a custom protocol that allows traffic to be tunneled between a source and a destination Internet Protocol (IP) address. The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a tunneling session. The malware can be configured with a proxy server/port and proxy username and password.

This feature allows connectivity to a system sitting inside of a proxy server, which allows the actor to bypass the compromised system’s required authentication to reach outside of the network.

From “U.S. Department of Homeland Security CISA” (5/09/2019)

 

Federal Reserve Voices Concern Over Corporate Debt

The International Monetary Fund and Moody’s are among the other bodies that have recently raised concerns over climbing corporate debt levels. In the U.S., Moody’s report, released in February, echoed Fed sentiment that an economic downturn could significantly increase the risk exposure for financiers linked to high corporate debt levels.

From “PYMNTS” (5/08/2019)

 

Cyber Risk: What Questions To Ask – And How To Ask Them

The days are long gone when board members could take a passive approach to cybersecurity. If you sit on a board, you have a fiduciary responsibility to help set the agenda for cybersecurity and exercise proper oversight to minimize overall risk to the organization.

From “Security Roundtable.org” Sean Duca (4/02/2019)

 

Why Human Error Is Still The Top Cybersecurity Risk For Organizations

Despite advancing threats from hackers and nation states, human error remains the top cybersecurity concern for both C-suite executives and policymakers, according to a Wednesday report from Oracle. To combat this issue, professionals must invest more in employees—via training and hiring—than in technologies in the coming two years, the report found.

From “Tech Republic” Alison DeNisco Rayome (5/01/2019)

 

9 Things You Need To Know About The WhatsApp Zero-Click Spyware Attack

Facebook-owned WhatsApp is urging all of its users worldwide to update the app to the latest version of the software after it discovered that the app’s integrity had been compromised. The warning came after the Financial Times revealed that a vulnerability had been discovered that let attackers install spyware on iPhones and Android phones simply by placing a WhatsApp voice call to the user’s smartphone.

From “Fast Company” Michael Grothaus (5/14/2019)

 

Intel’s ‘ZombieLoad’ Fixes May Slow Processors By 9 Percent

Researchers have identified fresh flaws in Intel processors that attackers could exploit to steal private data from PCs and servers, including cloud environments. The vulnerabilities, dubbed "ZombieLoad" by the researchers who discovered them, could be used to steal sensitive data from affected systems.

From “Bank Info Security” Mathew J. Schwartz (5/15/2019)

 

Most SMBs Would Pay A Hacker A Ransom To Get Their Stolen Data Back

Social media apps and websites are the biggest potential threat vectors to businesses, according to an AppRiver report…More than half (55%) of executives at small-to-medium-sized companies (SMBs) said they would pay a ransom to hackers if it got them their stolen data back, according to an AppRiver report released Thursday. This number increases to 74% for professionals at larger SMBs, who reported they "definitely would pay ransom at almost any price" to either get their data back, or prevent it from getting stolen, the report found.

From “Tech Republic” Macy Bayern (4/25/2019)

 

Microsoft Office 365 Security Observations

As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.

From “U.S. Department of Homeland Security CISA” (5/13/2019)

 

Ever App Users Uploaded Billions Of Photos, Unaware They Were Being Used To Build A Facial Recognition System

Whenever you’re offered a product for free, ask yourself how the company is planning to make money. Are they hoping to upgrade you to a paid account, going to bombard you with ads, or exploit your data in some other fashion?

From “Graham Cluley” Graham Cluley (5/09/2019)

 

Avoid Crowdfunding Scams

Crowdfunding is one way to support a project you believe in and get rewards for that support. But the project you’re backing is only as good as the people behind it. Some dishonest people can take your money but produce nothing – no product, no project, and no reward.

From “Federal Trade Commission” (5/06/2019)

 

Get A One-Ring Call? Don’t Call Back.

A while back, we warned you about the “one ring” scam. That’s when you get a phone call from a number you don’t know, and the call stops after just one ring. The scammer is hoping you’ll call back, because it’s really an international toll number and will appear as a charge on your phone bill — with most of the money going to the scammer. Well, the scam is back with a vengeance, and the FCC just issued a new advisory about it.

From “Federal Trade Commission” Michael Atleson (5/07/2019)

 

5 Emerging Vectors Of Attack And Recommendations For Mitigating The Risks (Click link to see full article.)

A lack of network visibility is a key challenge we hear about often from the network security community. It’s the result of a complicated mix of issues such as infrastructure complexity, BYOD, and the cloud transformation, among others.

Compilations like these all ranked among the top 10 challenges in network security as identified by network security professionals we recently surveyed. These were also central elements in a panel session held at the RSA Conference titled, The Five Most Dangerous New Attack Techniques and How to Counter Them.

This particular panel is held annually and brings together a group of experts from the SANS Institute. It’s moderated by SANS Institute Research Director and Founder Alan Paller and describes the current threats his team identifies in their research, along with recommendations for mitigating the associated risks.