A backup server run by the Oklahoma Department of Securities had exposed terabytes of sensitive data. The server was misconfigured. Millions of sensitive records were released. Citizens of Oklahoma were notified that their identities may have been compromised.
What I want you to realize is that the State of Oklahoma is NOT the only organization with misconfigured servers. When we are asked to assess an organization’s security, nearly 9 times out of 10 they have a server that is misconfigured leaving them vulnerable to a ransomware attack or data breach.
The server at Oklahoma Department of Securities was discovered in early December of last year. The simple mistake was that it was set to public access—allowing anyone to ping it and get information out of it. If a hacker was scanning organizations for open ports or ways to get in, this would be the equivalent of a box office at the movies giving away free seats.
continue reading
Cybersecurity experts discovered a malicious campaign that takes less than a minute to execute that has proven to give BIG paydays to the criminals using it. The attack ends with you getting a pretty awful strain of ransomware—leading to your files completely encrypted and your workers unable to get essentially anything done.
Discovered late in December, this attack has been spreading through cybercrime rights. It steals documents, browser histories (including cookies that may be storing your online passwords or filled in information), currency, data from 2 Factor Authentication programs, including messages with verification codes. On top of all of this, this new methodology also can take screenshots of your computer, imaging and sending away any sensitive information that could be up on your screen.
continue reading
Cybersecurity experts just revealed yet another way criminals are trying to deceive your users.
The culprit?
A sneakier phishing attack that has been hard to detect.
You see, this phishing attack uses a new technique to hide the malicious code on the page to where a link in an email takes a user. This attack has led to numerous thieves stealing user credentials from all sorts of secure organizations ranging the gamut from banks to hospitals.
This attack evades detection using a never-seen-before trick that leverages a customized font to cover up any sign that it a malicious attack.
Recent research discoverers new credential-harvesting malicious phishing attack
continue reading
Back in the 90’s we (as in security teams) were having discussions on the very scary possibility that an attacker could capture the contents on your monitor or screen from outside a building. This scare was mainly driven from companies concerned about their competitors gleaning information from their businesses.
My take on those concerns in the 90’s was if they’re actually spending enough money to pack a surveillance team outside of your house or company, they’re really making an effort. What we were faced with in the 90’s—the days of Mission Impossible and Tom Cruise—was entirely different than today. Different fears and what if’s. Most of them were probably not substantiated with any clear and present danger. Those Mission Impossible risks and attacks were (at least in retrospect) not well-founded.
continue reading
Just as everything has changed since the mid-nineties when the internet started, so too have phishing attacks. I’m sure you remember getting those Nigerian Prince scams or a widow asking you for help a while back? Well, those scams simply seeking money are not by any means the same as they are today (and to become in 2019).
You see, as people started expecting more from the internet, so too have the attacks gotten more sophisticated and deceptive. They are more creative and have become especially difficult to recognize.
continue reading
Countless businesses large and small have been involved in data breaches over the past year. From Delta to Best Buy, a huge number of big names have made headlines—the majority of these breaches stemming from third-party vendors not doing their security due diligence.
Across industries from healthcare to distribution to manufacturing, companies have started to worry about the devastating effects of cyberattacks and data breaches.
Not only will you have to pay hefty fines or face consequences to whoever is regulating your industry, but you’ll have to answer to clients and deal with eroded trust. The fact is that more than three-quarters of business go out of business within a year of a cyber event.
Be Wary Of Your Business Partnerships!
continue reading
