As you’ve probably noticed from tuning into our weekly newsletter, ransomware attacks are increasing in scope and severity at an alarming rate.
Security researchers are now tracking a new ransomware that is infecting computers by disguising itself as anti-virus software. Talk about a malicious advancement for an already meticulous cybersecurity threat!
This latest file-locking malware is disguised as an anti-virus installation that users willingly download on their computers. Victims are lured by the false request through phishing emails that prompt users to “update and verify” their anti-virus software with an embedded link.
When users click on the link, the malware downloads ransomware and an outdated anti-virus software. The download begins encrypting files in the background while unknowing users complete the anti-virus software installation.
While this tactic isn’t necessarily new, its reemergence should compel companies to train their employees to spot malicious materials and to create a comprehensive plan for dealing with phishing scams, malware, and ransomware attacks. Consider partnering with an MSP that can offer phishing simulation training, like BullPhish ID from ID Agent, that can help support such initiatives with state-of-the-art solutions.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Friday, May 31, 2019
Thursday, May 30, 2019
In Other News: Card Data Stolen From 201 Online Campus Stores
In Other News:
Card Data Stolen From 201 Online Campus Stores
201 online campus stores for universities based in the U.S. and Canada were victimized by the popular Magecart attack, where hackers plant malicious JavaScript code on a website. This code collects payment information from customers using an affected platform. Once the financial data is collected, it is remotely stored by hacking groups who subsequently sell that information on the Dark Web.
The Magecart skimming code has been identified on at least ten other platforms and has spread to e-commerce sites as well.
Interestingly, cybersecurity researchers noticed that Magecart groups often don’t pursue e-commerce sites directly. Instead, they target components that often accompany their online store, such as chat and support widgets.
The weight of this incident serves as a reminder: companies need to invest in a holistic suite of cybersecurity solutions that accounts for today’s entire evolving threat landscape.
https://www.zdnet.com/article/hackers-steal-card-data-from-201-online-campus-stores-from-canada-and-the-us/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Card Data Stolen From 201 Online Campus Stores
201 online campus stores for universities based in the U.S. and Canada were victimized by the popular Magecart attack, where hackers plant malicious JavaScript code on a website. This code collects payment information from customers using an affected platform. Once the financial data is collected, it is remotely stored by hacking groups who subsequently sell that information on the Dark Web.
The Magecart skimming code has been identified on at least ten other platforms and has spread to e-commerce sites as well.
Interestingly, cybersecurity researchers noticed that Magecart groups often don’t pursue e-commerce sites directly. Instead, they target components that often accompany their online store, such as chat and support widgets.
The weight of this incident serves as a reminder: companies need to invest in a holistic suite of cybersecurity solutions that accounts for today’s entire evolving threat landscape.
https://www.zdnet.com/article/hackers-steal-card-data-from-201-online-campus-stores-from-canada-and-the-us/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Wednesday, May 29, 2019
What We’re Listening To:
What We’re Listening To:
Know Tech Talks
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Monday, May 27, 2019
Friday, May 24, 2019
E-retail theft is a lucrative business
E-retail theft is a lucrative business
Traditionally, payment credentials stolen from brick-and-mortar stores were able to command a higher price on the Dark Web than card-not-present data (also known as CNP). However, it seems like the market dynamics have recently shifted, as this information is now being used to target online retailers.
Consequently, the demand for these credentials is far outpacing supply, driving up the price. The economics can be explained by the recent US migration towards chip-based payment cards, which offer a superior level of fraud protection for in-store purchases.
Such news has broad implications for both consumers and companies operating in today’s digital ecosystem. Security has to be a constant priority, since payment trends will give way to new threats, and tomorrow’s vulnerabilities will not be the same as those existing today. In order to keep a continuous pulse on your employee and customer data, consider partnering up with an MSP that implements proactive Dark Web monitoring (like ours).
https://krebsonsecurity.com/2019/04/data-e-retail-hacks-more-lucrative-than-ever/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Traditionally, payment credentials stolen from brick-and-mortar stores were able to command a higher price on the Dark Web than card-not-present data (also known as CNP). However, it seems like the market dynamics have recently shifted, as this information is now being used to target online retailers.
Consequently, the demand for these credentials is far outpacing supply, driving up the price. The economics can be explained by the recent US migration towards chip-based payment cards, which offer a superior level of fraud protection for in-store purchases.
Such news has broad implications for both consumers and companies operating in today’s digital ecosystem. Security has to be a constant priority, since payment trends will give way to new threats, and tomorrow’s vulnerabilities will not be the same as those existing today. In order to keep a continuous pulse on your employee and customer data, consider partnering up with an MSP that implements proactive Dark Web monitoring (like ours).
https://krebsonsecurity.com/2019/04/data-e-retail-hacks-more-lucrative-than-ever/
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Thursday, May 23, 2019
What We’re Listening To:
What We’re Listening To:
Know Tech Talks
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Wednesday, May 22, 2019
In Other News:
In Other News:
Your Google Chrome extension may be an accomplice to phishing scams
Users of the popular Google Chrome browser could be susceptible to a new phishing scam. Android mobile users running Google Chrome might be familiar with the browser’s aesthetic, user-experience guided method of hiding the address bar when a user scrolls through a website. However, perpetrators of phishing scams are now using this feature to display a fake URL bar that persists when users scroll.
At the same time, the fictitious URL bar can display the credentials of real websites, making users think they are viewing an authentic website. By hiding the original URL bar, users can be easily directed towards malicious third-party sites where users could expose their personal or financial data.
This vulnerability is being exploited to execute effective phishing scams that quickly capture users most sensitive information. Beware!
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Your Google Chrome extension may be an accomplice to phishing scams
Users of the popular Google Chrome browser could be susceptible to a new phishing scam. Android mobile users running Google Chrome might be familiar with the browser’s aesthetic, user-experience guided method of hiding the address bar when a user scrolls through a website. However, perpetrators of phishing scams are now using this feature to display a fake URL bar that persists when users scroll.
At the same time, the fictitious URL bar can display the credentials of real websites, making users think they are viewing an authentic website. By hiding the original URL bar, users can be easily directed towards malicious third-party sites where users could expose their personal or financial data.
This vulnerability is being exploited to execute effective phishing scams that quickly capture users most sensitive information. Beware!
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Saturday, May 18, 2019
What We’re Listening To:
What We’re Listening To:
Know Tech Talks
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
What We’re Listening To:
Know Tech Talks
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Security NowDefensive Security Podcast Small Business, Big Marketing – Australia’s #1 Marketing Show!IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Friday, May 17, 2019
A new study reveals data exposure from hotel reservations
In Other News:
A new study reveals data exposure from hotel reservations
Symantec’s recent report on the security vulnerabilities of hotel websites found that the majority of them are leaking customer data.
The study was exhaustive, including 1,500 hotels in 54 countries and covering the gauntlet of lost-cost and high-end hotels. However, no single panacea was presented as a solution for the issue. Instead, different companies faced unique vulnerabilities to their systems and processes.
For instance, most hotels send guests a link to manage their reservation, but some hotels fail to encrypt this data, making it easily accessible to hackers and others accessing this information. At the same time, hotels collaborating with discount sites and advertisers are making guest data available to these third-party partners, elongating the exposure.
Moreover, the company found that hotels are uniquely susceptible to brute force attacks, a unique vulnerability that could allow bad actors to target specific individuals including CEOs, celebrities, or conference attendees.
Coming on the heels of the Marriott breach that revealed the information of 500 million guests, this report is a reminder to the industry that they need to be particularly aware of their security vulnerabilities and to take steps to protect customer information. Software solutions like BullPhish ID can mitigate many of these issues at the root source by helping you gain a thorough understanding of your company’s unique cybersecurity needs.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Thursday, May 16, 2019
Dark Web ID Trends
Chipotle accounts might be getting hacked, the Weather Channel is struck by ransomware, both France and UK government organizations face breach, and Australian businesses are paying off ransomware attacks.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Construction & Engineering
Top Employee Count: 11 - 50 Employees
Top Compromise Type: Domain (99%)
Top Industry: Construction & Engineering
Top Employee Count: 11 - 50 Employees
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Wednesday, May 15, 2019
Tuesday, May 14, 2019
Coming soon - Cybersecurity for 5G
Coming soon - Cybersecurity for 5G
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cybersecurity strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but security providers and solutions will prepare you with the tools to fight back.
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/securing-enterprises-for-5g-connectivity
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cybersecurity strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but security providers and solutions will prepare you with the tools to fight back.
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/securing-enterprises-for-5g-connectivity
Monday, May 13, 2019
Fire sale on the Dark Web: 60,000 digital fingerprints
Fire sale on the Dark Web: 60,000 digital fingerprints
This week’s Kaspersky Security Analyst Summit revealed a troubling development, even by Dark Web standards.
Kaspersky researchers detailed a new online marketplace where cybercriminals can purchase full digital fingerprints for 60,000 online users. Genesis, the name ascribed to the new marketplace, sells full user profiles for as little as $5. This information helps cyber criminals evade many of the security standards that currently detect abnormal account behavior and can be indicative of fraud.
For instance, a full user profile doesn’t just include login information. It provides thieves with account cookies, browser details, webGL signatures, and other features that allow criminals to evade detection. Data thieves use a Genesis Chrome extension to use the stolen information, something that security researchers have already discovered in the wild.
It’s recommended that people enable two-factor authentication whenever possible to help prevent this scheme from impacting them. At the same time, keeping an eye on our digital information seems even more pertinent than ever. Software solutions like BullPhish ID can help you keep a pulse on your customer and employee data by continuously tracking the “when, where, and what.”
This week’s Kaspersky Security Analyst Summit revealed a troubling development, even by Dark Web standards.
Kaspersky researchers detailed a new online marketplace where cybercriminals can purchase full digital fingerprints for 60,000 online users. Genesis, the name ascribed to the new marketplace, sells full user profiles for as little as $5. This information helps cyber criminals evade many of the security standards that currently detect abnormal account behavior and can be indicative of fraud.
For instance, a full user profile doesn’t just include login information. It provides thieves with account cookies, browser details, webGL signatures, and other features that allow criminals to evade detection. Data thieves use a Genesis Chrome extension to use the stolen information, something that security researchers have already discovered in the wild.
It’s recommended that people enable two-factor authentication whenever possible to help prevent this scheme from impacting them. At the same time, keeping an eye on our digital information seems even more pertinent than ever. Software solutions like BullPhish ID can help you keep a pulse on your customer and employee data by continuously tracking the “when, where, and what.”
Thursday, May 9, 2019
Cyber-attacks are soaring in 2019
In Other News:
Cyber-attacks are soaring in 2019
It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.
According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.
However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.
Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.
It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.
Bit by Bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
Cyber-attacks are soaring in 2019
It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.
According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.
However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.
Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.
It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.
Bit by Bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com
This week, phishing scams target US
This week, phishing scams target US government and healthcare employees, Canadian plane parts are held for ransom, EU citizens are compromised in a UK breach, and 60,000 digital fingerprints find their way to the Dark Web.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Manufacturing
Top Employee Count: 11 - 50 Employees
Top Compromise Type: Domain (99%)
Top Industry: Manufacturing
Top Employee Count: 11 - 50 Employees
Wednesday, May 8, 2019
Tuesday, May 7, 2019
Coming soon - Cybersecurity for 5G
Coming soon - Cybersecurity for 5G
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cybersecurity strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but security providers and solutions will prepare you with the tools to fight back.
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/securing-enterprises-for-5g-connectivity
As you might imagine, many industries are gearing up to harness the widely anticipated development of 5G. Although there is much to gain, including better speeds and more consistency, we must also prepare for 5G to usher in its own showcase of security threats.
One of the immediate concerns that rises to the top is how 5G will transform data collection and protection. With fast-moving and highly customized web traffic, new technologies such as IoT devices will be enabled, creating an unmet need in security statistics and metrics.
High-level cybersecurity strategies must adapt to meet these needs, but one maxim still holds true. Hackers will continue to expose the gaps within the infrastructures of small businesses or enterprises, but security providers and solutions will prepare you with the tools to fight back.
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/securing-enterprises-for-5g-connectivity
Monday, May 6, 2019
In Other News:
In Other News:
Fire sale on the Dark Web: 60,000 digital fingerprints
This week’s Kaspersky Security Analyst Summit revealed a troubling development, even by Dark Web standards.
Kaspersky researchers detailed a new online marketplace where cybercriminals can purchase full digital fingerprints for 60,000 online users. Genesis, the name ascribed to the new marketplace, sells full user profiles for as little as $5. This information helps cyber criminals evade many of the security standards that currently detect abnormal account behavior and can be indicative of fraud.
For instance, a full user profile doesn’t just include login information. It provides thieves with account cookies, browser details, webGL signatures, and other features that allow criminals to evade detection. Data thieves use a Genesis Chrome extension to use the stolen information, something that security researchers have already discovered in the wild.
It’s recommended that people enable two-factor authentication whenever possible to help prevent this scheme from impacting them. At the same time, keeping an eye on our digital information seems even more pertinent than ever. Software solutions like BullPhish ID can help you keep a pulse on your customer and employee data by continuously tracking the “when, where, and what.”
Fire sale on the Dark Web: 60,000 digital fingerprints
This week’s Kaspersky Security Analyst Summit revealed a troubling development, even by Dark Web standards.
Kaspersky researchers detailed a new online marketplace where cybercriminals can purchase full digital fingerprints for 60,000 online users. Genesis, the name ascribed to the new marketplace, sells full user profiles for as little as $5. This information helps cyber criminals evade many of the security standards that currently detect abnormal account behavior and can be indicative of fraud.
For instance, a full user profile doesn’t just include login information. It provides thieves with account cookies, browser details, webGL signatures, and other features that allow criminals to evade detection. Data thieves use a Genesis Chrome extension to use the stolen information, something that security researchers have already discovered in the wild.
It’s recommended that people enable two-factor authentication whenever possible to help prevent this scheme from impacting them. At the same time, keeping an eye on our digital information seems even more pertinent than ever. Software solutions like BullPhish ID can help you keep a pulse on your customer and employee data by continuously tracking the “when, where, and what.”
What We’re Listening To:
Subscribe to:
Posts (Atom)
-
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831 -
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
-
In today's digital age, where the internet is an integral part of our lives, safeguarding our digital devices from malicious threats is ...
