Saturday, January 30, 2021

Dropbox Scam




Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Thursday, January 28, 2021

Another Password expiring scam:

What do you see wrong with this?




Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

How Strong is the Lock on the Door to Your Data?



You wouldn’t trust a flimsy old lock to secure the door to your business. Why are you trusting one to secure your business systems and data? It sounds logical that you’d want the most secure lock on your office door, but many companies don’t extend that logic to the access points to their systems and data, leaving them wide open to cybercriminal mischief.

In a recent survey, only 24% of businesses were using security access controls, like a secure identity and access management solution instead of old-fashioned password-based security. That’s a boon for cybercriminals – compromised passwords are the key to entry for them in around 85% of all data breaches. Strong access point security isn’t just something for major corporations anymore. Every business needs it, and solutions like Passly ensure that every business can afford it. 


Password danger can be created by IoT Cybersecurity risk too & healthcare ransomware attacks

Would you trust a flimsy lock for your front door? Add a stronger lock between cybercriminals and your business when you learn to Build Better Passwords.  GET IT>>


Protecting your systems and data with just a password isn’t going to cut it anymore. Even if your employees are making good, complex passwords and practicing excellent password hygiene, relying on passwords alone is outmoded and dangerous. Huge stores of passwords that have been stolen in past data breaches are available in Dark Web markets and data dumps to power credential stuffing attacks and other cybercrime.

Passly makes it easy and affordable to defend against password-based attacks with the tools that experts recommend: multifactor authentication, single sign-on, secure shared password vaults and more. Plus, Passly deploys in days, not weeks for an immediate security improvement. Don’t wait to beef up your access point security. Add a secure identity and access management solution today and make sure that the access points to your systems and data are really protected.


Need help give us a call, 877.860.5863 x190


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

The Week in Breach News

The Week in Breach News – United States 


United States – Teespring

https://cybernews.com/security/8-million-teespring-user-records-leaked-on-hacker-forum/

Exploit: Hacking

Teespring: eCommerce Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.129 = Severe 

Hackers have dropped a huge trove of user and creator data allegedly from Teespring, an e-commerce platform that specializes in enabling designers to market their wares. The two massive files of stolen data include email addresses and last update dates for 8,242,000 user accounts.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.221 = Severe 

The info dump contains 4,000,000+ user records, including usernames, full names, locations, phone numbers, Creator IDs, referral information, trust score, whitelisted seller campaigns, storefronts, bank check payouts, and other analytics data. This data could be used to conduct business email compromise attacks and spear phishing attempts. 

Customers Impacted: 8,242,000

How it Could Affect Your Customers’ Business: Data like this is sought-after by cybercriminals and often hangs around for years on the Dark Web, acting as fuel for future cybercrime.



United States – Circuit Court of Cook County 

https://www.securityweek.com/illinois-court-exposes-more-323000-sensitive-records

Exploit: Unsecured Server

Circuit Court of Cook County: Municipal Court System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe

An unsecured Elasticsearch server is the cause of a huge data exposure containing more than 323,277 Cook County court-related records. Researchers estimate that the database may have belonged to a specialist Cook County department of caseworkers working with people who needed additional help. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

The records contained PII such as full names, home addresses, email addresses, and court case numbers and notes on the status of both the case and the individuals concerned. Criminal, family and immigration cases are in the mix. This data could be used to mount an array of attacks like blackmail, identity theft and spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Failing to take a simple step to secure a server that contains sensitive information doesn’t speak well to an organization’s commitment to cybersecurity.



United States – MeetMindful

https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/

Exploit:  Hacking

MeetMindful: Dating Site

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.979 = Severe 

Details of an estimated 2.28 million users of dating site MeetMindful was just released online in the latest in a series of stolen data dumps by cybercrime gang ShinyHunters. There’s no clear origin of the data, but researchers expect that it may have come from an unsecured AWS S3 bucket. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.779 = Severe 

The dumped data includes users’ real names, email addresses, address information, physical descriptions, dating preferences, marital status, birth data, location data, IP addresses, Bcrypt-hashed passwords, Facebook user IDs and Facebook authentication tokens. This information puts users at risk for spear phishing attacks. 

Customers Impacted: 2.28 million

How it Could Affect Your Customers’ Business: Keeping data safe from hackers starts with keeping data secure using strong access point controls and basic security protocols like multifactor authentication.



United States – Bonobos

https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/

Exploit: Hacking

Bonobos: Menswear Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.979 = Severe 

Men’s clothier Bonobos has experienced a huge 70GB data breach exposing millions of customers’ personal information after a cloud backup of their database was snatched. ShinyHunters, who had a very busy week, posted the full Bonobos database to a free hacker forum. ShinyHunters was kind enough to transform the stolen password data into a handy list for credential stuffing. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.006 = Severe 

The leaked data included customers’ addresses, phone numbers, partial credit card numbers (last four digits), order information and password histories. This information can be used in many cyberattacks including spear phishing and credential stuffing. 

Customers Impacted: 7 million

How it Could Affect Your Customers’ Business: Data theft is an increasingly worrisome problem for everyone. Not only is the original business impacted, the addition of such large troves of information to the Dark Web fuels further cybercrime. 

The Week in Breach News – Canada


Canada – City of Montmagne

https://presstories.com/2021/01/23/cyber-%E2%80%8B%E2%80%8Battack-ransomware-victim-montmagne-city/

Exploit: Ransomware

City of Montmagne: Municipal Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe 

The municipal government of Montagne in Quebec has fallen victim to a ransomware attack that crippled city systems. Some services have been restored including the phone system which was down for 6 days, but the recovery could be slow. 

Individual Risk: No personal or business financial information or PII was reported as stolen in this incident that is still under investigation. 

Customers Impacted: 17,553

The Week in Breach News – United Kingdom & European Union


United Kingdom – the7stars

https://www.theregister.com/2021/01/22/the7stars_ransomware_attack_clop/

Exploit: Ransomware

the7stars: Talent Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.411 = Severe

Clop ransomware is at the root of a data breach at the7stars, a London-based talent agency that handles clients with connections to  Atlantic Records, Suzuki and Penguin Random House. Internal client records, business agreements, photographs, business records, and other communications were included in this haul. The agency announced that it was able to restore its systems from back-ups and are continuing to investigate. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.221 = Severe

The stolen data includes scans of passports, invoices, and other sensitive information about the agency’s clients. This information can be used for identity theft and spear phishing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge risk for every business, and it’s essential that everyone in your team is on board to spot and stop ransomware attacks.



Sweden- Pixlr 

https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/ 

Exploit: Third Party Data Breach

Pixlr: Photo Editing Software Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.827 = Severe 

ShinyHunters are at it again, this time with a dump of data from Pixlr. The gang claims that the Pixlr data was obtained through their earlier successful breach at stock photo site 123rf, which is owned by the same parent company. The Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.717 = Severe 

User information was stolen that includes basic contact information for users, leaving them at risk for spear phishing attacks. 

Customers Impacted: 1,921,141

How it Could Affect Your Customers’ Business: Third party data breaches are becoming all too common as Dark Web data grows, creating even more risk for businesses, especially around credential stuffing.



The Week in Breach News – Australia & New Zealand


Australia – Australia Securities and Investments Commission 

https://www.reuters.com/article/us-australia-cyber-asic/australias-securities-regulator-says-server-hit-by-cyber-security-breach-idUSKBN29U0S7

Exploit: Hacking 

Australia Securities and Investments Commission: Securities Regulator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe 

A security breach at Australia’s security regulator may have led to a significant data exposure. The breach occurred on a server that the organization used to transfer files including credit license applications where some information may have been viewed. This breach may have been caused by a suspected flaw in third-party software that may have also spurred a similar breach at the New Zealand central bank a few weeks ago. 

Individual Risk: No personal or business data was reported as confirmed to be stolen in this incident that is still under investigation. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Taking precautions against potential third party data breaches is sensible for every business because you can never be sure how another company’s cybersecurity flaws may impact your business.



The Week in Breach News Guide to Our  Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

This Week in Breach News:



ShinyHunters work overtime at multiple targets including Pixlr, data theft puts a star talent agency in the spotlight, and three of our best tips for securing clients in an evolving threat landscape at a price you’ll both love.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Office 365 Scam - Password Expires today


What all do you see wrong with this?

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Friday, January 22, 2021

Thursday, January 21, 2021

Wednesday, January 20, 2021

Can Your Staff Really Spot Phishing Messages? Can You?

Can Your Staff Really Spot Phishing Messages? Can You? 


Phishing is a threat that looms large for every business. In 2020, phishing threats grew by more than 600% as cybercriminals took advantage of a perfect storm of factors that gave them great advantages: a newly remote workforce, world unrest, the COVID-19 pandemic and a crashing economy.

That’s definitely a growth category for cybercrime in 2021. Damage related to cybercrime including phishing-related threats like ransomware and business email compromise is projected to hit $6 trillion annually in 2021 as a new cyberattack is launched every 39 seconds. 

One of the best investments that you can make to protect your business from today’s worst cyberattack threats is security awareness training featuring phishing resistance. We’re making that easier than ever before with the newly updated BullPhish ID. 

Featuring user-friendly training portals, customizable training materials, and simple remote management, BullPhish ID is the top-flight training solution that includes everything that you need to get your team ready to face down phishing at an excellent price.

Don’t wait to start your 2021 security awareness and phishing resistance training program. Act now to start protecting your business from cybercrime before one click on one phishing email costs you a fortune.


Bit by bit has security packages that can help secure your network, call today to schedule a time to learn more about how we can help. 


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Breaches around the world

The Week in Breach News – Canada


Canada – Government of Saskatchewan Hunting, Angling & Fishing Licensing (HAL)

https://globalnews.ca/news/7573195/saskatchewan-privacy-commissioner-hunting-licence-breach/ 

Exploit: Human Error

Government of Saskatchewan HAL: Regional Regulatory System

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate 

The Government of Saskatchewan is informing citizens that an information security incident occurred on 01/07/20 when an email regarding Hunter Harvest surveys was sent to HAL customers from a third-party agency called Aspira. That contractor sent an email that contained the wrong customer name and HAL account identification number to about 33,000 email addresses, scrambling information to the wrong people. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.833 = Moderate 

The only information that has been reported as compromised at this time was the name and HAL identification number of affected parties. No payment or other personal information was declared impacted in this breach.

Customers Impacted: 33,000

How it Could Affect Your Customers’ Business: The number one cause of a data breach is always the same: human error. By building cyber resilience, organizations can make sure that they’re ready for challenges brought on by employee mistakes. 

The Week in Breach News – United Kingdom & European Union


United Kingdom – Nohow International

https://www.constructionnews.co.uk/contractors/amey/amey-hit-by-cyber-attack-05-01-2021/

Exploit: Unsecured Database

Nohow International: Staffing Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.411 = Extreme

In a devastating blunder, unsecured Microsoft Azure Blob exposed deeply sensitive documents of more than 12,000 construction workers. The treasure trove contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International in the course of gaining and changing employment with the staffing firm. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.221 = Severe

Employee data impacted in this breach includes scans of passports, national IDs, birth certificates, and tax returns. This data also contained MSG files of email messages sent by construction workers to Nohow’s email address used specifically for receiving documents. The email messages include the workers’ personal and payment information, such as taxpayer reference and national insurance numbers, as well as banking details. This extremely sensitive information can be used to facilitate spear phishing attacks and identity theft. 

Customers Impacted: 12,000

How it Could Affect Your Customers’ Business: Failure to secure an average database is a ding to a company’s reputation for trustworthiness, but failing to secure a database full of extremely sensitive information like this could be devastating. 

ID Agent to the Rescue: Are your customers covering all of their security bases? Get the Cybersecurity New Year’s Resolutions Checklist and go over it with them to make sure! DOWNLOAD THE CHECKLIST INFOGRAPHIC>>


The Netherlands – Eneco

https://hotforsecurity.bitdefender.com/blog/dutch-energy-supplier-blames-cyber-intrusion-on-data-breaches-suffered-by-other-companies-25098.html

Exploit: Credential Stuffing

Eneco: Energy Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.827 = Severe 

Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords after a recent data breach following a suspected credential stuffing attack. The company reported that hackers accessed approximately 1,700 private and small business accounts. A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution”. The investigation is still ongoing. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.717 = Severe 

The company stated that affected customers may have had their data “viewed and possibly changed by third parties,” but was unspecific about the exact impact. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing is a popular attack because it’s cheap, effective, and it’s been made so easy due to an abundance of Dark Web data to fuel it. 



The Week in Breach News – Asia Pacific


Japan – Capcom

https://threatpost.com/data-breach-resident-evil-gaming/162977/

Exploit: Ransomware

Capcom Co. Ltd.: Videogame Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.332 = Extreme 

Recent data breach damage at Capcom was significantly worse than they thought. Capcom has announced that their investigation has uncovered that the personal data of up to 400,000 customers was compromised in the attack — 40,000 more than the company originally estimated. The announcement added that its investigation is ongoing and that new evidence of additional compromise could still come. The Ragnar locker ransomware group also captured  1TB of corporate data, including banking details, contracts, proprietary data, emails and more.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.623 = Moderate 

It’s uncertain if any further client data was impacted. Capcom was quick to note that no customer credit-card data was exfiltrated during the breach, saying that it’s currently safe to play and purchase the company’s games online since those transactions are handled by a third-party service provider.

Customers Impacted: 400,000 and growing

How it Could Affect Your Customers’ Business: No business is too big or too small to fall prey to cybercrime. Ransomware can strike companies of any size and deliver an impact that resounds for months.



The Week in Breach News Guide to Our  Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

What is SOC-as-a-Service?