Friday, January 18, 2019
Twitter Memes
Twitter MemesResearchers have discovered a malware that is being distributed by hackers, which receives instructions from… memes.
That’s right, this form of malware that targets Windows systems can “capture local screenshots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker.” It also can receive instructions from Twitter memes. This type of communication is known as stenography and hypothetically could be used to instruct many people at once with memes, while surpassing most detection systems.
So, stay frosty this holiday while perusing the interwebs for memes! Make sure all your systems are up to date and your credentials aren’t compromised… better to enjoy this season!
https://www.darkreading.com/threat-intelligence/memes-on-twitter-used-to-communicate-with-malware/d/d-id/1333518
So, stay frosty this holiday while perusing the interwebs for memes! Make sure all your systems are up to date and your credentials aren’t compromised… better to enjoy this season!
https://www.darkreading.com/threat-intelligence/memes-on-twitter-used-to-communicate-with-malware/d/d-id/1333518
Thursday, January 17, 2019
In Other News: Hyatt Will Pay Hackers to Find Security Vulnerabilities
In Other News:Hyatt Will Pay Hackers to Find Security Vulnerabilities
Hyatt Hotels recently launched a bug bounty program dubbed HackerOne, enabling ethical hackers to report security flaws for rewards up to $4,000. Considering recent card-skimming attacks against the hospitality chain, the innovative platform is designed to “tap into the vast expertise of the security research community to accelerate identifying and fixing potential vulnerabilities”. Other organizations that are following suit and using the platform include Google, Twitter, the US Department of Defense, GitHub, and Qualcomm.
Australia- First National
Australia- First Nationalhttps://www.zdnet.com/article/finger-pointed-at-real-estate-recruiter-after-australian-cv-leak/
Exploit: Leak by “third-party” recruitment agency, Sales Inventory Profile.First National: Real estate network.
 | Risk to Small Business: 2 = Severe: Gareth Llewellyn, a security researcher at Brass Horn Communications, originally discovered how the CVs of job applicants of First National had been “inadvertently published” online. At least 12 company offices were affected, and the breach has been pinned to a third-party vendor, Sales Inventory Profile. Such a breach can negatively impact the brand reputation of the organization, even though the vulnerability came from a recruiting agency. Yet another example of why it is crucial to evaluate third-party vendors and secure data on all fronts. |
 | Individual Risk: 2.571 = Moderate: Published CV’s included full names, addresses, phone numbers, date of births, and other personal information. Even without payment information, customers should be weary of unusual transactions. |
Customers Impacted: 2,000 job applications.How it Could Affect Your Customers’ Business: Small breaches that expose personal details have consequences that are not easily quantified monetarily but can be catastrophic. Promising employees could choose to work elsewhere, whether or not a third-party was liable for the breach. Businesses must increase the importance they place on database and vendor management in order to protect user privacy and safety.ID Agent to the Rescue: See why Peter Verlezza, Managing Director at SMB Networks uses Dark Web ID and SpotLight ID to monitor real-time domain and login credentials: “I’m already helping to protect my customers with real-time domain monitoring provided by Dark Web ID. By protecting the people who work for those customers with the affordable and government-tested personal identity monitoring SpotLight ID delivers, I know my customer’s business is that much safer from potential breach”.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Australia - Early Warning Network
Australia - Early Warning Networkhttps://www.csoonline.com/article/3331596/security/australian-emergency-warning-system-hacked-thousands-receive-alerts.html
Exploit: Compromise of login details.Early Warning Network (EWN): Emergency weather alert system of Australia.
| Risk to Small Business: 2.555 = Moderate:
Interestingly enough, the hack involved an unauthorized individual posting a spam message with a link to some customers stating that "EWN has been hacked. Your personal data is not safe. Trying to fix the security issues." Yet the system did not store personal information and only a small portion of the database received the alert, which means that there should be limited repercussions for EWN. At the same time, investigations are still ongoing with the Australian Cyber Security Center.
|
| Individual Risk: 3 = Moderate: Fortunately, no sensitive data was compromised since the actual data held in the system was “just ‘white pages’ type data”, as indicated by managing director Kerry Plowright. Nevertheless, the responsible party and their motive has not been identified. |
Customers Impacted: None.
How it Could Affect Your Customers’ Business: The absence of personal information exposure is encouraging, but it is still alarming that the system was compromised and a message was sent to customers. As cybersecurity awareness continues to rise in Australia, public perceptions are gravitating towards fear and increased vigilance. Small businesses must partner with security solutions and communicate their commitment to avoiding data breaches in order to attract, convert, and retain customers.ID Agent to the Rescue: See why Peter Verlezza, Managing Director at SMB Networks, uses Dark Web ID and SpotLight ID to monitor real-time domain and login credentials: “I’m already helping to protect my customers with real-time domain monitoring provided by Dark Web ID. By protecting the people who work for those customers with the affordable and government-tested personal identity monitoring SpotLight ID delivers, I know my customer’s business is that much safer from potential breach”.
How it Could Affect Your Customers’ Business: The absence of personal information exposure is encouraging, but it is still alarming that the system was compromised and a message was sent to customers. As cybersecurity awareness continues to rise in Australia, public perceptions are gravitating towards fear and increased vigilance. Small businesses must partner with security solutions and communicate their commitment to avoiding data breaches in order to attract, convert, and retain customers.ID Agent to the Rescue: See why Peter Verlezza, Managing Director at SMB Networks, uses Dark Web ID and SpotLight ID to monitor real-time domain and login credentials: “I’m already helping to protect my customers with real-time domain monitoring provided by Dark Web ID. By protecting the people who work for those customers with the affordable and government-tested personal identity monitoring SpotLight ID delivers, I know my customer’s business is that much safer from potential breach”.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Subscribe to:
Posts (Atom)
-
Windows 10 End-of-Life: Why You Must Upgrade Now to Stay Secure and Compliant Microsoft has officially announced the end of support for Win...
-
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
-
In today’s digital-first world, non-profit organizations are under increasing pressure to secure sensitive data, streamline operations, and ...
