Tuesday, January 22, 2019

In Other News:

In Other News:
DNA For Pay The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.
What We’re Listening To

By at No comments:

Monday, January 21, 2019

United States - BlackMediaGames (Town of Salem)

United States - BlackMediaGames (Town of Salem) 
https://www.scmagazine.com/home/security-news/town-of-salem-breach-affects-7-million-accounts/
Exploit: LFI/RFI attack that injected malicious code into database.
BlankMediaGames: Game maker of ‘Town of Salem’.
correct severe gauge
Risk to Small Business: 2 = SevereWith a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them.
correct moderate gauge
Individual Risk: 2.428 = SevereStolen user data included usernames, email addresses, hashed passwords, IP addresses, and game/forum activities. Payment information or credit card details were not exposed, but compromised information can still be leveraged to gain access to payment details on other similar accounts.
Customers Impacted: 7.6M users of ‘Town of Salem’.How it Could Affect Your Customers’ BusinessAlthough BlankMediaGames clarified that it does not handle payment information, users may not fully grasp what this means. When they hear breach, they feel exposed. To further compound the issue, the company admitted that its hashing platform for passwords was not as secure as it could be. Overall, video game services are becoming “low hanging fruits” for cybercriminals due to the emphasis of user experience over security and increasingly growing value of digital “in-game” goods or purchases.
ID Agent to the Rescue: SpotLight ID™ is backed by our $1M identity theft restoration policy, and can help MSPs’ clients proactively protect customers while enhancing overall cyber security awareness. Learn more at:https://www.idagent.com/identity-monitoring-programs.
Risk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
By at No comments:

United States - Quora

United States - Quora 
Exploit: Unclear at this time.
Quora: A popular question and answer site that boasts 300 million monthly active users.
correct severe gauge
Risk to Small Business: 2.333 = SeverePeople are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.
correct moderate gauge
Individual Risk: 2.857 = Moderate: Those affected by this breach are at an increased risk of phishing attacks 
Customers Impacted: Unclear at this time.
How it Could Affect Your Customers’ BusinessQuora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 - Extreme Risk
2 - Severe Risk
3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
Exploit: Credential Stuffing.
Humble Bundle: Humble Bundle, Inc. is a digital storefront for video games, which grew out of its original offering of Humble Bundles, collections of games sold at a price determined by the purchaser and with a portion of the price going towards charity and the rest split between the game developers.
correct severe gaugeRisk to Small Business: 2.333 = SevereThe breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
correct moderate gaugeIndividual Risk: 3 = Moderate: No information directly related to the individual has been compromised other than the subscription status of users.
Customers ImpactedA “very limited” number of people.
How it Could Affect Your Customers’ BusinessThis breach is a good lesson in how it is important to report any breach, as this seemingly minor breach is most likely the first step in a spear phishing campaign.ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/
Risk Levels:
1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.
By at No comments:

Friday, January 18, 2019

Small Business, Big Risks


By at 1 comment:

Mobile Fraud


By at No comments:

Twitter Memes

Twitter MemesResearchers have discovered a malware that is being distributed by hackers, which receives instructions from… memes.
That’s right, this form of malware that targets Windows systems can “capture local screenshots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker.” It also can receive instructions from Twitter memes. This type of communication is known as stenography and hypothetically could be used to instruct many people at once with memes, while surpassing most detection systems.

So, stay frosty this holiday while perusing the interwebs for memes! Make sure all your systems are up to date and your credentials aren’t compromised… better to enjoy this season!
https://www.darkreading.com/threat-intelligence/memes-on-twitter-used-to-communicate-with-malware/d/d-id/1333518 

By at No comments:

What We’re Listening To

What We’re Listening To
Know Tech TalksThe Continuum PodcastSecurity Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!TubbTalk – The Podcast for IT ConsultantsRisky BusinessFrankly MSPCHANNELe2e
By at No comments:
Subscribe to: Posts (Atom)