Government of Nunavut Slowly Recovers from Ransomware Attack

Government of Nunavut Slowly Recovers from Ransomware Attack

Information Security, News
Government of Nunavut Slowly Recovers from Ransomware Attack The Government of Nunavut in northern Canada is slowly recovering nearly two weeks after its computer systems were crippled by a ransomware attack. The ransomware attack on the Government of Nunavut showed that this type of cyber-attack isn’t going away and organizations need to be prepared in preventing and mitigating this attack. Last November 3, the Government of Nunavut disclosed that on November 2 of this year a “new and sophisticated type of ransomware” blocked government workers from accessing files on various servers and workstations. Ransomware is a type of malicious software (malware) that encrypts data, turning data into code and demands a ransom payment from victims in exchange for the decryption keys that would unlock the encrypted data. As a result…
Read More
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Information Security, News
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks Microsoft recently confirmed the ongoing BlueKeep attacks and warned that future BlueKeep attacks will likely be more damaging as systems remain unpatched. What Is BlueKeep? On May 14, 2019, Microsoft released an out-of-the-schedule patch for the security vulnerability CVE-2019-0708, also known as BlueKeep. This security vulnerability affects older versions of Windows, specifically Windows 7, Windows Server 2008 and Windows Server 2008 R2. According to Microsoft, this security vulnerability, when left unpatched, is “wormable”, which means that any future malicious software (malware) that exploits this vulnerability could propagate from one vulnerable computer to another vulnerable computer in the same way that the WannaCry malware spread across the globe on May 12, 2017 – affecting hundreds of thousands…
Read More
Vulnerability Patch Management: Cost of Doing Nothing

Vulnerability Patch Management: Cost of Doing Nothing

Information Security, IT Support
Vulnerability Patch Management: Cost of Doing Nothing  The failure of organizations to apply an available patch to fix a known software vulnerability, simply put: doing nothing, proves to be costly as new research shows that 60% of breaches in 2019 involved unpatched software vulnerabilities. The new research “Costs and Consequences of Gaps in Vulnerability Response” conducted by Ponemon Institute for ServiceNow showed that 60% of breaches in 2019 could have been prevented by more timely patching. What Is a Patch? A patch is a piece of code inserted into a computer program or software. Patches are typically inserted into existing software to improve the functionalities. Patches are also inserted into existing software to fix known security vulnerabilities. According to Ponemon Institute, it takes an average 43 days to see a…
Read More
Computers in a European Airport Found to be Infected with Crypto Mining Malware

Computers in a European Airport Found to be Infected with Crypto Mining Malware

Information Security, News
Computers in a European Airport Found to be Infected with Crypto Mining Malware Researchers at Cyberbit disclosed that they have discovered a crypto mining malware that infected 50% of the workstations in one of the international airports in Europe despite the fact that these workstations were equipped with industry standard antivirus. This latest cyber incident at one of the international airports in Europe shows that antivirus solution isn’t enough to shield organizations from malicious software (malware). Malicious Activities According to the researchers at Cyberbit, the malware was detected based on the suspicious use of the following: PAExec tool and Reflective DLL Loading. PAExec PAExec is a redistributable version of Microsoft’s PSExec that enables a user to launch Windows programs on remote Windows computers without the need of installing first the…
Read More
Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported

Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported

Information Security, News
Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported   UK’s National Cyber Security Centre (NCSC) has recently issued an alert directed to both UK and international organizations about the ongoing exploitation in a number of VPN products from Pulse Secure, Fortinet and Palo Alto.   The latest security alert from the NCSC echoes an earlier security alert from the Canadian Centre for Cyber Security. According to the NCSC, the highest-impact vulnerabilities known to be exploited by malicious actors are the following:   Pulse Connect Secure: CVE-2019-11510: A pre-auth arbitrary file reading vulnerability that allows an unauthenticated remote attacker to download any file they want.   CVE-2019-11539: A post-auth command injection vulnerability in which Pulse Connect Secure's VPN admin web interface allows an authenticated attacker to inject…
Read More
American Express and Yahoo Report Data Breaches Resulting in Insider Threats

American Express and Yahoo Report Data Breaches Resulting in Insider Threats

Information Security, News
American Express and Yahoo Report Data Breaches Resulting in Insider Threats Two separate data breaches on two large U.S. enterprises, American Express and Yahoo, have recently been disclosed. The data breaches were carried out, not by external actors but by employees, highlighting the risk of insider threats. Starting last September 30th, American Express has issued a "Notice of Data Breach" to an undisclosed number of customers. The company said that personal information, including full name, physical and/or billing address, date of birth, Social Security number, and current and previously issued American Express Card account number were compromised in the data breach. In the Notice of Data Breach, American Express said the compromised personal information "may have been wrongfully accessed by one of our employees". The motive of the data breach,…
Read More
Buffer Flaws & Cross-Site Scripting Named Most Dangerous Software Errors

Buffer Flaws & Cross-Site Scripting Named Most Dangerous Software Errors

Information Security, IT Support
Buffer Flaws & Cross-Site Scripting Named Most Dangerous Software Errors MITRE recently published the 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors, naming buffer flaws and cross-site scripting as the top software errors which according to the organization could lead to serious vulnerabilities in software. MITRE based its CWE Top 25 Most Dangerous Software Errorson Common Vulnerabilities and Exposures (CVE)and National Vulnerability Database (NVD)data. MITRE is the organization that started the CVE list.  Publicly disclosed software security vulnerabilities are given a corresponding CVE identification number for future reference. NVD, which is managed by the U.S. National Institute of Standards and Technology (NIST), obtains data from CVE such that any updates to CVE appear immediately on the NVD. The NVD supplements CVE data with additional analysis and data…
Read More
What Is Malware & How to Prevent or Mitigate Its Effects

What Is Malware & How to Prevent or Mitigate Its Effects

Information Security, IT Support
What Is Malware & How to Prevent or Mitigate Its Effects In today’s interconnected world, malware, short for malicious software, is wreaking havoc, affecting not just large organizations but also medium and small-sized organizations. What Is a Malware? Malware, which stands for malicious software, is a code – set of instructions which are executed by a computer – that’s designed to facilitate malicious activities such as gaining unauthorized access to a network, stealing data or damaging systems operation. A malware typically goes through the following process: First, the computer user authorizes, such as by clicking a malicious link or malicious attachment in an email, and/or is using a vulnerable software that allows the downloading and installation of the malicious code.  Second, once a computer is infected with malware, the malware…
Read More
How to Protect Your Organization’s Network from 3rd Party Breach

How to Protect Your Organization’s Network from 3rd Party Breach

Information Security
How to Protect Your Organization’s Network from 3rdParty Breach Computers in nearly 400 dental offices across the U.S. had been infected with ransomware after DDS Safe, a cloud management software that backs up client data for the affected dental offices was compromised by still an unidentified attacker or attackers. This incident shows the need to protect your organization’s network from 3rdparty breach. Last August 26th, theWisconsin Dental Associationthrough its Executive Director Mark Paget announced that nearly 400 dental offices across the U.S., with a small percentage of these dental offices based in Wisconsin, had been unable to access their client data as a result of the compromised at DDS Safe, a service from The Digital Dental Record, a subsidiary of the Wisconsin Dental Association. Days following the ransomware attack, PerCSoft,…
Read More
Canadian Centre for Cyber Security Calls Organizations to Patch VPN Devices

Canadian Centre for Cyber Security Calls Organizations to Patch VPN Devices

Information Security
Canadian Centre for Cyber Security Calls Organizations to Patch VPN Devices The Canadian Centre for Cyber Security has released an alert to organizations using VPN devices, in particular, Fortinet Fortigate VPN, Palo Alto GlobalProtect VPN and Pulse Connect Secure and Pulse Policy Secure VPN, to keep these internet-facing VPN devices up to date with the latest patches. “Due to the fact that VPN devices are typically Internet-facing, it is of the utmost importance that they be kept up to date with the latest patches,” the Canadian Centre for Cyber Securitysaid in a statement. Unpatched Fortinet Fortigate VPN, Palo Alto GlobalProtect VPN and Pulse Connect Secure and Pulse Policy Secure VPN, the Canadian Centre for Cyber Security said, have known security vulnerabilities. For Fortinet Fortigate VPN, the following are the known…
Read More