Category: News

How to Secure the Most Common Cyberattack Initial Vectors

How to Secure the Most Common Cyberattack Initial Vectors

General, News
Cyberattackers gain access to their victims' networks by exploiting initial vectors – entry points that enable them to drop malicious software (malware).   Securing the most common cyberattack initial vectors is important in protecting your organization's network. Here are the most common cyberattack initial vectors and their corresponding cybersecurity best practices in securing them:   RDP RDP, short for Remote Desktop Protocol, is one of the most popular application-level protocols for accessing Windows workstations or Windows servers.   With the spread of the coronavirus disease 2019 (COVID-19) and the resulting government-mandated stay-at-home measures, remote working has become a new normal. This new normal, however, directly impact cybersecurity. The ransomware called "Phobos", for instance, typically leverage compromised RDP connections as an initial vector.   Kaspersky Lab reported that since the beginning…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More
How to Protect Your Organization’s Network from Complex and Evolving Malware

How to Protect Your Organization’s Network from Complex and Evolving Malware

Information Security, News
How to Protect Your Organization’s Network from Complex and Evolving Malware Microsoft recently reported about Dexphot, an evolving malware (malicious software) that exhibits a level of complexity and evolution aimed at evading traditional security protections and flying under the radar of cyber defenders. Microsoft, in its latest blog post “Insights from one year of tracking a polymorphic threat” reported that it first detected Dexphot in October 2018. On June 18, 2019 alone, the report said, computers infected by this malware reached 80,000. According to Microsoft, while Dexphot won’t attract media attention as this malware’s goal is simply to steal the infected computers’ computing power for cryptocurrency mining to raise revenue for the attackers, this malware “exemplifies the level of complexity and rate of evolution of even everyday threats, intent on…
Read More
Macy’s Website Hit by E-Skimming Attack

Macy’s Website Hit by E-Skimming Attack

IT Support, News
Macy's Website Hit by E-Skimming Attack Macy's recently disclosed that its official website was the victim of an e-skimming attack resulting in unauthorized access to the personal information of its customers. Macy’s, in its data breach notice, said that on October 15, 2019, it became aware of a suspicious connection between macys[dot]com and another website. Further investigation of this suspicious connection revealed that a malicious actor added malicious code into two web pages of the company’s website: (1) the checkout page where credit card data is entered and where “order” button is located; and (2) the wallet page which can be accessed through the customer’s “My Account”. Macy's said the malicious code injected into the two web pages of the company’s website allowed the malicious actor to steal information submitted…
Read More
Government of Nunavut Slowly Recovers from Ransomware Attack

Government of Nunavut Slowly Recovers from Ransomware Attack

Information Security, News
Government of Nunavut Slowly Recovers from Ransomware Attack The Government of Nunavut in northern Canada is slowly recovering nearly two weeks after its computer systems were crippled by a ransomware attack. The ransomware attack on the Government of Nunavut showed that this type of cyber-attack isn’t going away and organizations need to be prepared in preventing and mitigating this attack. Last November 3, the Government of Nunavut disclosed that on November 2 of this year a “new and sophisticated type of ransomware” blocked government workers from accessing files on various servers and workstations. Ransomware is a type of malicious software (malware) that encrypts data, turning data into code and demands a ransom payment from victims in exchange for the decryption keys that would unlock the encrypted data. As a result…
Read More
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Information Security, News
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks Microsoft recently confirmed the ongoing BlueKeep attacks and warned that future BlueKeep attacks will likely be more damaging as systems remain unpatched. What Is BlueKeep? On May 14, 2019, Microsoft released an out-of-the-schedule patch for the security vulnerability CVE-2019-0708, also known as BlueKeep. This security vulnerability affects older versions of Windows, specifically Windows 7, Windows Server 2008 and Windows Server 2008 R2. According to Microsoft, this security vulnerability, when left unpatched, is “wormable”, which means that any future malicious software (malware) that exploits this vulnerability could propagate from one vulnerable computer to another vulnerable computer in the same way that the WannaCry malware spread across the globe on May 12, 2017 – affecting hundreds of thousands…
Read More
Computers in a European Airport Found to be Infected with Crypto Mining Malware

Computers in a European Airport Found to be Infected with Crypto Mining Malware

Information Security, News
Computers in a European Airport Found to be Infected with Crypto Mining Malware Researchers at Cyberbit disclosed that they have discovered a crypto mining malware that infected 50% of the workstations in one of the international airports in Europe despite the fact that these workstations were equipped with industry standard antivirus. This latest cyber incident at one of the international airports in Europe shows that antivirus solution isn’t enough to shield organizations from malicious software (malware). Malicious Activities According to the researchers at Cyberbit, the malware was detected based on the suspicious use of the following: PAExec tool and Reflective DLL Loading. PAExec PAExec is a redistributable version of Microsoft’s PSExec that enables a user to launch Windows programs on remote Windows computers without the need of installing first the…
Read More
Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported

Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported

Information Security, News
Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported   UK’s National Cyber Security Centre (NCSC) has recently issued an alert directed to both UK and international organizations about the ongoing exploitation in a number of VPN products from Pulse Secure, Fortinet and Palo Alto.   The latest security alert from the NCSC echoes an earlier security alert from the Canadian Centre for Cyber Security. According to the NCSC, the highest-impact vulnerabilities known to be exploited by malicious actors are the following:   Pulse Connect Secure: CVE-2019-11510: A pre-auth arbitrary file reading vulnerability that allows an unauthenticated remote attacker to download any file they want.   CVE-2019-11539: A post-auth command injection vulnerability in which Pulse Connect Secure's VPN admin web interface allows an authenticated attacker to inject…
Read More
American Express and Yahoo Report Data Breaches Resulting in Insider Threats

American Express and Yahoo Report Data Breaches Resulting in Insider Threats

Information Security, News
American Express and Yahoo Report Data Breaches Resulting in Insider Threats Two separate data breaches on two large U.S. enterprises, American Express and Yahoo, have recently been disclosed. The data breaches were carried out, not by external actors but by employees, highlighting the risk of insider threats. Starting last September 30th, American Express has issued a "Notice of Data Breach" to an undisclosed number of customers. The company said that personal information, including full name, physical and/or billing address, date of birth, Social Security number, and current and previously issued American Express Card account number were compromised in the data breach. In the Notice of Data Breach, American Express said the compromised personal information "may have been wrongfully accessed by one of our employees". The motive of the data breach,…
Read More
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Information Security, News
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas Ransomware attacks on local governments are becoming all too common these days. Past ransomware attacks, while targeted, were conducted separately. The latest ransomware attack on 22 local governments across Texas marks a shift in the way ransomware attacks are launched: in a coordinated manner. The Texas Department of Information Resources, in a press statement, said that on the morning of August 16, 2019, a total of 22 local governments in the State of Texas reported a ransomware attack. While not naming the affected local governments, the Texas Department of Information Resources said majority of the victims are smaller local governments. Ransomware is a type of malicious software (malware) that attackers use to infect computers. In a…
Read More

Category: News

How to Secure the Most Common Cyberattack Initial Vectors

How to Secure the Most Common Cyberattack Initial Vectors

General, News
Cyberattackers gain access to their victims' networks by exploiting initial vectors – entry points that enable them to drop malicious software (malware).   Securing the most common cyberattack initial vectors is important in protecting your organization's network. Here are the most common cyberattack initial vectors and their corresponding cybersecurity best practices in securing them:   RDP RDP, short for Remote Desktop Protocol, is one of the most popular application-level protocols for accessing Windows workstations or Windows servers.   With the spread of the coronavirus disease 2019 (COVID-19) and the resulting government-mandated stay-at-home measures, remote working has become a new normal. This new normal, however, directly impact cybersecurity. The ransomware called "Phobos", for instance, typically leverage compromised RDP connections as an initial vector.   Kaspersky Lab reported that since the beginning…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More
How to Protect Your Organization’s Network from Complex and Evolving Malware

How to Protect Your Organization’s Network from Complex and Evolving Malware

Information Security, News
How to Protect Your Organization’s Network from Complex and Evolving Malware Microsoft recently reported about Dexphot, an evolving malware (malicious software) that exhibits a level of complexity and evolution aimed at evading traditional security protections and flying under the radar of cyber defenders. Microsoft, in its latest blog post “Insights from one year of tracking a polymorphic threat” reported that it first detected Dexphot in October 2018. On June 18, 2019 alone, the report said, computers infected by this malware reached 80,000. According to Microsoft, while Dexphot won’t attract media attention as this malware’s goal is simply to steal the infected computers’ computing power for cryptocurrency mining to raise revenue for the attackers, this malware “exemplifies the level of complexity and rate of evolution of even everyday threats, intent on…
Read More
Macy’s Website Hit by E-Skimming Attack

Macy’s Website Hit by E-Skimming Attack

IT Support, News
Macy's Website Hit by E-Skimming Attack Macy's recently disclosed that its official website was the victim of an e-skimming attack resulting in unauthorized access to the personal information of its customers. Macy’s, in its data breach notice, said that on October 15, 2019, it became aware of a suspicious connection between macys[dot]com and another website. Further investigation of this suspicious connection revealed that a malicious actor added malicious code into two web pages of the company’s website: (1) the checkout page where credit card data is entered and where “order” button is located; and (2) the wallet page which can be accessed through the customer’s “My Account”. Macy's said the malicious code injected into the two web pages of the company’s website allowed the malicious actor to steal information submitted…
Read More
Government of Nunavut Slowly Recovers from Ransomware Attack

Government of Nunavut Slowly Recovers from Ransomware Attack

Information Security, News
Government of Nunavut Slowly Recovers from Ransomware Attack The Government of Nunavut in northern Canada is slowly recovering nearly two weeks after its computer systems were crippled by a ransomware attack. The ransomware attack on the Government of Nunavut showed that this type of cyber-attack isn’t going away and organizations need to be prepared in preventing and mitigating this attack. Last November 3, the Government of Nunavut disclosed that on November 2 of this year a “new and sophisticated type of ransomware” blocked government workers from accessing files on various servers and workstations. Ransomware is a type of malicious software (malware) that encrypts data, turning data into code and demands a ransom payment from victims in exchange for the decryption keys that would unlock the encrypted data. As a result…
Read More
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks

Information Security, News
Microsoft Confirms BlueKeep Attacks, Calls Users to Patch to Prepare for More Damaging Attacks Microsoft recently confirmed the ongoing BlueKeep attacks and warned that future BlueKeep attacks will likely be more damaging as systems remain unpatched. What Is BlueKeep? On May 14, 2019, Microsoft released an out-of-the-schedule patch for the security vulnerability CVE-2019-0708, also known as BlueKeep. This security vulnerability affects older versions of Windows, specifically Windows 7, Windows Server 2008 and Windows Server 2008 R2. According to Microsoft, this security vulnerability, when left unpatched, is “wormable”, which means that any future malicious software (malware) that exploits this vulnerability could propagate from one vulnerable computer to another vulnerable computer in the same way that the WannaCry malware spread across the globe on May 12, 2017 – affecting hundreds of thousands…
Read More
Computers in a European Airport Found to be Infected with Crypto Mining Malware

Computers in a European Airport Found to be Infected with Crypto Mining Malware

Information Security, News
Computers in a European Airport Found to be Infected with Crypto Mining Malware Researchers at Cyberbit disclosed that they have discovered a crypto mining malware that infected 50% of the workstations in one of the international airports in Europe despite the fact that these workstations were equipped with industry standard antivirus. This latest cyber incident at one of the international airports in Europe shows that antivirus solution isn’t enough to shield organizations from malicious software (malware). Malicious Activities According to the researchers at Cyberbit, the malware was detected based on the suspicious use of the following: PAExec tool and Reflective DLL Loading. PAExec PAExec is a redistributable version of Microsoft’s PSExec that enables a user to launch Windows programs on remote Windows computers without the need of installing first the…
Read More
Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported

Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported

Information Security, News
Patch Now: Ongoing Exploitation of Known Vulnerabilities in Several VPN Products Reported   UK’s National Cyber Security Centre (NCSC) has recently issued an alert directed to both UK and international organizations about the ongoing exploitation in a number of VPN products from Pulse Secure, Fortinet and Palo Alto.   The latest security alert from the NCSC echoes an earlier security alert from the Canadian Centre for Cyber Security. According to the NCSC, the highest-impact vulnerabilities known to be exploited by malicious actors are the following:   Pulse Connect Secure: CVE-2019-11510: A pre-auth arbitrary file reading vulnerability that allows an unauthenticated remote attacker to download any file they want.   CVE-2019-11539: A post-auth command injection vulnerability in which Pulse Connect Secure's VPN admin web interface allows an authenticated attacker to inject…
Read More
American Express and Yahoo Report Data Breaches Resulting in Insider Threats

American Express and Yahoo Report Data Breaches Resulting in Insider Threats

Information Security, News
American Express and Yahoo Report Data Breaches Resulting in Insider Threats Two separate data breaches on two large U.S. enterprises, American Express and Yahoo, have recently been disclosed. The data breaches were carried out, not by external actors but by employees, highlighting the risk of insider threats. Starting last September 30th, American Express has issued a "Notice of Data Breach" to an undisclosed number of customers. The company said that personal information, including full name, physical and/or billing address, date of birth, Social Security number, and current and previously issued American Express Card account number were compromised in the data breach. In the Notice of Data Breach, American Express said the compromised personal information "may have been wrongfully accessed by one of our employees". The motive of the data breach,…
Read More
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Information Security, News
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas Ransomware attacks on local governments are becoming all too common these days. Past ransomware attacks, while targeted, were conducted separately. The latest ransomware attack on 22 local governments across Texas marks a shift in the way ransomware attacks are launched: in a coordinated manner. The Texas Department of Information Resources, in a press statement, said that on the morning of August 16, 2019, a total of 22 local governments in the State of Texas reported a ransomware attack. While not naming the affected local governments, the Texas Department of Information Resources said majority of the victims are smaller local governments. Ransomware is a type of malicious software (malware) that attackers use to infect computers. In a…
Read More