Security Archives - Page 3 of 5

Oct182018 by genxwordadminNo Comments

1 in 5 Canadian Businesses Hit by Cyberattack in 2017, StatCan Survey Shows

1 in 5 Canadian Businesses Hit by Cyberattack in 2017, StatCan Survey Shows A survey conducted by Statistics Canada (StatCan), Canada’s national statistical office, showed that 1 in 5 Canadian businesses were hit by a cyberattack last year. From January 2018 to April 2018, StatCanconducted the first of its kind survey that aimed to provide a snapshot of the cybersecurity challenges encountered by Canadian businesses – those with 10 or more employees. StatCan’s survey results showed that over one-fifth or 21% of Canadian businesses reported that they were hit by a cyberattack last year which affected their operations. The survey showed that large businesses (41%) were more than twice as likely as small businesses (19%) to identify an impactful cyberattack. Direct Costs of Cyberattacks Listed below are the direct costs of cyberattacks…

Sep262018 by genxwordadminNo Comments

Countdown to Nov. 1, 2018: Enforcement Date of Canada’s Mandatory Data Breach Reporting Law

Information Security

Countdown to Nov. 1, 2018: Enforcement Date of Canada’s Mandatory Data Breach Reporting Law November 1, 2018 marks the enforcement date of the Canadian law that requires organizations in the private sector to report data breaches. The Canadian Governmentofficially set November 1, 2018 as the enforcement date of the mandatory data breach reporting obligation of organizations in the private sector in line with the Digital Privacy Act, a law that amended the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA is a Canadian privacy law for private sector organizations which came into force in January 2001. This law sets out rules that organizations in the private sector must follow whenever they collect, use or disclose personal information in the course of their commercial activities. Canada’s Digital Privacy Act, which…

Sep172018 by genxwordadminNo Comments

Canadian Towns Hit by Ransomware Cyberattacks; Lessons Learned from These Attacks

Information Security

Canadian Towns Hit by Ransomware Cyberattacks; Lessons Learned from These Attacks The Canadian town of Midland in Ontario recently acknowledged it has paid ransom after experiencing a crippling ransomware cyberattack. In a statement, Midland Townsaid that it has “initiated the process to pay the ransom in exchange for the decryption keys.” The town added, “Although not ideal, it is in our best interest to bring the system back online as quickly as possible." What Is Ransomware A ransomware is a type of a malicious software (malware) that encrypts files, making them inaccessible to users, and demands from victims ransom in exchange for the decryption keys that unlock the encrypted files. Ransomware attackers typically ask their victims to pay ransom in the form of cryptocurrency like Bitcoin and convert it to…

Sep52018 by genxwordadminNo Comments

Company-Wide Policy Needed to Mitigate Business E-Mail Compromise

Email, Information Security, Security

Company-Wide Policy Needed to Mitigate Business E-Mail Compromise An analysis of 3,000 Business E-Mail Compromise (BEC) scam campaigns showed that a company-wide policy is needed to mitigate this threat. What Is Business E-Mail Compromise (BEC) Business E-Mail Compromise (BEC), also known as CEO fraud, refers to a sophisticated scheme that tricks an organization into paying a sum of money to a scammer. BEC Threat Scenario After analyzing 3,000 BEC scam campaigns, Barracuda Networksfound that the term “CEO fraud” in referring to this type of cybercrime has justification as 43% of the impersonated email senders were the CEO or founder. The Barracuda Networks study, however, found that the majority or 57% of the impersonated email senders weren’t the CEO or founder. Out of the 57% impersonated email senders, 4.5% were C-level…

Aug252018 by genxwordadminNo Comments

Critical Flaw in Apache Struts Exposes Businesses to Cyberattack

Information Security

Critical Flaw in Apache Struts Exposes Businesses to Cyberattack A critical flaw in Apache Struts, an open source tool used by many businesses in creating web applications, has recently been uncovered by a cybersecurity researcher at Semmle. What Is Apache Struts? Apache Struts is a popular open source tool for creating web applications. According to Apache Software Foundation, the non-profit organization that oversees Apache Struts projects, most organizations – including the Fortune 100 companies – are using Apache Struts for their enterprise web applications. Latest Security Vulnerability in Apache Struts The latest security vulnerability uncovered by Semmle researcher Man Yue Mo in Apache Struts can provide an attacker an entry point in corporate networks. “This vulnerability affects commonly-used endpoints of Struts, which are likely to be exposed, opening up an…

Aug202018 by genxwordadminNo Comments

Fax-Based Cyberattack Puts Organization’s Networks at Risk

Information Security, Security

Fax-Based Cyberattack Puts Organization’s Networks at Risk Standalone fax machine, fax-to-mail service and all-in-one printer fax machine are cybersecurity threats to your organization’s internal network, this according to the recent disclosure made by security researchers at Check Point. Millions of fax machines are still being used in offices worldwide. Healthcare organizations, law firms, banking and finance companies, in particular, still rely on fax machines in sending and receiving sensitive documents. Some organizations use fax machines in sending and receiving critical documents in compliance with government regulations, while others use it for legacy reasons.According to Check Point researchers, they’ve discovered a security vulnerability in modern-day fax machines, including fax-to-mail services and all-in-one printer fax machines, which allows cyber attackers to hack these once considered secured machines through a process called “remote…

Aug112018 by genxwordadminNo Comments

Why Companies Continue to be Victimized by WannaCry

Information Security, Security

Why Companies Continue to be Victimized by WannaCry The latest cyber incident at the Taiwan Semiconductor Manufacturing Company (TSMC), the world's biggest contract manufacturer of chips for companies including Apple, is a reminder to companies of the dangers of unpatched Windows operating systems. TSMC Chief Executive Officer C. C. Wei said in a press conferencethat a variant of the 2017 WannaCry ransomware caused the shut down of several of the company’s manufacturing plants in Taiwan in the first weekend of August this year. Wei said the WannaCry infection happened when an unnamed supplier connected a computer laden with WannaCry to TSMC’s internal network. The malware then spread swiftly to the company’s internal network and hit the manufacturing plants in Tainan, Hsinchu and Taichung – plants that produce chips for Apple. TSMC,…

Aug72018 by genxwordadminNo Comments

Zero Day Recovery Against Zero Day Attacks

Information Security

Zero Day Recovery Against Zero Day Attacks The cyberattack on the Alaskan borough of Matanuska-Susitna and its resulting effects, leading the borough’s staff to use dusty typewriters and writing receipts by hand highlights the importance of zero-day recovery against zero-day attacks. What Is Zero Day Cyberattack? Zero day cyberattack refers to a security vulnerability that has been exploited by an attacker or attackers as the software vendor is unaware of this security vulnerability or didn’t have sufficient time to issue a security update or patch. According to Eric Wyatt, IT Director at Matanuska-Susitna Borough, the attack on the borough’s computers was a result of a zero day attack. The zero day security vulnerability that was subsequently exploited by the attackers referred to by Wyatt was the new version of the…

Jul72018 by genxwordadminNo Comments

Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool

Information Security

Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool Cryptojacking cyberattack is now the new favorite money-making tool by cybercriminals and computers of organizations lagging behind in cybersecurity are at risk of this type of cyberattack. A recent report from McAfee Labsshowed that in the 1stquarter of 2018, cryptocurrency mining malware grew to more than 2.9 million or 629% from nearly 400,000 in the 4thquarter of 2017. What is Cryptojacking? Cryptojacking is the act of illicitly installing a cryptomining software on the victim’s computer. A cryptocurrency mining software, on its own, isn’t illegal. This software harnesses the power of a computer as a means to release a new digital coin and as a means to verify transactions. In principle, owners of the computers used for cryptocurrency mining have to be compensated. In cryptojacking,…

Jun262018 by genxwordadminNo Comments

How to Stop Cyberattackers from Turning Your Organization’s Computers Into Botnet

Information Security, Security

How to Stop Cyberattackers from Turning Your Organization's Computers Into Botnet Security researchers at Deep Instinct have recently discovered a new malicious software (malware) campaign that turns Windows-based computers into a botnet. Researchers dubbed this sophisticated, never-before-seen in the wild botnet as “Mylobot”, named after one of the researcher's dog. What is a Botnet? A botnet is a group of computers that are infected by a malware and controlled by an attacker using command and control servers without the computer owners' knowledge. When computers are turned as part of a botnet, an attacker takes full control of the computers, using them according to his whim. An attacker can download additional malware from the command and control servers, turning the controlled computers as botnet army for distributed denial of service (DDoS)…