Sales: 833-641-1814 - Service: 585-582-1600
Java Update: SE 8

Comment

Java Update: SE 8

Oracle has announced that as of January 2019, Java SE 8 public updates will no longer be available for “Business, Commercial or Production use” without a license. This is being done in an effort to push Oracle customers towards subscription-based support.

Comment

Target of WhatsApp Hack Fears More Victims Are Out There

Comment

Target of WhatsApp Hack Fears More Victims Are Out There

The only known target of the Israeli spyware software that reportedly exploited WhatsApp in recent weeks says that others were likely targeted. 

Facebook, which owns WhatsApp, warned about the attacks on Monday, which could have placed spyware on phones by exploiting a serious issue within the messaging app. The human rights lawyer affected by the attacks believed that the attack on his phone was unsuccessful, but feared other targets were compromised.

For the full article, click here.

Comment

Microsoft Solitaire inducted into The National Museum of Play's Hall of Fame

Comment

Microsoft Solitaire inducted into The National Museum of Play's Hall of Fame

The World Video Game Hall of Fame has inducted Microsoft’s Solitaire into it’s institution. The Hall of Fame resides here in Rochester, NY, at The Strong’s National Museum of Play.

According to the article, “Solitaire may be a video game for the ages, but its inclusion in Windows had a higher purpose. The developers of the operating system felt that the familiar game was the perfect way to introduce users to relatively new computing concepts, like using a mouse and drag-and-drop. By playing Solitaire, users honed more than their card skills: a win-win for all.”

To read more, check out the article here.

Comment

Dell Laptops & Computers Vulnerable to Remote Attack

Comment

Dell Laptops & Computers Vulnerable to Remote Attack

A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users' systems.

The number of impacted users is believed to be very high, as the SupportAssist tool is one of the apps that Dell will pre-install on all Dell laptops and computers the company ships with a running Windows OS (systems sold without an OS are not impacted).

The attack requires no user interaction except tricking users on accessing a malicious page, and the malicious JavaScript code that drives the attack can also be hidden inside ads (iframes) on legitimate sites, if ever necessary.

For more information, check out the full article here.

Comment

Tips & Insights for World Password Day!

Comment

Tips & Insights for World Password Day!

Today is World Password Day! World Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong passwords. It seems like we all have even more passwords with each passing year, though, and there are some conflicting ideas of what password best practices are, which makes the idea of password security more challenging for the average individual.

For more information, check out the Forbes article here.

Comment

2+ Million IoT Devices (Security Cameras, Baby Monitors, Doorbells) Vulnerable

Comment

2+ Million IoT Devices (Security Cameras, Baby Monitors, Doorbells) Vulnerable

Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws.

The attack stems from peer-to-peer (P2P) communication technology in all of these Internet of Things (IoT) devices, which allows them to be accessed without any manual configuration. The particular P2P solution that they use, iLnkP2P, is developed by Shenzhen Yunni Technology and contains two vulnerabilities that could allow remote hackers to find and take over vulnerable cameras used in the devices.

Link to full article.

Comment

Millions using 123456 as Password

Comment

Millions using 123456 as Password

An analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts, as it appeared in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111.

The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

For more, check out this BBC article.

Comment

Cybersecurity News: Week at a Glance

Comment

Cybersecurity News: Week at a Glance

TechCrunch’s summary lists the latest events in cybersecurity for the week.

  • Facebook says its password leak affected ‘millions’ of Instagram users

  • Mystery agent is doxing Iran’s hackers and dumping their code

  • The Weather Channel was knocked off the air for over an hour

  • Cybersecurity firm Verint hit by ransomware

  • Security flaw in French government messaging app exposed confidential conversations.

Comment

WordPress Vulnerability Roundup Q1 - 2019

Comment

WordPress Vulnerability Roundup Q1 - 2019

WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to add-in features and extend the functionality of WordPress websites. Since WordPress is the most popular CMS, it becomes the common target for hackers to cause more damage than any other platform.

To check which vulnerabilities were discovered, click here.

Comment

WinRAR exploit gives attackers 'full control' of Windows PC

Comment

WinRAR exploit gives attackers 'full control' of Windows PC

Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater. 

The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months.

Click here to learn more.

Comment

Warren Buffett's Measure for Success in One Word

Comment

Warren Buffett's Measure for Success in One Word

Very wealthy people have often shared epithets regarding how they felt about their wealth at the end of their lives, such as “I don’t want to be the richest man in the graveyard” or  “Shrouds don’t have pockets”. 

As the third richest person in the world and nearing 90 years of age, Warren Buffett has some sage words of wisdom for Georgia Tech students. When asked about his definition of success, he told students that success doesn’t come from wealth, power or fame. Buffett’s take on life is telling: ”If you get to my age in life and nobody thinks well of you, I don’t care how big your bank account is, your life is a disaster.”

To learn Buffett’s one-word definition of success, click here.

Comment

New Phishing Attack Makes 2FA Useless

Comment

New Phishing Attack Makes 2FA Useless

These latest attacks are designed to proxy login requests that incorporate SMS-based authentication as a way to seamlessly bypass 2FA protection without being noticed.

Google researchers are seeing more phishing attacks that are 2FA-aware. Attackers are realizing more organizations are embracing two-factor authentication (2FA) as a means of thwarting phishing attacks seeking to compromise credentials. By using a second authentication factor (which usually is a SMS-based verification code), attackers who only capture usernames and passwords have little use for the details collected.

To learn more, check out CyberheistNews Volume 9 #15

Comment

Albany Hit with Malware Attack

Comment

Albany Hit with Malware Attack

The city of Albany is dealing with the aftereffects of a ransomware attack. According to reports, the attack is impacting the Albany police department systems and patrol cars. 

Albany Mayor Kathy Sheehan released a statement over the weekend to confirm the attack. According to the statement, all employees will report to work at normal times as the city investigates the issue.

In 2018, Atlanta found themselves in a similar situation after a ransomware attack. The total cost of the attack ended up in the millions, far exceeding initial estimates. Cyber criminals originally requested about $50,000 worth of bitcoin after infecting the city with SamSam. However, the city was not properly prepared for the attack, and were forced to pay for various emergency services after the attack including digital forensics, incident response, staffing, etc.

As we found in Datto’s State of the Channel Ransomware Report, the initial ransom demand is not what breaks the bank. Instead, the aftermath and cost of downtime are the crippling factors. MSPs report the average requested ransom for SMBs is ~$4,300 while the average cost of downtime related to a ransomware attack is ~$46,800.

Comment

SkyPort IT: Security Awareness Training

Comment

SkyPort IT: Security Awareness Training

Old-school Security Awareness Training doesn’t hack it anymore.

SkyPort IT, Inc. has partnered with KnowBe4, the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. More than 15,000 organizations worldwide are using KnowBe4’s platform. There’s now a way to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.

Check out this PDF that lists SkyPort IT’s features and plans.

Comment

SonicWall Cyber Threat Report: 2019

Comment

SonicWall Cyber Threat Report: 2019

This report provides a high-level perspective on threat intelligence from SonicWall’s researchers. Key findings for 2018 include:

  • Web app attacks are up 56%, at 26.8 million

  • Globally, SonicWall logged 10.52 billion malware attacks last year— the most ever on record.

  • There were 26 million phishing attacks worldwide in 2018, and while this shows a 4.1% decrease since 2017, these attacks have become highly targeted.

  • SonicWall’s Capture ATP sandbox service found malware hidden in 47,073 PDFs and 50,817 Office files in 2018. While that may not sound like a lot, most security controls cannot identify and mitigate malware hidden in these files.

For more information, check out the full report here.

Comment