Oracle has announced that as of January 2019, Java SE 8 public updates will no longer be available for “Business, Commercial or Production use” without a license. This is being done in an effort to push Oracle customers towards subscription-based support.
The only known target of the Israeli spyware software that reportedly exploited WhatsApp in recent weeks says that others were likely targeted.
Facebook, which owns WhatsApp, warned about the attacks on Monday, which could have placed spyware on phones by exploiting a serious issue within the messaging app. The human rights lawyer affected by the attacks believed that the attack on his phone was unsuccessful, but feared other targets were compromised.
For the full article, click here.
The World Video Game Hall of Fame has inducted Microsoft’s Solitaire into it’s institution. The Hall of Fame resides here in Rochester, NY, at The Strong’s National Museum of Play.
According to the article, “Solitaire may be a video game for the ages, but its inclusion in Windows had a higher purpose. The developers of the operating system felt that the familiar game was the perfect way to introduce users to relatively new computing concepts, like using a mouse and drag-and-drop. By playing Solitaire, users honed more than their card skills: a win-win for all.”
To read more, check out the article here.
A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users' systems.
The number of impacted users is believed to be very high, as the SupportAssist tool is one of the apps that Dell will pre-install on all Dell laptops and computers the company ships with a running Windows OS (systems sold without an OS are not impacted).
For more information, check out the full article here.
Today is World Password Day! World Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong passwords. It seems like we all have even more passwords with each passing year, though, and there are some conflicting ideas of what password best practices are, which makes the idea of password security more challenging for the average individual.
For more information, check out the Forbes article here.
Scott County Schools has announced the district is a victim of a multi-million dollar online scam.
The FBI is now investigating after Superintendent Dr. Kevin Hub said an undisclosed vendor told the district it never was paid for an invoice from two weeks ago. As the district investigated, it learned it fell victim to a fraudulent email disguising as the vendor.
Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws.
The attack stems from peer-to-peer (P2P) communication technology in all of these Internet of Things (IoT) devices, which allows them to be accessed without any manual configuration. The particular P2P solution that they use, iLnkP2P, is developed by Shenzhen Yunni Technology and contains two vulnerabilities that could allow remote hackers to find and take over vulnerable cameras used in the devices.
An analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts, as it appeared in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111.
The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.
Invest in cybersecurity to protect operations
Economic slowdowns are the worst time to experience a cyberattack. It is essential that businesses protect data sources — especially employee, customer and financial data.
TechCrunch’s summary lists the latest events in cybersecurity for the week.
Facebook says its password leak affected ‘millions’ of Instagram users
Mystery agent is doxing Iran’s hackers and dumping their code
The Weather Channel was knocked off the air for over an hour
Cybersecurity firm Verint hit by ransomware
Security flaw in French government messaging app exposed confidential conversations.
WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to add-in features and extend the functionality of WordPress websites. Since WordPress is the most popular CMS, it becomes the common target for hackers to cause more damage than any other platform.
Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater.
The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months.
Business is hard enough without sending a hacker $40k. Hackers may take advantage of a slightly changed domain name in order to mimic a legitimate business.
This piece written by our CEO, Daniel Marcellus, discusses the importance of vigilance and verifying information when it comes to email phishing scams.
Very wealthy people have often shared epithets regarding how they felt about their wealth at the end of their lives, such as “I don’t want to be the richest man in the graveyard” or “Shrouds don’t have pockets”.
As the third richest person in the world and nearing 90 years of age, Warren Buffett has some sage words of wisdom for Georgia Tech students. When asked about his definition of success, he told students that success doesn’t come from wealth, power or fame. Buffett’s take on life is telling: ”If you get to my age in life and nobody thinks well of you, I don’t care how big your bank account is, your life is a disaster.”
These latest attacks are designed to proxy login requests that incorporate SMS-based authentication as a way to seamlessly bypass 2FA protection without being noticed.
Google researchers are seeing more phishing attacks that are 2FA-aware. Attackers are realizing more organizations are embracing two-factor authentication (2FA) as a means of thwarting phishing attacks seeking to compromise credentials. By using a second authentication factor (which usually is a SMS-based verification code), attackers who only capture usernames and passwords have little use for the details collected.
The city of Albany is dealing with the aftereffects of a ransomware attack. According to reports, the attack is impacting the Albany police department systems and patrol cars.
Albany Mayor Kathy Sheehan released a statement over the weekend to confirm the attack. According to the statement, all employees will report to work at normal times as the city investigates the issue.
In 2018, Atlanta found themselves in a similar situation after a ransomware attack. The total cost of the attack ended up in the millions, far exceeding initial estimates. Cyber criminals originally requested about $50,000 worth of bitcoin after infecting the city with SamSam. However, the city was not properly prepared for the attack, and were forced to pay for various emergency services after the attack including digital forensics, incident response, staffing, etc.
As we found in Datto’s State of the Channel Ransomware Report, the initial ransom demand is not what breaks the bank. Instead, the aftermath and cost of downtime are the crippling factors. MSPs report the average requested ransom for SMBs is ~$4,300 while the average cost of downtime related to a ransomware attack is ~$46,800.
Ever feel sore after staring at a screen for too long? You’re not alone. On average, people spend around 2-4 hours reading or texting on their smartphone each day. What you might not know is that as your head is tilted forward, you could be putting up to 60lbs. of added weight on your spine, which may be the cause of some of your “tech neck” soreness.
Old-school Security Awareness Training doesn’t hack it anymore.
SkyPort IT, Inc. has partnered with KnowBe4, the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. More than 15,000 organizations worldwide are using KnowBe4’s platform. There’s now a way to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.
This report provides a high-level perspective on threat intelligence from SonicWall’s researchers. Key findings for 2018 include:
Web app attacks are up 56%, at 26.8 million
Globally, SonicWall logged 10.52 billion malware attacks last year— the most ever on record.
There were 26 million phishing attacks worldwide in 2018, and while this shows a 4.1% decrease since 2017, these attacks have become highly targeted.
SonicWall’s Capture ATP sandbox service found malware hidden in 47,073 PDFs and 50,817 Office files in 2018. While that may not sound like a lot, most security controls cannot identify and mitigate malware hidden in these files.