Sales: 833-641-1814 - Service: 585-582-1600
Cybersecurity News: Week at a Glance

Comment

Cybersecurity News: Week at a Glance

TechCrunch’s summary lists the latest events in cybersecurity for the week.

  • Facebook says its password leak affected ‘millions’ of Instagram users

  • Mystery agent is doxing Iran’s hackers and dumping their code

  • The Weather Channel was knocked off the air for over an hour

  • Cybersecurity firm Verint hit by ransomware

  • Security flaw in French government messaging app exposed confidential conversations.

Comment

WordPress Vulnerability Roundup Q1 - 2019

Comment

WordPress Vulnerability Roundup Q1 - 2019

WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to add-in features and extend the functionality of WordPress websites. Since WordPress is the most popular CMS, it becomes the common target for hackers to cause more damage than any other platform.

To check which vulnerabilities were discovered, click here.

Comment

WinRAR exploit gives attackers 'full control' of Windows PC

Comment

WinRAR exploit gives attackers 'full control' of Windows PC

Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater. 

The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months.

Click here to learn more.

Comment

Warren Buffett's Measure for Success in One Word

Comment

Warren Buffett's Measure for Success in One Word

Very wealthy people have often shared epithets regarding how they felt about their wealth at the end of their lives, such as “I don’t want to be the richest man in the graveyard” or  “Shrouds don’t have pockets”. 

As the third richest person in the world and nearing 90 years of age, Warren Buffett has some sage words of wisdom for Georgia Tech students. When asked about his definition of success, he told students that success doesn’t come from wealth, power or fame. Buffett’s take on life is telling: ”If you get to my age in life and nobody thinks well of you, I don’t care how big your bank account is, your life is a disaster.”

To learn Buffett’s one-word definition of success, click here.

Comment

New Phishing Attack Makes 2FA Useless

Comment

New Phishing Attack Makes 2FA Useless

These latest attacks are designed to proxy login requests that incorporate SMS-based authentication as a way to seamlessly bypass 2FA protection without being noticed.

Google researchers are seeing more phishing attacks that are 2FA-aware. Attackers are realizing more organizations are embracing two-factor authentication (2FA) as a means of thwarting phishing attacks seeking to compromise credentials. By using a second authentication factor (which usually is a SMS-based verification code), attackers who only capture usernames and passwords have little use for the details collected.

To learn more, check out CyberheistNews Volume 9 #15

Comment

Albany Hit with Malware Attack

Comment

Albany Hit with Malware Attack

The city of Albany is dealing with the aftereffects of a ransomware attack. According to reports, the attack is impacting the Albany police department systems and patrol cars. 

Albany Mayor Kathy Sheehan released a statement over the weekend to confirm the attack. According to the statement, all employees will report to work at normal times as the city investigates the issue.

In 2018, Atlanta found themselves in a similar situation after a ransomware attack. The total cost of the attack ended up in the millions, far exceeding initial estimates. Cyber criminals originally requested about $50,000 worth of bitcoin after infecting the city with SamSam. However, the city was not properly prepared for the attack, and were forced to pay for various emergency services after the attack including digital forensics, incident response, staffing, etc.

As we found in Datto’s State of the Channel Ransomware Report, the initial ransom demand is not what breaks the bank. Instead, the aftermath and cost of downtime are the crippling factors. MSPs report the average requested ransom for SMBs is ~$4,300 while the average cost of downtime related to a ransomware attack is ~$46,800.

Comment

SkyPort IT: Security Awareness Training

Comment

SkyPort IT: Security Awareness Training

Old-school Security Awareness Training doesn’t hack it anymore.

SkyPort IT, Inc. has partnered with KnowBe4, the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. More than 15,000 organizations worldwide are using KnowBe4’s platform. There’s now a way to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks.

Check out this PDF that lists SkyPort IT’s features and plans.

Comment

SonicWall Cyber Threat Report: 2019

Comment

SonicWall Cyber Threat Report: 2019

This report provides a high-level perspective on threat intelligence from SonicWall’s researchers. Key findings for 2018 include:

  • Web app attacks are up 56%, at 26.8 million

  • Globally, SonicWall logged 10.52 billion malware attacks last year— the most ever on record.

  • There were 26 million phishing attacks worldwide in 2018, and while this shows a 4.1% decrease since 2017, these attacks have become highly targeted.

  • SonicWall’s Capture ATP sandbox service found malware hidden in 47,073 PDFs and 50,817 Office files in 2018. While that may not sound like a lot, most security controls cannot identify and mitigate malware hidden in these files.

For more information, check out the full report here.

Comment

Spear Phishing: Threats and Findings

Comment

Spear Phishing: Threats and Findings

Spear phishing, a highly-personalized form of email attack, is becoming an increasingly common problem for businesses. Attackers using this method research their targets and craft carefully-designed messages, often impersonating a colleague, website or business. The goal of these emails is to steal sensitive information such as passwords or financial information, which is then used to commit identity theft, fraud and other crimes.

The three most prevalent types of phishing attacks are brand impersonation, business email compromise, and blackmail. Tactics such as urgency, brevity and pressure are used to increase the likelihood of success.

  • Around 83% of spear-phishing attacks involve brand impersonation

  • Nearly 1 in 5 attacks involve impersonation of a financial institution.

  • Microsoft and Apple are the top two impersonated brands

Business email compromise attacks make up only 6% of spear-phishing attacks, but have caused more than $12.5 billion in losses since 2013

There are a few quick ways to inspect an email’s validity for evidence of spear phishing. Make sure to check for spelling mistakes within the body of the email, as there may be small errors that were overlooked. Also, make sure to hover over any links (don’t click!) to check that you’re being redirected to the appropriate website.

For more information on spear phishing, check out the Barracuda report here.

Comment

Free Electronic Waste Disposal

Comment

Free Electronic Waste Disposal

There will be a free electronic waste disposal on April 6th between 9am and 12pm at the Rush Henrietta Central School District Transportation and Operations Center.  This event is being hosted by assemblywoman Marjorie Byrnes.

The center is located at 1133 Lehigh Station Rd, Henrietta NY 14467.

Comment

SkyPort IT supports FIRST Robotics Team

Comment

SkyPort IT supports FIRST Robotics Team

FIRST Team 2228, otherwise known as CougarTech, is a robotics team primarily composed of students from the Honeoye Falls-Lima and Rush Henrietta central school districts. The team came in 8th place in this year’s Finger Lakes Regional competition. SkyPort IT financially supports CougarTech with hardware and support labor (our CEO’s wife is even a mentor for the team)!

Congratulations to CougarTech on all their hard work this season!

Comment