Twitter URLs could be abused for various activities including distributing malware, spread fake news, and redirecting users to a phishing page. This redirection trick is even more powerful on mobile devices, as the redirect is completely hidden and the tweet opens in the Twitter client.
To read more on how this could be done, check out Cyware’s article here.
U.S. Customs and Border Protection has confirmed a data breach has exposed the photos of travelers and vehicles traveling in and out of the United States.
The photos were transferred to a subcontractor’s network and later stolen through a “malicious cyberattack,” a CBP spokesperson told TechCrunch in an email.
For more information, check out the article here.
Australia’s top-ranked university said on Tuesday hackers breached its cyber defenses late last year to obtain sensitive data, including students’ bank account numbers and passport details going back 19 years.
For more information, check out the article here.
Over the month of March, nearly one million people in the United States had their medical files exposed in data breaches, according to HIPAA Journal. And after a ransomware attack forced a medical center in Michigan to close, it is evident that healthcare organization’s become an attractive attack target among hackers.
To find out more, check out the article here.
"Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else."
A recent phishing campaign peppered more than 100,000 business email addresses with fake legal threats harboring malware.
Oracle has announced that as of January 2019, Java SE 8 public updates will no longer be available for “Business, Commercial or Production use” without a license. This is being done in an effort to push Oracle customers towards subscription-based support.
The only known target of the Israeli spyware software that reportedly exploited WhatsApp in recent weeks says that others were likely targeted.
Facebook, which owns WhatsApp, warned about the attacks on Monday, which could have placed spyware on phones by exploiting a serious issue within the messaging app. The human rights lawyer affected by the attacks believed that the attack on his phone was unsuccessful, but feared other targets were compromised.
For the full article, click here.
Hackers have stolen over $40 million worth of bitcoin from cryptocurrency exchange, Binance. The hackers also stole user information (such as two-factor authentication codes) which are required to log in to a Binance account.
Click this link for more information.
The World Video Game Hall of Fame has inducted Microsoft’s Solitaire into it’s institution. The Hall of Fame resides here in Rochester, NY, at The Strong’s National Museum of Play.
According to the article, “Solitaire may be a video game for the ages, but its inclusion in Windows had a higher purpose. The developers of the operating system felt that the familiar game was the perfect way to introduce users to relatively new computing concepts, like using a mouse and drag-and-drop. By playing Solitaire, users honed more than their card skills: a win-win for all.”
To read more, check out the article here.
A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users' systems.
The number of impacted users is believed to be very high, as the SupportAssist tool is one of the apps that Dell will pre-install on all Dell laptops and computers the company ships with a running Windows OS (systems sold without an OS are not impacted).
For more information, check out the full article here.
Today is World Password Day! World Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong passwords. It seems like we all have even more passwords with each passing year, though, and there are some conflicting ideas of what password best practices are, which makes the idea of password security more challenging for the average individual.
For more information, check out the Forbes article here.
Scott County Schools has announced the district is a victim of a multi-million dollar online scam.
The FBI is now investigating after Superintendent Dr. Kevin Hub said an undisclosed vendor told the district it never was paid for an invoice from two weeks ago. As the district investigated, it learned it fell victim to a fraudulent email disguising as the vendor.
For more info, click here.
Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws.
The attack stems from peer-to-peer (P2P) communication technology in all of these Internet of Things (IoT) devices, which allows them to be accessed without any manual configuration. The particular P2P solution that they use, iLnkP2P, is developed by Shenzhen Yunni Technology and contains two vulnerabilities that could allow remote hackers to find and take over vulnerable cameras used in the devices.
Link to full article.
An analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts, as it appeared in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111.
The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.
For more, check out this BBC article.
Invest in cybersecurity to protect operations
Economic slowdowns are the worst time to experience a cyberattack. It is essential that businesses protect data sources — especially employee, customer and financial data.
TechCrunch’s summary lists the latest events in cybersecurity for the week.
Facebook says its password leak affected ‘millions’ of Instagram users
Mystery agent is doxing Iran’s hackers and dumping their code
The Weather Channel was knocked off the air for over an hour
Cybersecurity firm Verint hit by ransomware
Security flaw in French government messaging app exposed confidential conversations.
WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to add-in features and extend the functionality of WordPress websites. Since WordPress is the most popular CMS, it becomes the common target for hackers to cause more damage than any other platform.
To check which vulnerabilities were discovered, click here.
Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater.
The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months.
Click here to learn more.
Business is hard enough without sending a hacker $40k. Hackers may take advantage of a slightly changed domain name in order to mimic a legitimate business.
This piece written by our CEO, Daniel Marcellus, discusses the importance of vigilance and verifying information when it comes to email phishing scams.
Click for PDF form of this article.
Very wealthy people have often shared epithets regarding how they felt about their wealth at the end of their lives, such as “I don’t want to be the richest man in the graveyard” or “Shrouds don’t have pockets”.
As the third richest person in the world and nearing 90 years of age, Warren Buffett has some sage words of wisdom for Georgia Tech students. When asked about his definition of success, he told students that success doesn’t come from wealth, power or fame. Buffett’s take on life is telling: ”If you get to my age in life and nobody thinks well of you, I don’t care how big your bank account is, your life is a disaster.”
To learn Buffett’s one-word definition of success, click here.