Category: Uncategorized
-
A Look Into “Password Hygiene” and How to Implement It
According to a 2020 study conducted by Stanford University, almost 90% of cyber security breaches are caused by human error. Though there are a variety of factors that contribute to this statistic, one of the main offenses is poor password hygiene. “Password hygiene” is the practice of ensuring your passwords are unique, secure, and difficult to crack. You can do your part toward improving… Read more
-
Public Wi-Fi Safety
The use of public wi-fi has become a worldwide phenomenon over the last ten years with establishments offering free wi-fi in exchange for their business and attendance. Moreover, many companies are pushing for their workers to work remotely nowadays, thus increasing the availability and comfort of using free public wi-fi. However, anything deemed free in life will normally come with a… Read more
-
Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed “Seventh Inferno” (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon’s Cries (CVSS… Read more
-
Russian Ransomware Group REvil Back Online After Two-Month Hiatus
The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. Two of the dark web portals, including the gang’s Happy Blog data leak site and its payment/negotiation site, have resurfaces online, with the most recent victim added… Read more
-
SEC Fines Three Financial Advisory Firms Due To The Failure To Protect Customer PII
U.S. Securities and Exchange Commission (SEC) regulators sanctioned eight entities associated with three financial advisory firms for failing to protect the personally identifying information (PII) of thousands of their customers whose email accounts were hacked. The SEC separately charged five entities tied to Cetera Entities, two associated with Cambridge Investment Research and KMS Financial Services… Read more
-
The Internet of Things
IoT devices have become more prevalent in our everyday lives and have even trickled into businesses. From thermostats to monitors for manufacturing equipment, almost every device that we use today has some form of ‘smart’ option for it. While this may seem like a great and easy way to slide into the technological future, the… Read more
-
New SideWalk Backdoor Targets U.S.-based Computer Retail Business
A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk. SideWalk is a modular backdoor that can dynamically load additional modules sent from its command-and-control server. It then makes use of Google Docs as a dead drop resolver, and Cloudflare workers as a command-and-control server. This malware… Read more
-
A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
The Texas-based company, SolarWinds, that became the epicenter of a massive supply chain attack late last year has issued patches to contain a remote code execution flaw. These changes were brought on by the Microsoft notification to the IT management and remote monitoring software maker that the flaw was being exploited in the wild. SolarWinds… Read more
-
Ransomware in the Age of Globalization
Have you ever felt the fear of having your personal information shared in the increasingly volatile virtual space? What would you do to prevent some of this information from leaking? If you are like most people, then chances are you would be willing to pay anything you can afford to avoid embarrassment and exposure that… Read more
-
SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
In another sign of the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away. The threat actor behind the malicious activity used password spraying and brute-force attacks to guess passwords and gain access to its customer account. The recent activity was mostly unsuccessful and the majority… Read more