A vulnerability was recently discovered that is effectively guaranteed to impact all computer users, from private users to businesses. While this situation will take some time to resolve fully, we want to make sure you know everything that needs to be done to protect yourself from Log4j.
The recent discovery of four flaws in Microsoftās Exchange Server software came too late to prevent a rash of stolen emails, but that doesnāt mean you need to remain vulnerable to this attack. Letās go over the story so far, and how you can help protect your business.
True to form, 2020 has given us a final parting gift: the news that the United States was targeted this year by the biggest cyberespionage attack ever. Letās go into the ramifications of this attack, and what it should teach us going forward.
Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.
Virtual private networks are vulnerable to an exploit that was recently brought to light. Cisco has announced that this exploit undermines its ASA, or Adaptive Security Appliance tool. If this issue isnāt patched immediately, you could find your organization vulnerable through remote code exploitation.
In a statement given by Tom Bossert, the homeland security adviser to the White House, blame for the WannaCry attacks leveraged from May 12th to the 15th in 2017 was attributed to the Democratic Peopleās Republic of Korea. This assertion is in line with the conclusions that New Zealand, Australia, Canada, and Japan have come to, according to Bossert.
Using the most up-to-date versions of your technologyās operating systems is one of the best ways to stay secure. Yet, some organizations forego the jump to more recent operating systems due to the immense up-front expense represented by upgrading multiple servers or workstations at once. Unfortunately, this can be detrimental to your organizationās security, and potentially even put your businessās future at risk.
Run your Windows Updates and be very skeptical about opening unsolicited emails. Failure to do so may result in a very dangerous strain of ransomware that could infect your entire network and spread to your clients, partners, and prospects.
ATMs are, surprisingly enough, not the most secure pieces of technology out there, though there are efforts to improve security by taking advantage of mobile devices. Granted, this wonāt be enough to protect against the considerable vulnerabilities in ATMs. In order to maximize security and minimize the amount of damage done by vulnerabilities, the user needs to understand how to protect themselves while using ATMs.
One of the major password managers out there, LastPass, has become the victim of a major vulnerability. Google researchers from the Zero Day Project discovered this, along with other flaws within LastPass.
Guess what? Today is National Clean Out Your Computer Day, and we know the perfect way to celebrate! Go grab yourself a can of compressed air and your trusted IT technician, because it would be a shame if you were to miss out on this annual opportunity to improve your computerās performance.
If we told you that automated teller machines, or ATMs, were susceptible to hacking attacks, would you believe us? You should; there are a plethora of ways for hackers to infiltrate and steal money from ATMs, with the latest being so dangerous that even the Secret Service has issued warnings about it.
Every security professionalās worst nightmare consists of the National Security Agency (NSA) being hacked. While thereās no proof that the NSA itself has been hacked, there is some evidence to suggest that some of the exploits used by the agency are up for grabs on the black market. What this means is that a lucky group of hackers could potentially get their hands on some very dangerous tools.
The Internal Revenue Service is one organization that you donāt want to mess with. Thanks to their antics filing fraudulent tax returns through the often-exploited Get Transcript site managed by the IRS, Anthony and Sonia Alika have to do some time in the slammer; and thatās not even mentioning what they have to pay the IRS in restitution.
Ransomware, the malware variant that has appeared more and more frequently has struck again, this time targeting users of Microsoft Outlook in a zero-day attack. A malware variant of Cerber (a ransomware) was recently utilized in a large scale attack on users of the messaging program, sent via phishing emails to corporate users.
27 vulnerabilities: The amount of vulnerabilities that were resolved with the round of security patches in Microsoftās latest Patch Tuesday. Windows, Microsoft Office, Internet Explorer, the Edge browser, and more, were all affected. Itās important to patch these vulnerabilities as soon as possible, especially if you havenāt done so already.
The Petya ransomware, a particularly vicious monster of a threat, has reared its ugly head once again, only this time, itās not alone. Petya now comes bundled together with Mischa, yet another ransomware that works well alongside Petya. The ransomware is delivered via an inconspicuous email disguised as a job application, with a resume attached. Once the user downloads the file, Petya encrypts the files located on the device.
While security experts tend to focus the brunt of their discussions on desktop OS vulnerabilities, there are plenty of mobile malware threats that fly under the radar. One such malware is called Hummer; a trojan that installs unwanted apps and malware on a device, and can be found on over a million phones worldwide.
A vulnerability has been uncovered in all Windows systems - one thatās described as āprobably the widest impact in the history of Windows.ā Coined BadTunnel, the vulnerability could provide attackers a route directly past the defenses of a system to set up a man-in-the-middle style attack.
No security solution is perfect. Each one has its own set of pros and cons. For example, relying completely on an automated solution is thorough, but it will flag plenty of threats that arenāt really threats (aka, false positives). Meanwhile, a human overseeing security is great for spotting worrisome trends, but a human canāt possibly catch every single attack. With this dynamic in mind, a team of researchers from MIT has successfully blended the two.