This week Between the Hacks reports on a cyberattack that shuts down Honda factories worldwide, a global vishing campaign attacks almost 100,000 inboxes, a UPnP vulnerability exposes millions of Internet-connected devices, update your Windows 10 systems now, and how to protect your digital privacy while protesting.
Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a categorized list of many of these reports…
This week Between the Hacks reports on two critical vulnerabilities patched in Zoom, 80% of data breaches leverage compromised credentials, attackers are targeting your mobile device to get access to your company network, a 64 year-old man pleads guilty to a business email compromise charges, and use HTTPS Everywhere to better secure your browsing.
Backing up data is something we have been told to do for decades but it is not exciting nor fun and very easy to forget. Additionally, situations requiring the need to restore a file from backup can be rare so it’s easy to understand why many people don’t back up their files even though it’s an important part of life with computers. Think of backups like an insurance policy. You do it in case you need it and hope that you never need to use it.
As consumers and general computer and Internet users, we all have to be our own IT manager and system administrator which means that backups are an important part of our job. While we all know that we should back up our data, some of you may not know why we need these backups.
This week Between the Hacks reports on phish-testing remote employees, 70% of mobile and desktop apps contain open-source security flaws, the Red Cross calls for governments to band together to stop cyberattacks against hospitals, updates on BlackHat USA 2020’s virtual event, and tips to better secure your Gmail account.
I don’t understand why companies, even tech companies, send email to employees and customers with links that use domain names that don’t match their normal, publicly known domain name. I have seen this happen in companies for years, where a department like HR finds a cloud vendor to do some training or to register for benefits. Instead of sending an email to employees from an internal email address, they let the vendor send email to employees with a link to an external, unfamiliar site. When you tell employees to not click on suspicious links, and then send them suspicious links, it undermines the whole security education program.
This week in Between the Hacks, Apple adds contact tracing to the iPhone, a new LogMeIn phish, Windows 7 use is increasing, Verizon releases their 13th annual DBIR report, and Mikko Hyppönen’s Disobey keynote from February, 2020.
Reports released annually by cybersecurity companies are rich resources for cybersecurity professionals, academics, journalists and really anyone who is interested in cybersecurity. Among the dozens that are released each year, arguably the most famous of these is the Verizon Data Breach Investigations Report, also known as the DBIR. This week, Between The Hacks eagerly reviewed the newly released 2020 Verizon Data Breach Investigations Report. At 119-pages, this is the 13th edition of the DBIR and it is the most extensive with more than 32,000 incidents, 3,950 of which were confirmed breaches. If you’re strapped for time, or if you’re more of a TL;DR person and the thought of 119 pages of security stats turns your eyelids into weighted blankets, fear not, there is also a 19-page DBIR Executive Summary available for download.
This week Between the Hacks reports on a 238% increase in cyberattacks against the financial sector, Windows 10 quietly gets a packet sniffer, Google plans to unload resource-hogging ads, a Nigerian crime ring files fraudulent unemployment claims, and a browser plug-in that helps prevent websites from tracking you online.
The decades old joke that “DEF CON has been cancelled”, is now a reality. Well, not cancelled as much as moved online to become a virtual conference for the first time.
On Friday May 8th, 2020, DEF CON tweeted “The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19. In early March we had hopes that things would be stable by August. That is no longer realistic.”
This week Between the Hacks reports on a data breach of 28,000 GoDaddy accounts, Firefox alerts you if you use a leaked password, a new IoT botnet, and a critical vulnerability in all Samsung phones for the past 6 years. Also, to stay up to date on cybersecurity news daily, try out our tip of the week, the Cyberwire podcast.
Phishing is the attacker’s dependable, longtime friend. Around since at least 1995, phishing is used to trick people into providing credit card information, login IDs and passwords, and to gain access to your computer, protected systems and/or networks.
Today, Between The Hacks arms you with the following: phishing background, practical advice, realistic visual examples, and links to reliable resources.
This week Between the Hacks reports on movies infected with malware, the NSA shares tips for teleworkers, a gif hijacks Microsoft Teams, and for the third time in 7 years, the iPhone has a word of death! Also bolster your security and privacy by changing DNS servers and a proof that robots can lie.
The world of cybersecurity is a constant cat and mouse game where attackers find new and creative ways to attack and the defenders discover those methods and figure out how to stop the attacks. The latest wrinkle in this spin around the hamster wheel was revealed by researchers at Barracuda Networks, who discovered that threat actors are now using, “reCAPTCHA walls to block URL scanning services from accessing the content of phishing pages.”
This week the U.S. AIr Force invites hackers to try and hack into an orbiting satellite, your employer may be infecting your home network, Sextortion pays big for scammers, an iOS vulnerability may have silently infected your device just by receiving an email and this week’s tip will help you secure your home network.
Your work computer might be the device that lets a threat actor into your home network. According to research conducted by cybersecurity companies, Arctic Security and Team Cymru, more than 50,000 U.S. organizations have sent their employees to a work from home environment with malware-infected computers.
On a corporate network, firewall rules and cybersecurity tools block certain types of traffic…
Another week of Zoovid-19 news as Zoom and COVID-19 dominate the cybersecurity headlines. Two Zoom zero-day exploits go up for sale. Zoom faces another class-action lawsuit. It’s not all bad news though, Zoom has been busy patching and making strides to regain trust. COVID-19 help is a click away. Social media companies battle Coronavirus misinformation. Home routers are compromised and this blog was selected by Feedspot as one of the Top 100 Cyber Security Blogs on the web. Thanks to all of the readers.
These days it seems that all news stories are related to COVID-19, and that’s also true in the infosec/cybersecurity community. Over the past month, I have read many insightful articles about COVID-19 phishing attacks and scams, and I’ve weighed in on the topic myself. While “top ten” and other lists are popular news items, I realized I hadn’t seen many lists of resources for COVID-19-themed cybersecurity incidents. So, Between the Hacks spent part of this week researching and starting to compile a compendium of pandemic-specific cybersecurity resources. The goal it to raise awareness, to share tips to prevent becoming a victim, resources to get help if you, or someone you know does become a victim, and also, some ways to help others during this global pandemic. As I learn of new resources, I’ll add them to this page.
Whether you celebrate Easter, or Passover, or just surviving another week in self-quarantined, social distancing, please stay safe, stay well, and check in with family, friends and neighbors.
This week we have more updates to the Zoom and COVID-19 sagas (now coined Zoovid-19). More than 2,300 Zoom credentials are found in an underground forum. Sixteen malicious coronavirus mobile apps are discovered, a sextortion campaign takes on different themes, and phishers pretend to be President Trump.
Zoom has made a lot of headlines recently as it has become the video conferencing tool of choice for many companies and individuals who found themselves suddenly quarantined at home due to the COVID-19 pandemic. Zoom’s daily active users jumped from 10 million to over 200 million in 3 months. The appeal of Zoom is that it’s easy to install, easy to use, has some fun features like virtual backgrounds, and its basic version is free. The free version allows for up to 100 participants to meet for a maximum of 40 minutes. This is certainly enough time for quick meetings with colleagues or catching up with friends and family. And if you need more time, just…
