Note: We request users and network administrators to go through the documents listed at the bottom of this article, and share them with your cybersecurity experts. The three documents might help you review your security measures, and guard against SamSam ransomware attacks. As per the 2017 State of Endpoint Security Risk… Continue Reading How to Protect Your Network Against SamSam Ransomware Attacks

In an article last week, we highlighted the case of a Dutch firm that lost €19m ($21m) to a Business Email Compromise (BEC) scam to push forward the idea of having strong security measures for preventing BEC Scams. Today, we came across the news of a (rather old) BEC incident… Continue Reading Preventing BEC Scams: Manual controls and multi-person authorization

The 2nd quarter phishing activity trends report published by the anti-phishing working group (APWG) has reported a jump in the number of phishing attacks using encryption to fool victims. As per the APWG report, 35% of phishing attacks in the second quarter of 2018 were hosted on websites with HTTPS and… Continue Reading Phishing Trends Report a Jump in Phishing Attacks Using Encryption

I just came across this post by Alastair Paterson of Security Week highlighting that attackers are monetizing non-traditional methods to compromise business accounts (BEC and EAC). Alastair points at three alternative methods that are being successfully put at work: Using email credentials purchased from criminal forums, Re-trying the credentials of already… Continue Reading 7 Security Measures Against BEC You CANNOT Neglect

On September 27th, with a public service announcement, the Internet Crime Complaint Center (IC3) has warned businesses and individuals that RDP accesses are being sold on dark markets, and malicious actors can infiltrate the connection between machines and inject malware or ransomware into the remote system. Possible threats include ransomware… Continue Reading RDP access is too risky to use, IC3 warns

Recovering from a ransomware attack without paying ransom is BIG news – especially for small healthcare providers whose operations could get disrupted indefinitely in case of such a breach. An Iowa clinic has managed to do and that too within a day’s period. Jones eye clinic and its affiliated surgery… Continue Reading Iowa Clinic Ends Ransomware Attack without Paying

On Sept 5, 2018, law enforcement alerted Inova Health of a data breach. It appears that their billing systems were accessed by a bad actor using an employee’s credentials first in January 2017, and then again, between July-October 2017. The breach has impacted 12,331 patients. An article by Databreaches.net points… Continue Reading What makes strong passwords so important?

“Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes… The malware’s key objective is to steal passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets.” Secure List, Loki Bot: On a hunt for corporate passwords   Experts from Kapresky lab have come… Continue Reading Major Security Firms Detect a Surge in Phishing Attacks on Corporate Email Accounts

Of the 229 breaches added this year to the HHS “wall of shame”, the largest one is the attack on UnityPoint Health. The Iowan company fell victim to a business email compromise (BEC) attack that compromised its business email system. How big is the UnityPoint Health data breach? As per… Continue Reading Business Email Compromise – How it Works?

Two articles that I came across today highlight the serious risk of poor data destruction procedures. The National Health Service in Surrey (UK) has been fined £200,000 (about US$300,000) for failing to completely remove patient data from recycled PCs – some of which ended up on an online auction site.… Continue Reading Don’t Ignore Data Destruction