This week ransomware continues to develop, as well as phishing tactics. Popular mobile platform GOMO was breached in a big way, and one of the largest banks in India was robbed over the weekend.
Read More
This week contains the high-profile breach of Reddit, healthcare and education sectors and an exploration of a Dark Web hacking forum.
Read More
While it has been a slow week in terms of the number of breaches, the severity of the breaches that did occur this week is nothing short of disturbing. The information exposed on the open web by ALERRT could be used with far-reaching effects…including both physical and permanent consequences. A cyber-attack conducted against a small business hosting provider in Australia also highlights a “WORST case” scenario for a breach. I strongly encourage everyone to check out their website here for a sobering reminder of what a company crippled by a breach looks like. When you cannot contact your customers to tell them that you have been breached, because you don’t even have a complete list of who your customers are… well, this is a good example of how damaging a breach can be. In other news…
Read More
MSPs should read this, then enroll themselves and every customer in SpotLight ID NOW Chances are, you’ve come across cleverly-crafted ads on sites like CNN.com, Facebook, Yahoo and others that say something like, “Use this site to find out anything… about anyone.” If you are like most good citizens, you probably passed up on the opportunity to use one of these sites to dox, or to search for and publish private or identifying information about an individual on the Internet, typically with malicious intent. Good for you!
Read More
Coming up with a strong password gives me a headache. About 3 years ago, I came up with the most (in my mind) brilliant password EV3R. You see, I used an 8 in the first part of the password to make the word Gr8 – great. Great! I could remember that, because it made me grin at my own cleverness every time I typed it. “You sneaky SOBs will never crack my code!”
Read More
The Parliament’s computer network was recently targeted by a brute force attack. Weak password requirements allowed hackers to gain access to 90 of parliaments 650 member’s email accounts. Although IT staff or 3rd party cyber firms can implement strong cyber-security regulations, the members of the House of Commons, or employees at any company are typically the source of a breach. Without knowing it, Members of the Parliament created threats for themselves, that went undetected until it was too late. In order to minimize the damage or the attempt of blackmail, officials temporarily locked members out of their email accounts.
Read More
A Managed Service Provider (MSP) has a lot to worry about within the information technology services they offer. Your clients probably store data that is critical to their continued success on your servers. If their network becomes breached, your network may become susceptible to risk and vice versa. Using cloud storage providers such as Dropbox, Google Drive and other Cloud Storage Threats may increase these chances because of the limited encryption options and the fact that IT will have limited control and usually no visibility.
Read More
OneLogin, a company that provides single sign-on capabilities to safely store passwords of over 23 million users including 2,000 businesses, has suffered a compromise that included the ability to decrypt customer data. In a recent blog, the company revealed that an attack occurred May 31st at 2 am and was identified by a staff member around 9 am. Through that attack, sensitive information such as user information: passwords and emails, various keys from companies and login credentials for a slew of cloud applications were potentially compromised. In the OneLogin blog post, it was stated that they “…cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.” And according to the email sent out after the breach, customers were instructed on steps they should take to proactively prepare themselves. They were advised to force a OneLogin Directory Password Reset for end users, update credentials on 3rd party apps for provisioning and to do numerous other things. The email also included further updates and information.
Read More