Tag: vulnerabilities

A baby blue background features a sleek laptop with a bright pink pop up box springing out of it with asterisks and a lock to indicate a secure login.

Boost Remote Security and Ease Everyone’s Stress With This Tool

by Kevin Lancaster

More technology brings more tools for work and entertainment - and more logins to remember. Everyone has too many these days, causing endless trouble for both users and techs. This phenomenon leads to endemic password reuse, weak passwords, and password mishandling. How can SMBs solve this problem? By making logins a one-stop-shop.

Read More
A worker sits at a sleek desk wearing a suit jacket and tie on top and flip flops and flowered shorts on the bottom with an adorable orange cat under the desk, animation-style.

Cyberattacks Double as Remote Work Creates Unexpected Vulnerabilities

by Kevin Lancaster

New ways to work bring new cybersecurity challenges - and new opportunities for cybercriminals. Cyberattacks have doubled since January 2020, and phishing attacks have skyrocketed. Here are 3 safety steps that SMBs can take today to defend against this surge in attacks.

Read More
A dark-haired caucasian woman smiles while typing on her silver laptop computer at a sleek desk with a green wall and window behind her.

Remote Work Vulnerabilities and How to Address Them

by Kevin Lancaster

Remote workers are getting things done, but they're also creating some unexpected cybersecurity risks to their companies systems and data. Here are some actionable steps to help mitigate those risks before you have a data breach.

Read More
A blue globe with a dark blue arrow appears on a computer monitor.

Stolen Account Info Zooms to Dark Web for 500K+ Zoom Users

by Kevin Lancaster

Zoom meetings have become the way we do business right now, but they aren't as safe as you might think. A batch of stolen credentials recently discovered on the Dark Web plus unexpected vulnerabilities means that every company needs to be alert to the dangers of virtual meetings.

Read More

Passly Packs 7 Essential Features to Secure a Remote Workforce

by Kevin Lancaster

Today's worker can stay connected to the systems and data that they need to work efficiently anytime from anywhere. Remote work isn't just convenient for companies - it's also convenient for cybercriminals. Take a look at 7 features of Passly that can quickly mitigate that threat.

Read More
a hand holding a piece of papaer that says phishing scam on it is pictured passing the paper to someone with a handful of cash.

FBI Warns Against COVID-19 Business Fund Transfer Phishing Scams

by Kevin Lancaster

A new FBI warning outlines a special kind of phishing scam targeting c-suite and accounts payable staff - proving that phishing training is necessary at every level.

Read More

Malware-Laden COVID-19 Emails Exploit MS Office Vulnerability

by Kevin Lancaster

The Secret Service warns that clever new phishing attacks simulating official emails, files, and links are being perpetrated by cybercriminals looking to take advantage of the anxiety created by COVID-19 and exploit an old MS Office vulnerability.

Read More

The Week in Breach: 12/21/18 – 12/28/18

by Kevin Lancaster

Breach news to share with your customers!

Read More

The Week in Breach: 08/19/18 – 08/25/18

by Kevin Lancaster

A slow, but troubling week to say the least! Phishing and compromised databases still rule the day. This Week in Breach highlights incidents involving a New York-based gaming developer, medical data held by a University, and the disclosure of sensitive data held by a popular babysitter application. Highlights from The Week in Breach: Dark Web Ads! Twitch.tv sees a breach. Healthcare Nightmare! In Other News: Is Breaking Bad? A German company by the name of Breaking Security has been up in arms about the use of their legitimate software named Remcos (Remote Control and Surveillance). Remcos is used for managing Windows systems remotely and is increasingly being used by hackers for malicious attacks known as Remote Access Trojan (RAT). The question is, however… are they telling the truth? Researchers have uncovered that the product sold by the company is widely advertised on Dark Web hacking forums and it seems that not only does the organization know that this is happening, they are encouraging it. Breaking Security has strongly stated that any license linked to malicious hacking campaigns are revoked, yet still, many hacking campaigns continue to use the service. https://www.darkreading.com/attacks-breaches/attackers-using-legitimate-remote-admin-tool-in-multiple-threat-campaigns/d/d-id/1332631 Not So Private Messages In May, the popular live streaming service, Twitch, exposed user’s private messages because of a bug in their code. The Amazon subsidiary disabled the service, which allowed users to download an archive of past messages. When a user requested this archive, the game streaming company accidentally intertwined messages from other users. Twitch has come out and said that this only affected a limited number of users and has provided a link for customers to visit so they can find out if any of their messages were exposed and what the messages were. https://www.bleepingcomputer.com/news/security/twitch-glitch-exposed-some-users-private-messages/ Podcasts: Know Tech Talks – Hosted by Barb Paluszkiewicz IT Provider Network – The Podcast for Growing IT Service The Continuum Podcast Security Now – Hosted by Steve Gibson, Leo Laporte Small Business, Big Marketing – Australia’s #1 Marketing Show! United States – Augusta University Exploit: Email compromise by phishing attacks. Risk to Small Business: High: This is a significant breach in scale and severity, and due to the sensitive nature of the data compromised the organization will likely face heavy fines. Individual Risk: Extreme: Individuals affected by this breach are at high risk for identity theft, as well as their medical information being sold on the Dark Web. Augusta University: Georgia based healthcare network. Date Occurred/Discovered: September 10, 2017 – July 11, 2018 Date Disclosed: August 20, 2018 Data Compromised: Medical record numbers Treatment information Surgical details Demographic information Medical data Diagnoses Medications Dates of services Insurance information Social Security numbers Driver’s license numbers Customers Impacted: 417,000 https://cyware.com/news/augusta-university-health-breach-exposes-personal-records-of-over-400k-patients-432de74e https://www.augusta.edu/notice/message.php United States - Animoto Exploit: Undisclosed. Risk to Small Business: High: A breach of customer trust, especially involving geolocation data, can be highly damaging to a company’s image. Individual Risk: Moderate: Users affected by this breach are at a higher risk of spam and phishing. Animoto: New York-based company that provides a cloud-based video-making service for social media sites. Date Occurred/Discovered: July 10, 2018 Date Disclosed: August 2018 Data Compromised: Names Dates of birth User email addresses Salted and hashed passwords Geolocation Customers Impacted: Unclear. https://techcrunch.com/2018/08/20/animoto-hack-exposes-personal-information-geolocation-data/ United States - Sitter Exploit: Exposed MongoDB database. Risk to Small Business: High: Most customers would be uncomfortable with a company leaking data about their kids and when they are left alone with someone who doesn’t live there. Individual Risk: High: A lot of sensitive personal information was exposed in this breach, much of it unsettling. Sitter: An app that connects babysitters and parents. Date Occurred/Discovered: August 14, 2018 Date Disclosed: August 14, 2018 Data Compromised: Encrypted passwords Number of children per family User home addresses Phone numbers Users address book contacts Partial payment card numbers Past in-app chats Details about sitting sessions Locations Times Customers Impacted: 93,000. https://www.linkedin.com/pulse/incident-report-no1-babysitter-application-exposure-bob-diachenko/ https://www.bleepingcomputer.com/news/security/mongodb-server-exposes-babysitting-apps-database/ Australia – Melbourne High School Exploit: Negligence. Risk to Small Business: Extreme: This is a major exposure of sensitive and potentially embarrassing information that could irreparably damage a company’s reputation. Individual Risk: High: Those affected by the data breach have sensitive information about their personal medical information that is considered highly private and could leave them exposed to identity theft. Melbourne High School: School in Melbourne. Date Occurred/Discovered: August 20-22, 2018 Date Disclosed: August 22, 2018 Data Compromised: Medical information Mental health conditions Learning behavioral difficulties Customers Impacted: 300 students. https://www.theguardian.com/australia-news/2018/aug/22/melbourne-student-health-records-posted-online-in-appalling-privacy-breach A note to your customers: Tick Tock. The cost of cybercrime is no joke. This is easy to say from the perspective of someone whose business it is to know all about cybercrime trends, attack vectors, and yada, yada, yada. But to really quantify how big of a problem cybercrime is in the world of business, it is often easier to compare it to day to day things… like a doctor explaining a complicated procedure or a mechanic telling you why your car is making that noise. So today I would like to compare the cost of cybercrime to the most universal understanding that there is… time. The cost of cybercrime each minute globally: $1,138,888 The number of cybercrime victims each minute globally: 1,861 Number of records leaked globally each minute (from publicly disclosed incidents): 5,518 The number of new phishing domains each minute: .21 As you can see, cybercrime buids by the minute. https://www.darkreading.com/application-security/how-threats-increase-in-internet-time/d/d-id/1332629 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know! Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

Read More

The Week in Breach: 4/2/18 – 4/8/18

by Kevin Lancaster

There is a storm brewing over at Facebook. I will reserve summary and comments for next week - after Zuckerberg testifies. I will say however, the simple fact is that you did not/do not need to be a data analytics firm to harvest data and profile millions (potentially billions) of Facebook users. More to come...

Read More