CyberSecure Specialist

03 Nov

Red Cross Seeks ‘Digital Emblem’ to Protect Against Hacking

Information, News

The International Committee of the Red Cross said Thursday it is seeking support to create a “digital red cross/red crescent emblem” that would make clear to military and other hackers that they have entered the computer systems of medical facilities or Red Cross offices. The Geneva-based humanitarian organization said it was calling on governments, Red Cross and Red Crescent societies, and IT experts to join forces in developing “concrete ways to protect medical and humanitarian…

Read More
03 Nov

Data Breach Affects Vodafone Italia

Attacks, Malware

Customers of Vodafone Italia should remain vigilant moving forward, as they could possibly become targets of phishing campaigns, digital financial fraud, or other forms of identity theft. The partner company, FourB, cut off access to the compromised servers and has indicated they will take steps to improve their security posture moving forward. https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/?&web_view=true

Read More
03 Nov

Black Basta Ransomware Gang Linked to the FIN7 Hacking Group

Attacks, Malware

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).• Install updates/patch operating…

Read More
03 Nov

New Clipboard Hijacker Replaces Crypto Wallet Addresses with Lookalikes

Attacks, Malware

It is highly recommended to avoid downloading executables from suspicious looking websites or running attachments received over email. These are the two of the most common methods of distributing malware, so avoiding these two actions can help prevent a user from being infected by most types of malware. It is also recommended to implement and maintain good security controls, such as an EDR, on all devices within an organization. Since Laplas appears to be distributed…

Read More
03 Nov

Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent

Data Breaches, Malware, Social Engineering

Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone’s attention. The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the…

Read More
03 Nov

Cisco Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Original release date: November 3, 2022 Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the advisories and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
03 Nov

Apple Releases Security Update for Xcode

Attacks, Insights, Malware

Original release date: November 3, 2022 Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
03 Nov

Hacker Charged With Extorting Online Psychotherapy Service

Information, Insights

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki, a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats. In late October…

Read More
03 Nov

Espionage campaign loads VPN spyware on Android devices via social media

Data Breaches, Malware, Social Engineering

A new espionage campaign, dubbed SandStrike, has been detected using malicious VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It’s an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices. “In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and…

Read More
03 Nov

Is your personal data all over the internet? 7 steps to cleaning up your online presence

Information

You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps Have you ever searched for yourself on Google? It may sound odd, but it is actually a great way to discover a tiny part of what the web knows about us. And, most importantly, it is the only way we have to know if we need to ask Google to remove relevant…

Read More