CyberSecure Specialist

03 Nov

Black Basta Ransomware Gang Linked to the FIN7 Hacking Group

Attacks, Malware

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).• Install updates/patch operating…

Read More
03 Nov

New Clipboard Hijacker Replaces Crypto Wallet Addresses with Lookalikes

Attacks, Malware

It is highly recommended to avoid downloading executables from suspicious looking websites or running attachments received over email. These are the two of the most common methods of distributing malware, so avoiding these two actions can help prevent a user from being infected by most types of malware. It is also recommended to implement and maintain good security controls, such as an EDR, on all devices within an organization. Since Laplas appears to be distributed…

Read More
03 Nov

Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent

Data Breaches, Malware, Social Engineering

Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone’s attention. The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the…

Read More
03 Nov

Cisco Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Original release date: November 3, 2022 Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the advisories and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
03 Nov

Apple Releases Security Update for Xcode

Attacks, Insights, Malware

Original release date: November 3, 2022 Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
03 Nov

Hacker Charged With Extorting Online Psychotherapy Service

Information, Insights

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki, a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats. In late October…

Read More
03 Nov

Espionage campaign loads VPN spyware on Android devices via social media

Data Breaches, Malware, Social Engineering

A new espionage campaign, dubbed SandStrike, has been detected using malicious VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It’s an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices. “In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and…

Read More
03 Nov

Is your personal data all over the internet? 7 steps to cleaning up your online presence

Information

You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps Have you ever searched for yourself on Google? It may sound odd, but it is actually a great way to discover a tiny part of what the web knows about us. And, most importantly, it is the only way we have to know if we need to ask Google to remove relevant…

Read More
03 Nov

What is doxing and how to protect yourself

Information

Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you How harmful can it be to have your social media accounts set to public? Or to tag the restaurant where you’re having that delicious meal? Almost everyone does it! Let’s turn the questions around: Do you remember ever searching for someone you just met on social media to find out as much as…

Read More
03 Nov

French hospital crippled by cyberattack – Week in security with Tony Anscombe

Information

As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts A major hospital near Paris has been hit by a ransomware attack that crippled its computer and medical systems and forced it to send patients to other healthcare facilities. The criminals demand $10 million from the hospital for restoring access to its systems, which the facility refused to pay. In this week’s video, Tony wonders if the…

Read More