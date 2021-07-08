Cancel
Don’t be that employee: How to avoid ransomware attacks at work

By Tatum Hunter
Washington Post
 15 days ago

Cover picture for the articleWhen a security vulnerability at IT software-maker Kaseya led to a ransomware attack that affected 800 to 1,500 businesses, it wasn’t one employee’s fault. But that’s not always the case. Ransomware, which locks down a target’s computers and data, can infect a network a few different ways, including through employee...

#Phishing Attacks#Email Security#Phishing Emails#Business Email Compromise#Kaseya
Internetleedaily.com

Google Issues Warning For 2 Billion Chrome Users- Third vulnerability in a Month

Google is a perfect example of where power comes responsibility. Google Chrome is the most popular browser on almost every platform, mainly Windows and Android. The browser is available on nearly all Android devices. Many others, including Vivaldi, Opera, Microsoft Edge, and Brave Browser, use the same Chromium browser engine as Google, With over two billion users globally.
SoftwareZDNet

This password-stealing Windows malware is distributed via ads in search results

A newly discovered form of malware delivered to victims via adverts in search results is being used as a gateway to stealing passwords, installing cryptocurrency miners and delivering additional trojan malware. Detailed by cybersecurity company Bitdefender, the malware – which targets Windows – has been dubbed MosaicLoader and has infected...
TechnologyHarvard Health

What Companies Need to Know About Modern Ransomware Attacks and How to Respond

Antonia M. Apps and Adam Fee are partners and Matthew Laroche is special counsel at Milbank LLP. This post is based on their Milbank memorandum. Ransomware is an escalating and evolving cybersecurity threat facing organizations around the world. In 2020, ransomware attacks increased seven-fold by year end, with over 17,000 devices detecting ransomware each day. [1] As an added challenge, ransomware is more sophisticated than ever before with modern variants designed to inflict immense damage and perpetrators demanding higher payouts. In the past few months alone, ransomware has caused catastrophic disruptions to the business activities of, among others, Colonial Pipeline, food processing giant JBS USA Holdings Inc., and Ireland’s national health care system. [2] Successful attacks cost businesses millions of dollars, including disruption to business, personnel cost, device cost, network cost, lost opportunity, reputational harm, and a potential payment of a ransom. [3] Cybercriminals are demanding and making more and more money, with the average ransomware payout per event growing from approximately $115,000 in 2018 to more than $300,000 in 2020; and the highest ransom paid more than doubling from $5 million between 2015 and 2019 to $11 million in 2021. [4] Governments, law enforcement, and regulatory bodies have taken notice, with companies facing pressure to effectively prepare for and respond to ransomware attacks. [5]
Public Safetytechacrobat.com

10 Ways To Detect a Cyber-Attack

Sometimes it can be very hard to detect that your company’s system is under attack. Many fail to see the early signs until it’s too late, and over a quarter of breaches remain undetected for months. The most important thing you need to know to minimize the risk is learning how to see the warning signs and understand some cyber essentials. There are a variety of ways to achieve it.
Public Safetysecurityboulevard.com

Hackers Exploit the COVID-19 Pandemic for Cyber Scams

Cyber criminals are taking advantage of the global crisis coronavirus pandemic (COVID-19) to attempt cyber scams!. While the world is busy fighting with the coronavirus pandemic (COVID-19), cyber attackers are misusing this global crisis for their malicious use. The outbreak of newly discovered endangering infectious disease coronavirus (COVID-19) has kept people across the world on their toes to save lives.
Public SafetyBBC

Ransomware key to unlock customer data from REvil attack

US IT firm Kaseya - which was the first to be targeted earlier this month - said it got the key from a “trusted third party”. Ransomware is malicious software that steals computer data and scrambles it so the victim cannot gain access. The hackers then ask for payment in...
Technologythreatpost.com

Kaseya Obtains Universal Decryptor for REvil Ransomware

The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it’s unclear if the ransom was paid. Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2.
TechnologyVentureBeat

Hackers co-opt Microsoft’s anti-phishing feature for phishing attacks

Sometimes, security features don’t go as planned. Email security company Vade has discovered that a Microsoft 365 setting intended to protect enterprise users has been co-opted by malicious actors, who are instead using it to launch sophisticated and automated phishing attacks. Hackers specifically are exploiting the custom login page feature,...
Softwarebiztechmagazine.com

Q&A: How Chrome OS Foils Ransomware in Hybrid Work Environments

As more workers get vaccinated against COVID-19 and employers begin reopening physical workspaces, they’re starting to resolve open questions about how often employees will be expected to work onsite. Most seem poised to operate hybrid work environments that include both onsite and remote work. That leaves businesses with tough challenges...
Public SafetyZDNet

Ransomware: How banks and credit unions can secure their data from attacks

As ransomware attacks surge across various industries, how should banks and credit unions protect their data, their customers' data, and their reputation? ZDNet caught up with Steve Bomberger, head of SEI IT Services, to learn more about how banks and credit unions can avoid ransomware attacks and why they should pay close attention to what's going on in the ransomware world right now.
Data Securityhelpnetsecurity.com

DDoS attacks increased 33% in H1 2021

There has been a 33% increase in the number of DDoS attacks in H1 2021, according to a report published by Link11. Between January and June, there were record numbers of attacks compared to the same period last year. The report also found that between Q1 2021 and Q2 2021 there was a 19% increase in DDoS campaigns, some of which were over 100 Gbps in attack volume; further evidence that hackers are continuing to exploit the vulnerabilities of businesses during the pandemic.
Public SafetyItproportal

What are the key challenges facing employees when it comes to phishing attacks?

Humans are often described as the weakest link in an organization’s security posture, and we frequently see ‘human error’ as a reason why an attacker has been able to breach an organization’s network. The human error that causes such attacks may be through phishing emails when cybercriminals send large numbers of targeted malicious messages to an employee which are disguised as coming from a trusted source. An employee only has to click on a malicious link once in an email that looks genuine for a potentially catastrophic security incident to take place that could then cost millions of pounds.
SoftwareThe Hacker News

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and download and execute files from attacker-controlled domains.
ComputersPCWorld

Pirate gamers, beware: This malware targets you

In 2021, crime doesn’t pay if you can’t be found on Google. That’s apparently what the creators of the new MosaicLoader family of malware discovered. PC security company Bitdefender recently published a whitepaper detailing the new malicious software that lures users to download it via paid ads...for pirated games. Bitdefender...
SoftwareMacRumors Forums

Common Windows Malware Can Now Infect Macs

A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer). Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. The malware was discovered by security researchers at Check Point Software.
Softwarenewsbrig.com

19 days after REvil’s ransomware attack on Kaseya VSA systems, there’s a fix

Just ahead of the July 4th holiday weekend, a ransomware attack targeted organizations using Kaseya VSA remote management software. The outfit behind the attack, REvil, initially requested a $70 million ransom and claimed to have locked down millions of devices. That was before REvil suddenly went offline on July 13th, disconnecting its servers, abandoning forums, and shutting down a page on the dark web used to communicate with victims.
Public Safetysecurityboulevard.com

Why Understanding Cyber Criminals Behavior and Tools is Vital

The attack landscape continues to grow rapidly, and with that growth comes the complex challenge of tracking the Tactics, Techniques, and Procedures (TTPs) used by different threat actors. The National Institute of Standards and Technology’s (NIST) Computer Security Resource Center describes TTPs as the behavior of a threat actor; tracking that behavior has become an essential concept for Cyber Threat Intelligence (CTI) Analysts. By profiling and documenting criminal TTPs network defenders can better understand criminal behavior and how specific attacks are orchestrated, allowing them the ability to prepare, respond and mitigate current and future threats.

