Tag Archive for: Don’t

Ransomware Attacks: Don’t Let Your Guard Down

/in


A recent report from blockchain data company Chainalysis shows that extortion payments for ransomware declined significantly in 2022. The decrease is attributed to the disruption of major ransomware gangs, a weakening in crypto values, and organizations finally stepping up their cybersecurity practices. According to U.S. Deputy Attorney General Lisa Monaco, the industry has pivoted “to a posture where we’re on our front foot.” Based on her view, companies are more focused on making sure they’re doing everything to prevent attacks in the first place and invest in business continuity and backup software that allow computer systems to restart after they have been infected. Does this mean we can refocus on other attack vectors and tactics?

Not so fast. A quick Google ransomware search under ‘News’ will reveal plenty of recent high-profile attacks on Dole, the City of Oakland, and Regal Medical Group and illustrate that even if ransomware appears to be slowing down, organizations cannot let their guards down.

History has shown that cyber adversaries are often adjusting their tactics and techniques to account for evolutions of their victims’ defense strategies before starting a new wave of attacks. For instance, threat actors have shifted from just infecting systems with ransomware to multi-faceted extortion where they steal data and threaten to release it to the public or even sell it. In those cases, traditional ransomware defense tools are less effective.

And while organizations might try to limit their risk exposure to these extortion schemes by taking out cybersecurity insurance policies, going forward this approach might no longer prove efficient. As insurers like Lloyds continue to add restrictions on payouts, including excluding losses related to state-backed cyber-attackers, fewer companies will be able to rely on cybersecurity insurance to mitigate catastrophic risk. Instead, companies need to increase their ransomware preparedness. This is especially true for the recovery of endpoints, which represent an essential tool for remote workers to conduct business in today’s work-from-anywhere environment. In this context cyber resiliency plays an important role,…

Source…

S’pore police: Don’t download files from unknown sources on phones, risks of losing private pics & vids, banking & social media credentials real – Mothership.SG

/in


Follow us on Telegram for the latest updates: https://t.me/mothershipsg

The Singapore police and the Cyber Security Agency of Singapore (CSA) has issued an advisory to remind the public of the dangers of downloading files from unknown sources that can lead to malware installation on victims’ mobile devices.

This may result in confidential and sensitive data, such as banking credentials, being stolen.

Don’t download things from sketchy sources

The advisory said malware may infect mobile devices through various means, including through the downloading of free software from unknown sources, opening of unknown email attachments and visiting of malicious websites.

Users should also be wary if they are asked to download unknown or suspicious Android Package Kit (APK) files onto their mobile devices.

This files may appear with seemingly genuine naming conventions, such as GooglePlay23Update.apk or GooglePlay.apkUpdate.apk.

These are not official APK files released by Google even though they contain the references to “GooglePlay”, the advisory warned.

Plenty of risks

Upon installation of the mobile malware, users’ mobile devices may be exposed to the following risks:

• Significant decline in the mobile devices’ performance

• Unauthorised access to the mobile devices’ systems/ data that allow attackers to remotely control infected mobile devices, possibly resulting in loss of user control

• Unauthorised installation or uninstallation of applications

• Interception of SMSes

• Receipt of unwanted push notifications or warnings

• Exfiltration of confidential and sensitive data stored in infected mobile devices such as banking credentials, stored credit card numbers, social media account credentials, private photos and/ or videos, among other information.

Attackers can use such information to gain unauthorised access to users’ social media accounts to perpetrate impersonation scams or perform fraudulent financial transactions that results in reputational and monetary losses.

Prevention methods

Members of the public are advised to take the following steps to ensure that their mobile devices are adequately protected against malware:

• Only download and install…

Source…

Windows 11 just got some vital security updates, so don’t hang around, patch now

/in


Windows 11 just got a raft of security fixes in the latest round of monthly patching from Microsoft, including some crucial ones.

Security should always be a high priority when it comes to your PC (Image Credit: Pexels)

Open Gallery 2

Security should always be a high priority when it comes to your PC (Image Credit: Pexels)

VIEW GALLERY – 2 IMAGES

In fact, there are three fixes for zero-day vulnerabilities provided, meaning bugs in Windows 11 which are public knowledge. And in this case, these security flaws are being actively exploited by nefarious types – so they represent a clear potential danger to Windows 11 users.

In total, there are 77 vulnerabilities fixed by Microsoft’s February patch for Windows 11 PCs, and nine are labeled as ‘critical.’

Let’s take a closer look at those worrying zero-day flaws, the first of which is CVE-2023-21823, which affects not just Windows 11 but also Windows 10 systems. This is a remote code execution vulnerability an attacker can use to leverage system privileges, and what’s particularly concerning is that according to a recent report, it’s not hard to exploit.

A security expert, Mike Walters (VP of vulnerability and threat research at Action1), told Forbes: “This vulnerability is relatively simple to exploit, utilizes local vectors, and requires low levels of access.”

It also doesn’t need the user to do anything (like click on something and fall for a pop-up prompt, for example) in order to work.

There’s a really important thing to note on this one, and that’s rather than being deployed by Windows Update, the fix for this vulnerability is being piped to Windows PCs via an update from the Microsoft Store. In other words, if you’ve disabled automatic updates from the store, that’s something you need to be aware of.

The other zero-days are CVE-2023-23376, an elevation of privilege vulnerability (local, as opposed to a glitch that can be remotely exploited), and CVE-2023-21715 which affects Microsoft Publisher. The latter allows an attacker to evade security countermeasures that block Office macros which could be malicious, but unless you run Publisher, this isn’t one to fret over.

With a total of 77 security fixes here, it’s pretty obvious that this is an update you should grab – although that’s fewer vulnerabilities than the previous January cumulative…

Source…

Don’t ignore the Apple security updates

/in


This week, Apple warned customers of security flaws in its devices which could allow hackers to take complete control of a person’s devices. Experts say this exploitation is something to take seriously.

“This is not just kind of a run-of-the-mill bug that maybe you’re hoping your malware program is going to screen out,” Scott Shackelford, Executive Director at IU’s Center for Applied Cybersecurity Research, said.

Apple acknowledged hackers could get into phones and computers and take complete control which is why immediately patching the device is so important.

No one knows when the vulnerabilities were exploited, and Apple has not released how or by whom the issues were discovered.

“There are types of vulnerabilities that nobody knows about until they are actually released,” Mark Ostrowski, Head of Engineering at Check Point, said. “Those are the dangerous ones that you want to be sure you patch right away.”

Cybersecurity experts say it’s important people have turned the automatic patches on within the phone or computer’s settings.

“The issue is, not everybody has those automatic patches turned on or we keep clicking remind me later and as a result, these systems remain vulnerable, usually for some time,” Shackelford said.

Ostrowski said this recent security flaw does not automatically victimize a user.

“You would still have to fall victim to a phishing attack where you’re providing information or going somewhere that someone is luring you to, or I would have had to have gone to a malicious website for this vulnerability to actually take action,” Ostrowski said.

Apple said those with iPhone 6s and later and many iPad models should all immediately patch their devices. Experts advise everyone to keep an eye on their accounts.

Source…