Attackers are always using new tactics to stay ahead of defenders, and Microsoft’s Office 365 Threat Research Team describes three noteworthy phishing techniques they’ve observed in 2019. The first was the use of hijacked search results to redirect users to malicious sites. Attackers used a traffic generator to artificially push a baited website to the […]
StrandHogg vulnerability threatens 500 of the most popular Android apps
Earlier this month, security researchers at Promon, a Norwegian firm that specializes in in-app security, uncovered a unique vulnerability in Android devices that allows malicious apps to masquerade as legitimate apps and prompt for intrusive permissions that allow them to: Listen to the user through the microphone Take photos using the camera Make or record […]
ServiceDesk Plus named Contender in the Enterprise Service Management space by independent research firm
Forrester has recognized ManageEngine as a contender in the Enterprise Service Management (ESM) space in its latest Forrester Wave: Enterprise Service Management, Q4 2019 report. The report covered twenty-three criteria and recognized fifteen providers in the ESM space. Forrester Research, one of the most respected voices in the analyst community, regularly publishes the Forrester Wave […]
Money Mules and Evil Corp
Last week we reported that the U.S. Justice and Treasury Departments filed charges against and placed sanctions on the members of “Evil Corp.,” the criminal group behind the Dridex malware. Brian Krebs offers a detailed look at how Evil Corp. operates, and particularly at their use of money mules to launder criminally obtained funds. Krebs […]
1000+ Schools Hit By Ransomware Fueled by October Attack Wave
October was a busy month for the bad guys who targeted school districts and students across the USA in a wave of new ransomware attacks. A report released by Armor, a global security solutions provider, noted a substantial rise in ransomware attacks against schools (and school districts) since October 2019. “The report identified 11 new […]
Royal Mail Scam: Sorry, You Haven’t in Fact Won that iPhone 11 Pro
An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they address each recipient by their real name, informing them that they’ve been selected to receive a free iPhone 11 Pro. In order to […]
Dancing with Hackers
Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing technique and proceeded to upload spamming material to not only her page, but resharing items to other celebrity pages. Now, there are two questions that immediately come […]
Cybersecurity Risks Are Threatening Deals
Recent acquisitions highlight the threat that cyber risks can pose to a company’s reputation and bottom line. When Verizon was making a bid for Yahoo’s internet business, the sale price was discounted $350,000 million after Yahoo’s security breaches were discovered. Spirit AeroSystems Holdings had been approved to purchase Asco Industries prior to Asco being hit […]
4 Cybersecurity Budget Focus Areas for Higher Education in 2020
Chief information security officers are grappling with a variety of issues as they try to keep their campuses safe from cyber criminals. In fact, the No. 1 issue for higher ed IT leaders this year is information security, according to EDUCAUSE, a nonprofit association of IT leaders in higher ed. Let’s look at 4 top […]
How Is FTC Data Security Enforcement Changing?
The U.S. Appellate Court agreed with LabMD that an order by the Federal Trade Commission (FTC) for them to “establish a comprehensive information security program” was too vague, leading to changes in the way the FTC handles penalties after conducting audits to confirm that organizations who are collecting data are also taking steps to protect […]