An alleged hacker’s bail hearing held online via Zoom with screen sharing enabled… what could possibly go wrong? Well, damn near everything as it turns out. Maybe IT needs to help these judges learn how Zoom works?
The world of ransomware and digital extortion is full of threats and uncertainties. At our recent New York and Philadelphia virtual conference, cybersecurity attorney Daniel Pepper addressed five major questions surrounding ransomware. According to Pepper, the top ways he’s seeing cybercriminals gain access to corporate networks to launch ransomware are: 1) Vulnerable ports left open on the internet; 2) Phishing emails made to look quite legitimate from savvy threat actors; 3) Social engineering attacks, although a little less frequent now, aimed at convincing victims to provide credentials to a particular system; and 4) Remote Desktop Protocol (RDP) exploits are becoming the most common way in which we’re seeing ransomware deployed: through Remote Desktop Protocol (RDP) exploits…. Read more
Original release date: August 6, 2020
The National Security Agency (NSA) has released an information sheet with guidance on how to limit location data exposure for National Security System (NSS) / Department of Defense (DoD) system users, as well as the general public. NSA outlines mobile device geolocation services and provides recommendations on how to prevent the exposure of sensitive location information and reduce the amount of location data shared.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA’s guidance on Limiting Location Data Exposure and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting mobile location data.
New Cybersecurity Classes From Cybrary
During this time, cybersecurity is at the forefront of every organization’s mind. Increase traffic to websites, along with remote employees, has created a hotbed for hackers. Your IT and cybersecurity skills are more valuable than ever before, and right now is the best time to improve them.
We have a few new courses that we think you’d love. Check them out and let us know what you think!
- Fundamentals of Vulnerability Management
- DNSTwist Fundamentals
- Introduction to the OWASP API Security Top 10
- Incident Response Lifecycle
If you like to read, our community releases new blog posts every day, which is a great way to keep up with industry trends. The Cybrary Blog >>
In theory, it seems quite simple: You carry business interruption insurance, your business suffers significant losses that you can document, and your coverage does not exclude viruses. Still, legal experts say fulfilling such claims may be an uphill battle.
“Insurers are denying the vast majority of claims, and many policyholders have already filed lawsuits seeking court rulings that their COVID-19-related losses are covered,” said Tamara Bruno, a partner at the global law firm Pillsbury Winthrop Shaw Pittman. Read more…
Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.
Original release date: August 11, 2020
The Center for Internet Security (CIS) has released its 2019 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights CIS’s role in improving cyber defense and MS-ISAC’s advances in membership, monitoring, cyber education, and information sharing with partners.
Original release date: August 12, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. Read more…