300 W. Merrill St. Birmingham, MI 48009 | (248) 647-1700

Cybersecurity Update 12/11/2024

Here are your top cybersecurity stories for the week:

  • Cyber Attack Threatens Part of Mich. Townshipā€™s Bond Money
    • White Lake Township fell victim to a sophisticated cyberattack that compromised a $29 million infrastructure bond intended for its $35 million civic center project. As federal authorities and financial institutions investigate, township officials have paused certain aspects of the project and are reviewing internal systems. Transparency has been pledged, but details on the impact and recovery remain forthcoming.
  • Toronto Public Library says more than 4,000 non-employees affected by cyberattack
    • The Toronto Public Library (TPL) revealed that a 2023 cyberattack potentially compromised the personal data of 4,100 non-employees, including cardholders, donors, and job applicants, as well as staff information dating back to 1998. The breach disrupted services for months, impacting online systems, printers, and computers across its 100 branches. TPL has since implemented stronger safeguards and reported the incident to Ontarioā€™s Information and Privacy Commissioner.
  • Ransomware sends Ohio county emergency services back to pen and paper
    • Wood County, Ohio, experienced a ransomware attack that disrupted public safety operations, including emergency dispatches, jails, and police records, though 911 and fire services remain functional. Emergency staff are temporarily reverting to pen-and-paper methods, while the IT department works with the FBI and cybersecurity consultants to address the issue. Officials have not confirmed receiving a random demand and plan to follow federal guidelines discouraging ransom payments.
  • At least 8 U.S. telecom firms were hit by Chinaā€™s hacking campaign, White House says
    • A Chinese hacking campaign has impacted at least eight U.S. telecom firms and dozens of countries compromising private communications of senior U.S. officials and prominent political figures, though no classified information is believed to have been accessed. The White House emphasized that vulnerabilities remain, with affected companies yet to fully remove the attackers from their networks. Federal agencies have issues technical guidance to strengthen cybersecurity defenses, while China denies responsibility and accuses the U.S. of cyberattacks.
  • Microsoft 365 outage takes down Office web apps, admin center
    • Microsoft is investigating a Microsoft 365 outage affecting web apps like Outlook and OneDrive, with users encountering service disruption messages. The issue, tied to token generation within the authentication infrastructure, primarily impacts some users accessing apps via browsers. Microsoft has deployed a fix and has confirmed the issue is now resolved.

 


 


Cybersecurity Update 12/04/2024

Here are your top cybersecurity stories from last week:

  • Hoboken, New Jersey, slowing recovering from Thanksgiving week cyberattack
    • Hoboken, NJ, is recovering from a ransomware attack that disrupted city services, including municipal court operations and street cleaning, just before Thanksgiving. While most online services, such as parking permits, have been restored, some systems like email and Wi-Fi, remain offline. The city is working with federal law enforcement and IT specialists to investigate the attack but has not disclosed whether a cybercriminal organization has claimed responsibility.
  • The U.S. Government Just Hacked Itself
    • The Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a red team exercise, simulating real-world cyberattacks to assess the defenses of a U.S. critical infrastructure organization. Over three months, the team performed 12 test scenarios, uncovering significant vulnerabilities, including initial access through a leftover web shell from a prior security assessment. The report concluded that the organization lacked sufficient technical controls, relied too heavily on endpoint detection, and required improved staff training and secure configurations to address malicious activity effectively.
  • Cyber-attack potentially discloses personal information of veterans
    • The Veterans Health Administration (VHA) is notifying over 2,000 veterans of a potential breach of protected health information following a cyberattack on a server managed by a medical transcription vendor, DBP, Inc. While VA electronic health records were unaffected, files containing names and Social Security numbers may have been accessed. The server was shut down, new hardware and security measures were implemented, and affected veterans will receive notification letters with details about the incident and available resources.
  • Vodka maker Stoli files for bankruptcy in US after ransomware attack
    • Stoli Groupā€™s U.S. subsidiaries filed for bankruptcy following a ransomware attack in August 2024 that crippled their IT systems and forced manual operations, with recovery not expected until 2025. This came after Russian authorities seized the groupā€™s last two distilleries, valued at $100 million, in response to Stoliā€™s support for Ukrainian refugees. Compounding financial challenges, the companies defaulted on a $78 million debt due to their inability to provide financial reports after the attack.
  • ā€˜Russia can turn the lights offā€™: how the UK is preparing for cyberwar
    • Amid growing cyber threats, Sweden has updated its war preparedness guide, urging citizens to stockpile essentials and prepare for cyberattacks and disinformation campaigns, with Russia cited as a key concern. Similar guidance in Scandinavian countries highlights risks to utilities, with experts warning of Russian cyber-aggression targeting critical infrastructure across Europe and NATO. While governments emphasize resilience and robust cybersecurity measures, the onus remains on infrastructure owners to counter potential disruptions effectively.

 


 


Cybersecurity Update 8/12/2024

Here are your top cybersecurity stories from last week:

  • Hackers leak 2.7 billion data records with Social Security numbers
    • Data allegedly coming from National Public Data was leaked on hacking forums. 2.7 billion records of personal information for individuals living in the United States. The data contains addresses and social security numbers.
  • Delta Air Lines and CrowdStrike clash over costly IT outage
    • Delta airlines is threatening legal action against Microsoft and CrowdStrike over an incident that occurred July 19th that saw over 5,000 flight cancelations due to a faulty update from CrowdStrike. The update caused Windows computers to crash and become unbootable and is estimated to have caused $500 million in loses according to a Delta CEO.
  • Cybercrime group threatens to release city data on dark web unless $1.7M ransom paid, expert says
    • A hacking group known as Rhysida is threatening to release a trove of stolen information from the city of Columbus. The group obtained the information from a data breach that occurred last month and is asking for $1.7 million. The Columbus city government is still experiencing IT problems since the data breach last month.
  • North Miami City Hall to reopen following cyberattack that disrupted government services
    • North Miami City Hall will reopen Monday after essential government services were impacted by a possible cyberattack last week. This was the second possible attack in days to cities in Florida, as a blood donation center was impacted by a ransomware attack the week before. Services at the North Miami Public Library were not impacted!
  • Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
    • A widespread malware campaign has been found to have force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers. The extensions are usually undetected by antivirus tools. Security researches at ReasonLabs say the infections are coming from users downloading software installers from fake sites promoted in Google search results.

 


Cybersecurity Awareness Month Continues:

Anatomy of a Phishing Email

One of the most common threats in the cybersecurity world is phishing emails. These emails are designed with the intentions of deceiving the victim into giving up personal information, clicking on malicious links, or downloading attachments that contain Malware. Letā€™s take a look at the anatomy of a phishing email and give you some tips to recognize and avoid these scams!

  • Senderā€™s email address: Phishing messages will often come from a forged or suspicious email address. Always be sure to examine the sender email address closely. Look for unusual characters, misspelled domain names, or random letters and numbers. Most legitimate organizations usually use official domain names for their emails, never generic or unfamiliar addresses.
  • Urgent tone, alarmist language: Phishing emails often contain a very urgent tone to try and manipulate the target into taking action before they have time to examine the message closely. Always be extremely cautious if an email claims that your account will be suspended if you donā€™t respond immediately. Look out for emails that claim youā€™ve won a prize but have to respond quickly. These emails will typically rely on fear or excitement to make you act without investigating further.
  • Generic greetings: A reoccurring trait of phishing emails is the use of generic greetings. ā€œDear Userā€ or ā€œHello Customer.ā€ My favorite being ā€œHello, Iā€™m a Hacker.ā€ Most organizations you do business with will address you by your name. If you see a generic greeting, consider it a red flag and investigate further.
  • Poor grammar and spelling: Many phishing emails originate from non-native English speakers which can result in grammar and spelling errors. If you notice an email with more than one issue here, itā€™s best to err on the side of caution.
  • Requests for personal information: Most professional organizations will never ask for sensitive personal information like Social Security numbers, credit card details or passwords through email. If you ever receive such a request, be extremely cautious as itā€™s likely a phishing attempt.

Understanding the basic anatomy of a phishing email can go far, but even top security experts have fallen victim to phishing scams. Remember to always look at the sender information and be alert when an email asks for any personal information. Look out for bogus logos and signatures. Always be cautious when receiving suspicious links or attachments.Online safety is so important these days. Being skeptical can help you navigate the internet with more confidence. Thatā€™s all for today. Stay vigilant and be safe!

 


Cybersecurity Awareness Month Continues:

Safe and Secure Passwords

The passwords you use are the first line of defense when it comes to protecting your personal information. Itā€™s important to keep up with the latest best practices for managing secure passwords. Letā€™s take a few minutes to look at some tips to keep your personal information protected with better passwords!

Here is a good foundation for creating a secure password:

  • Password Length: These days, the longer the password the better. Itā€™s recommended to have a password of at least 12 characters long. If you can make them longer, you absolutely should. The longer the password the harder they are for a hacker to crack.
  • Complexity: You should try to use a password combination that includes uppercase and lowercase letters. Numbers and special characters are also essential. Never use basic number combinations or simple words, these can be cracked fairly easily.
  • Be unpredictable: Avoid common words, phrases or patterns. Song lyrics can be good but you need to make sure to mix them up with special characters or numbers. Stay away from birthdays, names or pet names.

Now thatā€™s weā€™ve laid the foundation, here are some general tips to handle your many online accounts:

  • Unique passwords for every account: While it may seem tedious or cumbersome, itā€™s very important to make sure you use a unique password for your most important information. If you use the same password for everything, if one account is hacked, basically all of your accounts are hacked! So itā€™s best to avoid this all together and just use unique passwords for everything.
  • Password managers: Password managers can be an invaluable tool to help create and store very complex passwords. Most in the cybersecurity world will highly recommend finding a password manager that works for you.
  • Two-Factor Authentication (2FA): Whatā€™s great about 2FA is the ability to add an extra layer of protection to your accounts. Usually this involves you receiving a text message with a special pin, or a mobile app to confirm your identity when trying to log into your account. If someone does steal your passwords, they would also have to have your phone or email to gain access so itā€™s definitely worth using if available.
  • Update your passwords: Again, while it can seem time consuming and tedious, periodically updating your passwords is a great habit to get into. If you discover a company you use has a data breach you should always update your passwords immediately.

Following the basic foundation and general steps should go a long way, but itā€™s also important to pay attention to the news. Stay up to date about the latest cybersecurity news and data breaches. Putting it all together should go a long way to securing and protecting your most sensitive data. Thatā€™s it for now. Remember to stay vigilant and protect your personal information with strong, secure passwords.


October is cybersecurity awareness month! Here are 31 basic cybersecurity tips to help protect your personal and professional data:

  1. Use strong, unique passwords: Always make sure to create complex passwords for you accounts. Avoid using birthdays or common words. The National Institute of Standards and Technology (NIST) recommends all user-created passwords be at least 8 characters in length.
  2. Enable multi-factor authentication (MFA): MFA adds a nice extra layer of security to your accounts. Consider adding MFA to any account that contains sensitive data, especially anything that stores payment information.
  3. Keep software updated: Always update your software and antivirus programs. Update operating systems for the latest patches to avoid security vulnerabilities.
  4. Use a password manager: Password managers are great tools to have for personal and professional use. Itā€™s a very easy way to generate and store complex passwords.
  5. Be wary of phishing: Always pay close to emails with links and attachments. Never click links or open attachments from unknown senders.
  6. Educate yourself: Itā€™s a good idea to periodically review common threats and vulnerabilities. Also stay updated on the best security practices to protect yourself.
  7. Secure your Wi-Fi: Make sure to create a unique strong password for your Wi-Fi Network. Use WPA3 encryption if available.
  8. Use a firewall: Most computers have built in firewall options. Make sure you are using the firewall to help protect yourself from unauthorized access.
  9. Regularly back up data: To help prevent against data loss or ransomware attacks, it is recommended to back up your data as much as possible. Monthly or even weekly backups can be a huge life-saver!
  10. Install Antivirus software: Get into the habit of running antivirus software regularly to detect and remove malware.
  11. Lock your devices: Itā€™s a very good practice to set up password or PIN protection on your mobile devices to prevent unauthorized access.
  12. Encrypt sensitive data: For your most sensitive data, itā€™s a good idea to use encryption tools for data at rest (data stored at the OS, Container, or Database level), and in transit (data being transported outside or between trusted environments).
  13. Keep personal and professional work separate: Separate your personal and profession accounts. Try to avoid using personal devices for professional use whenever possible.
  14. Secure physical access: Make sure to protect your devices from theft and tampering.
  15. Use secure connections: You should only access sensitive information over secure, encrypted connections. You can tell if a website is using a secure protocol if it has ā€œHTTPSā€ instead of ā€œHTTP.ā€
  16. Be cautious on social media: Information shared on social media is commonly used in social engineering attacks. Be careful not to give away too much personal information on social media.
  17. Regularly review app permissions: Pay attention to the permissions you grant to apps on your devices. Often times random apps gain access to your personal files, or pictures and if those apps are ever compromised, so if your personal data!
  18. Disable unused services: Itā€™s a good practice to turn off or even uninstall unnecessary services and features on your devices.
  19. Enable device tracking: Certain devices have features that can be enabled if the device is lost or stolen. Explore features like ā€œFind My Deviceā€ for tracking options. Some devices even have a remote wipe feature that can be very useful if your device has been stolen.
  20. Create separate email accounts: Make sure to have email accounts for personal and professional use.
  21. Secure your router: Change default login credentials. Enable WPA3 or WPA2 wireless encryption. Disable remote management and UPnP (Universal Plug and Play).
  22. Be cautious with public Wi-Fi: Never use a public Wi-Fi network to conduct sensitive transactions.
  23. Monitor your accounts: Get in the habit of regularly reviewing your bank and credit card statements to track suspicious activity.
  24. Employ application whitelisting: Only allow trusted applications to run on your computer and mobile devices.
  25. Secure your mobile devices: Think of mobile devices as computers. Apply similar security measures to your tablets and smartphones as you do for your computers.
  26. Be skeptical of unsolicited emails: Never trust an unsolicited email message. Always be cautious of emails requesting personal or financial information.
  27. Disable unneeded browser extensions: Keep track of your browser extensions and remember browser extensions can pose different security risks. Sometimes itā€™s best to just disable or uninstall them.
  28. Use encrypted messaging: For sensitive communications, itā€™s best to use end-to-end encryption. Look for messaging apps with the best encryption practices.
  29. Secure cloud storage: Use two-factor authentication and make sure your most sensitive files are encrypted when using cloud storage.
  30. Implement a disaster recovery plan: Make sure to have a plan in place to respond to a data breach or cyberattack.
  31. Stay informed: Pay attention to the latest cybersecurity news. Ransomware and data breaches are becoming more and more common. Often times a big breach starts from a simple phishing scam. Itā€™s good to pay attention to cybersecurity news stories to develop better practices and adapt to the ever changing risks we face online.

Thatā€™s all for this week, stay safe, and stay vigilant!

 


Welcome to this weekā€™s cybersecurity update! Staying up to date with latest security related news and vulnerabilities helps impact the decisions we make. As technology advances, our lives become more connected to the digital landscape than ever. Itā€™s important to do our best to protect our personal information and security. We once again had some big news stories this week so letā€™s get our coffee ready and get to the news!

Here are last weekā€™s news stories ending July 14th:

The News:

  • Apple Issues New Round of Rapid Security Response Updates
    • SecureWorld has a short article about Apple releasing Rapid Security Response updates to address a Zero-Day vulnerability found in fully patched Apple devices. Rapid Security Response updates have recently been introduced by Apple as a way to patch bugs and exploits in between major software updates. Ā Most Apple devices will automatically apply these updates and prompt the user to restart their device when finished. Some cybersecurity experts are praising Appleā€™s efforts while others were critical of Appleā€™s lack of explanation regarding the vulnerabilities. Yet another reminder to always update and patch your mobile devices when updates become available.
  • Beware of a Sophisticated Phishing Attack Targeting Microsoft 364 Users
    • Fox News has an article about a new phishing scam that targets Microsoft 365 users. The phishing email contains an attachment that uses a malicious JavaScript code. When a user clicks on the attachment it opens up a web page that makes it look like the user was logged out of their 365 account. If the user enters their login credentials it would allow the hackers to obtain the userā€™s authentication information. If we sound like a broken record talking about phishing scams, just remember that the most successful hacking operations usually start from a phishing email. Always remember to be careful when dealing suspicious emails!
  • USB Drive Malware Attacks Spiking Again in First Half of 2023
    • BleepingComputer has an interesting report about the rise in malware attacks through USB drives this year. Researches have noted a threefold increase in malware coming from USB drives in just the first half of 2023. USB attacks have a variety of advantages over other types of hacking attempts. Often times the malicious processes will launch in complete stealth and by the time you realize somethings wrong itā€™s already too late. The article serves as an important reminder to always be cautious when handling a USB device of unknown origin. If you come across a random USB drive, never plug it into your computer!
  • New York City Schools had Warnings Before Cyber Attack
    • Government Technology (GT) has a story about New York city school systems having received an audit warning of potential risks and lack of preparedness for cybersecurity incidents. The story is a cautionary tale, as the audit was conducted shortly before a major breach that affected thousands of NYC childrenā€™s personal information. State education officials have suggested that local school districts are primarily responsible for protecting personal data. Despite that, the audit found many gaps in security procedures, especially when it came to reporting such security incidents to the affected parties. If something like this can happen in the biggest school district in the country, itā€™s very likely that other school districts arenā€™t fully prepared to protect personal data either.
  • Hayward Hacked: City Suffers Ransomware Attack, Turns Off Website
    • Fox KTVU reports on a California city suffering a ransomware attack that affected their public website and online city portals. 911 and other emergency services were still operational, but the city had to take down their website and pause many business operations while their IT teams investigated the attack. The Hayward Library system was also affected, as their internet services and Wi-Fi access for visitors were suspended. At this time, there is no evidence that any personal information was compromised during the breach. Another reminder that local governments need to have incident response plans in place to be more prepared for these types of attacks.

To end our weekly security update, we wanted to post a follow up story about the Detroit Public Library and the City of Detroit getting scammed for more than $600,000.

Two Years After a Major Detroit Public Library Theft, No Arrests Have Been Made and 400k is Still Missing

Thatā€™s all for this week, weā€™ll be back next Monday for more security related news. Have a good week and stay vigilant!

 

 


Online privacy and security are at the forefront of todayā€™s top news stories. Welcome to another edition of our cybersecurity blog where we keep you up to date with the latest news from the digital world. We took a few weeks off, but hackers and threat actors never stop. Letā€™s get into this weekā€™s top news stories!

Here are last weekā€™s news stories ending July 7th:

The News:

  • Microsoft Teams Exploitable by New Phishing Tool
    • SecureWorld has a good write up about Microsoft Teams, and the security researchers that discovered a major exploit. The security researchers created a tool that demonstrates how hackers can send messages to anyone in an organization despite not being part of the organizationā€™s recipient lists. Microsoft has acknowledged the vulnerability but has declined to work on fixing it. This article really illustrates how important it is for individuals and businesses to pay attention to security news, as major vendors will sometimes refuse to patch known vulnerabilities in a timely manner.
  • CISA Warns Govt Agencies to Patch Actively Exploited Android Driver
    • BleepingComputer summarizes the recent news about CISA ordering federal agencies to patch android devices immediately due to several security flaws. Agencies have 3 weeks to secure their android devices. One of the known security flaws would allow an attacker to gain root access to the affected device. This article once again shows the importance of security updates and the need for small and large businesses to have a good mobile device policy in place.
  • Iranian Hackersā€™ Sophisticated Malware Targets Windows and macOS Users
    • The Hacker News reports on an Iranian hacker group linked to the Islamic Revolutionary Guard, and their recent phishing attacks that can install Malware that affects both Windows and macOs operating systems. The article displays the attack sequence discovered by a security firm and notes the different actions taken depending on the installed OS. While the article displays a complicated chain of events, itā€™s also worth noting that such attacks typically begin from a phishing attempt. Always remember to be mindful when clicking links or downloading attachments from emails!
  • Ransomware Criminals Are Dumping Kidsā€™ Private Files Online After School Hacks
    • AP News documents a disturbing story about cybercriminals dumping studentsā€™ personal information online. The article mainly talks about the Minneapolis Public School district refusing to pay a 1 million ransom and having student documents posted online as a result. The information was shared on social media and the dark web. Itā€™s important to be aware of such data breaches and to be prepared. Some of the documents contained very personal information. Once information is posted on the dark web itā€™s near impossible to get that information removed.
  • 559,000 Individuals Affected by Murfreesboro Medical Clinic & SurgiCenter Cyberattack
    • The HIPAA Journal writes about the Murfreesboro Medical Clinic and SurgiCenter (MMC) recently confirming that over half a million patients had their health information compromised by hackers. MMC wasnā€™t able to determine if the files were accessed or removed from their servers, but they did note that the network accessed did contain files with protected health information. The article also includes a few more news stories related to HIPPA breaches. Itā€™s important to pay attention to these stories and remember that your health care providers have a duty to report any breaches that involve Protected Health Information (PHI).

To end this weekā€™s blog update, we would like to share an article from Fidelity about safeguarding your personal information to avoid identify theft scams.

Donā€™t Get Hooked by these Financial Scams

Thatā€™s all for this week, weā€™ll be back next Monday for another edition! Thanks for reading, have a good rest of your week, stay safe and stay vigilant!

 


Welcome to another edition of our Cybersecurity weekly blog. We believe staying up to date with the latest news and security threats helps us make better decisions when navigating today’s ever expanding online world. We will get started with some headlines and then offer some tips on the best practices for a safe and secure password.

Here are last weekā€™s news stories ending June 3rd:

The News:

  • Malicious Chrome extensions with 75M installs removed from Web Store
    • Bleeping Computer reports on a story where Google recently removed 32 malicious extensions from their Web Store. The extensions were found to push spam, alter search results, and they were downloaded over 75 million times. This story highlights the need for users to exercise caution when downloading apps and browser extensions from official store pages. It also notes that despite these extensions being removed from the store page, users will have to manually uninstall the affected extensions to be safe.
  • Akron-Summit County Public Library investigating ā€˜ransomware incidentā€™ that caused outages
    • The Akron Beacon Journal writes about a ransomware attack on the Akron-Summit County Public Library and its 18 branches. Computers, phones and the library catalog were taken offline for a few days. The incident is still being investigated but the story highlights the quick action taken by the librariesā€™ team to investigate and secure their systems.
  • Idaho hospital diverts ambulances, turns to paper charting following cyberattack
    • Fierce Healthcare reports on a cyberattack targeting the Idaho Falls Community Hospital and its partner clinics. Ambulances were diverted, some clinics closed, and paper charting was used while services were disrupted. Itā€™s unclear at this point if it was a ransomware attack. The article highlights the importance of having a plan in place in the event of such attacks.
  • FTC Slams Amazon with 30.8M Fine for Privacy Violations Involving Alexa and Ring
    • The Hacker News is reporting on a story about Amazonā€™s Alexa assistant and Ring security cameras. The FTC recently hit Amazon with a $30 million dollar fine that includes a $25 million penalty for breaching childrenā€™s privacy laws. A big takeaway from this story is that while some of these security devices and voice assistants can make our lives easier, they also come with some big security risks.
  • Microsoft Discovers Critical macOS Vulnerability Allowing SIP Bypass
    • SecureWorld has an article about Microsoft discovering a critical macOS vulnerability. The vulnerability referred to as ā€œMigraineā€ allows attackers to bypass System Integrity Protection (SIP) if they have root access. This article shows that collaboration is important in the security world, and big tech companies should work together when the need arises. MacOS users should also make sure to update their OS to the latest version as soon as possible.

Best password practices in 2023:

  1. Use strong and unique passwords for all accounts.
  2. Never use information in a password that can be found on your social media accounts.
  3. Do not use words found in a dictionary, come up with passphrases instead.
  4. Make sure to use upper and lower case letters with a combination of numbers and symbols.
  5. Never reuse the same password on multiple accounts.
  6. Minimum password length of 14 characters.
  7. Password managers are a great tool for storing and creating complex passwords.
  8. 2-factor authentication is recommended for all accounts linked to sensitive data.

Never use any of the following: (Top 10 most used passwords 2022 according to Forbes)

password 123456 123456789 Guest Qwerty
12345678 111111 12345 Col123456 123123

Remember that having a strong password is vital to keeping your most important data safe and secure. Thatā€™s all for this weekā€™s Cybersecurity blog post. Weā€™ll be back next week for another edition! Thanks for reading, remember to be vigilant and stay safe out there!

 

Ā 
Ā 

Welcome to this week’s edition of our Cybersecurity Blog, where we bring you the latest updates on online security and practical tips to keep you safe in the digital realm. Stay informed and empowered as we take a look at the latest news in the world of cybersecurity.

Here are last weekā€™s news stories ending on May 19th:

Ā 
The News:
  • Smashing Pumpkins Singer Pays Ransom to Avoid Early Release of Songs
    • SecureWorld.io reports on the recent ransomware attack targeting the iconic rock band, Smashing Pumpkins. This incident highlights the ongoing threat of ransomware attacks targeting high-profile individuals and organizations, emphasizing the importance of robust cybersecurity measures and proactive defense strategies.
  • Cybercrime gang pre-infects millions of Android devices with malware
    • BleepingComputer reveals a sophisticated cybercrime gang that has pre-infected millions of Android devices with malware. The malware is capable of stealing personal information, intercepting SMS messages, and displaying fraudulent advertisements, posing a significant threat to Android users worldwide.
  • US. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
    • The Hacker News announces that the US government has issued a $10 million reward for information leading to the identification and capture of a Russian national accused of launching ransomware attacks on thousands of victims across the world. This aggressive move demonstrates the government’s commitment to combating the escalating threat of ransomware attacks and sends a strong message to cybercriminals involved in such activities.
  • Cybersecurity audit of Utah state government released
    • Fox 13 Now reports on the findings of a cybersecurity audit conducted on the Utah State Government. The audit highlights how much money cyberattacks have cost the state and notes that some local governments have only one part time employee working on cyber security policies and procedures.
  • Apple fixes three new zero-days exploited to hack iPhones, Macs
    • BleepingComputer reveals that Apple has addressed three previously unknown vulnerabilities, or zero-days, that were actively exploited to target iPhones and Macs. The patches aim to prevent potential malicious activities and reinforce the security of Apple devices, highlighting the importance of promptly updating software to mitigate such risks.
Ā 

As we wrap up this blog entry, we want to share with you the top three ways to safeguard your personal data online and maintain your privacy in the digital world.

  1. Strong and Unique Passwords: Use strong, complex passwords for all your online accounts. Avoid using common passwords or reusing passwords across different platforms. Consider using a reputable password manager to generate and securely store your passwords.
  2. Enable Two-Factor Authentication (2FA): Enable 2FA whenever possible for your online accounts. This adds an extra layer of security by requiring a second verification step, such as a unique code sent to your mobile device, in addition to your password. It significantly reduces the risk of unauthorized access even if your password is compromised.
  3. Be Mindful of Sharing Personal Information: Exercise caution when sharing personal information online. Only provide necessary details on trusted platforms and avoid oversharing on social media. Regularly review privacy settings on social media accounts and limit the visibility of your personal information to a trusted audience.

By implementing these three key practices, you’ll greatly enhance your online security and reduce the risk of your personal information falling into the wrong hands. Thank you for being a part of our journey to promote cybersecurity awareness. Stay informed, stay vigilant, and continue to prioritize your privacy in the digital age.

Ā 
Ā 

Welcome to our Weekly Cybersecurity News segment where you can stay informed about the latest data breaches, hacking incidents, emerging cyber threats, and the innovative measures being taken to combat them. We believe that knowledge is the first line of defense, and our goal is to keep you updated and empowered to navigate the digital landscape with confidence. So, grab a cup of coffee, settle in, and let’s explore the fascinating and ever-changing realm of cybersecurity together.

Here are last week’s news stories ending on May 12th:

Ā 
The News:
  • Boot Guard Keys from MSI Hack Posted, Endangering PCs.
    • Tom’s Hardware highlights a significant security concern as the BootGuard keys for MSI motherboards were leaked online, potentially exposing them to malicious exploitation. This leak could enable attackers to bypass the system’s security measures, compromising the integrity and trustworthiness of affected MSI systems.
  • Netgear Routersā€™ Flaws Expose Users to Malware, Remote Attacks, and Surveillance
    • The Hacker News highlights critical vulnerabilities found in Netgear routers that expose users to remote attacks. The flaws allow threat actors to execute arbitrary code, monitor usersā€™ internet activity, hijack internet connections, emphasizing the need for immediate firmware updates and proactive security measures by Netgear router users.
  • Toyota: Car location data of 2 million customers exposed for ten years
    • BleepingComputer reveals a data breach that exposed the location data of approximately 2 million Toyota customers for a decade. The incident occurred due to a misconfiguration of a cloud environment, potentially allowing unauthorized access to sensitive information such as vehicle tracking and trip history. The article notes that technically no personally identifiable information (PII) was leaked, only the VIN numbers.
  • Bl00dy ransomware gang targets schools via PaperCut flaw
    • TechTarget reports on a ransomware gang known as “Bl00dy” exploiting a vulnerability in the popular print management software, PaperCut MF. The gang specifically targeted schools, encrypting their systems and demanding ransom payments, highlighting the importance of promptly patching vulnerabilities and implementing robust cybersecurity measures in educational institutions.
  • Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested
    • This article from The Hacker News reports on the successful operation carried out by Spanish law enforcement to dismantle a large-scale phishing operation that had illicitly obtained millions of euros from unsuspecting victims. The authorities arrested several individuals involved in the scheme and seized significant assets. This story emphasizes the importance of cybersecurity awareness to prevent falling prey to such scams.

As we conclude this blog entry, we want to leave you with the top three essential ways to secure your home network and protect your digital life.

  1. Update and Patch Regularly: Keep all your devices, including routers, computers, and smart devices, up to date with the latest firmware and software patches. Regular updates often include crucial security fixes that address known vulnerabilities.
  2. Strong Passwords and Network Encryption: Ensure your Wi-Fi network is protected with a strong and unique password. Avoid using default or easily guessable passwords. Additionally, enable encryption, such as WPA2 or WPA3, to safeguard the data transmitted over your network.
  3. Enable Network Firewalls and Guest Networks: Activate the built-in network firewall on your router to filter incoming and outgoing network traffic, adding an extra layer of protection. Moreover, consider setting up a guest network for visitors. This segregates their devices from your main network, minimizing potential risks.

Remember, securing your home network is crucial in today’s interconnected world. By following these three fundamental steps, you significantly reduce the risk of unauthorized access, data breaches, and potential cyber threats.

 

Stay vigilant, stay informed, and continue prioritizing your online security. Thank you for being a part of the Baldwin Public Library Cybersecurity News Blog, and we look forward to sharing more valuable insights with you in the future. Stay safe!

Ā 
Ā 

Here are some top cybersecurity stories for the week ending May 5.
Ā 
The News:
Ā 
Tips for Protecting Personal Information:
Ā 
Ā 
Translate »