Bill's Picks
This section has to do with current trends in cyber security. Our President, Bill Palisano
hand selects articles he thinks are pertinent to read and understand every few weeks. Keeping
up with this section will enable you to stay informed and current so that you never find
yourself without the tools to secure your information.
“The AI Act” – A step closer to the first law on Artificial Intelligence
[Posted:
2023-05-25 ]
Okay, this article references European law. But, trust me – this is pretty fascinating, as they define “High Risk AI” and “Prohibited AI”. A very interesting read!
https://www.dataprotectionreport.com/2023/05/the-ai-act-a-step-closer-to-the-first-law-on-artificial-intelligence/
What are 5 top cloud data storage risks?
[Posted:
2023-05-25 ]
Storing data in a cloud repository makes good sense and has many benefits. However, any decision to migrate important data to a cloud service brings some risks. Whether it's data loss, a lack of privacy or cyber attacks, storage administrators must consider cloud data storage risks carefully before a migration. Admins should regularly review these risks during and after a cloud storage installation. Data confidentiality, integrity and availability are critical.
https://www.techtarget.com/searchstorage/answer/What-are-top-cloud-data-storage-risks
Why cyber resilience matters for SMBs and how to achieve it
[Posted:
2023-05-25 ]
Organizations live in a world of elevated threat levels, determined malicious actors, and expansive attack surfaces. In this context, it can be difficult especially for smaller businesses to optimize their use of digital technologies without exposing themselves to excessive cyber risk. So what’s the answer? While no silver bullet, cyber resilience is an increasingly popular strategy. When done right it can help organizations continue business as usual even during attacks and then rapidly adapt and recover without imperilling business operations.
https://blog.barracuda.com/2023/05/22/why-cyber-resilience-matters-smbs/
LTO Tape Capacity Shipments Set Another New Record
[Posted:
2023-05-25 ]
LTO tape capacity shipments reached another record in 2022, outperforming alternative storage technologies that experienced declines," said Bruno Hald, General Manager, Secondary Storage, Quantum. "Both hyperscale and enterprise customers continue to value LTO tape as low cost, secure, and green data storage for data protection and archiving.
https://finance.yahoo.com/news/lto-tape-capacity-shipments-set-130400608.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cubHRvLm9yZy8&guce_referrer_sig=AQAAALSDdIEXQHoPsKKyy_aW2dY6Ysi_Ir2JDoRsyX74ScUGyQ_IUMBjKFFf0J9UNQBBig7-25sv870rhfTkufd6fHuiqupOohZGI67e55LNdGUgK0Z-UKJBbpYx97rmFuCiXYBt98AJJStrHJwIr7h-0MkvRarLvtQZcf5wrEgzzzeP
GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace
[Posted:
2023-05-25 ]
Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them. This problem, called ransomware, explains why keeping backups is so important. Hijackers’ demands lose power when you can just recover your operations from backups. Cyberattacks can also lead to a loss of productivity. When your team can’t do their work because they don’t have access to the systems or these are unavailable, everything gets delayed and projects fall behind. Finally, don’t forget the bad press that results for businesses when they are hacked. This isn’t the kind of exposure you want for your brand.
https://www.lastwatchdog.com/guest-essay-a-roadmap-for-wisely-tightening-cybersecurity-in-the-modern-workplace/
New ransomware trends in 2023
[Posted:
2023-05-25 ]
Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M attempted ransomware attacks which was 20% more than in 2021 (61.7M). Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted.
https://securelist.com/new-ransomware-trends-in-2023/109660/
Report: 2023 spear-phishing trends
[Posted:
2023-05-25 ]
Cybercriminals continue to barrage organizations with targeted spear-phishing attacks, and many companies are struggling to keep up. In fact, Barracuda market research finds that 50% of surveyed organizations were victims of spear phishing in 2022 — and 24% had at least one email account compromised through account takeover. Barracuda looks at this and other key findings in the new report, 2023 spear-phishing trends.
https://blog.barracuda.com/2023/05/24/2023-spear-phishing-trends/
Advice from the ISACA Ransomware Response Checklist
[Posted:
2023-05-25 ]
A decade ago, most companies realized that being hit with a data breach was inevitable—the well-known “when, not if” statement drove that idea home. The time has come to make a similar realization about
ransomware. Tenacious cybercrime rings and the easy availability of ransomware toolkits, as well as the financial rewards, are why ransomware attacks are increasing.
https://securityboulevard.com/2023/05/advice-from-the-isaca-ransomware-response-checklist/
'GhostToken' Opens Google Accounts to Permanent Infection
[Posted:
2023-04-26 ]
A security vulnerability in Google's Cloud Platform (GCP) could have allowed cyberattackers to hide an unremovable, malicious application inside a victim's Google account, dooming the account to a state of permanent, undetectable infection…
https://www.darkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infection
Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines
[Posted:
2023-04-26 ]
According to cybersecurity vendor Vade’s Q1 2023 Phishing and Malware Report, the number of phishing attacks in Q1 this year reached the highest total since 2018. While January represented the lion’s share of Q1 phishing volume (approximately 87%), Vade detected over 562 million phishing emails. This substantial push in January was not without its own trends. According to Vade, the use of malware declined by 13% from the same period last year, representing around 52 million detected instances…
https://blog.knowbe4.com/phishing-email-volume-doubles
Using the iPhone Recovery Key to Lock Owners Out of Their iPhones
[Posted:
2023-04-26 ]
This a good example of a security feature that can sometimes harm security: Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password. iPhone thieves with your passcode can flip on the recovery key and lock you out. And if you already have the recovery key enabled, they can easily generate a new one, which also locks you out. Apple’s policy gives users virtually no way back into their accounts without that recovery key. For now, a stolen iPhone could mean devastating personal losses…
https://www.schneier.com/blog/archives/2023/04/using-the-iphone-recovery-key-to-lock-owners-out-of-their-iphones.html
Major US CFPB Data Breach Caused by Employee
[Posted:
2023-04-26 ]
The Consumer Financial Protection Bureau (CFPB), an agency of the US government that protects consumers in the financial sector, announced that an employee committed a major breach in emailing the personal information of 256,000 consumers to a personal email account…
https://economictimes.indiatimes.com/small-biz/security-tech/security/cyber-security-pitfalls-and-how-negligence-can-be-expensive-for-msmes/articleshow/99508822.cms
Information Security vs Cyber Security: The Difference
[Posted:
2023-04-26 ]
You’ll often see the terms cyber security and information security used interchangeably. That’s because, in their most basic forms, they refer to the same thing: the confidentiality, integrity and availability of information. But there’s a crucial difference between them that affects the way your organisation operates. In this blog, we explain what information security and cyber security are, the differences between them and how they fit into your data protection practices…
https://economictimes.indiatimes.com/small-biz/security-tech/security/cyber-security-pitfalls-and-how-negligence-can-be-expensive-for-msmes/articleshow/99508822.cms
Cyber security pitfalls and how negligence can be expensive for SMEs
[Posted:
2023-04-26 ]
Micro, Small and Medium Enterprises (MSMEs) form the cornerstone of the economy. But new companies entering the digital economy to expand their business can also become an easy target for malicious cyber criminals who can exploit critical vulnerabilities in their IT systems to launch attacks that can cripple their operations. Because smaller businesses cannot afford to invest in sophisticated cybersecurity systems, they are more vulnerable to spam and phishing scams, distributed denial-of-service (DDoS) attacks, ransomware threats or a corporate account takeover (CATO).
https://economictimes.indiatimes.com/small-biz/security-tech/security/cyber-security-pitfalls-and-how-negligence-can-be-expensive-for-msmes/articleshow/99508822.cms
IT Security Pros Optimistic Despite High Ransomware Hit Rate, Report Finds
[Posted:
2023-04-26 ]
Nearly 80% of ransomware victims faced up to three additional threats unless they paid the ransom during 2022, according to a new report from CyberEdge Group, a research and marketing firm. However, 2023 could be different, according to data from CyberEdge’s newly released, 10th annual Cyberthreat Defense Report. According to the findings from a survey of 1,200 IT security decision makers and practitioners worldwide, the percentage of survey respondents who believe it’s more likely than not that their employers will be victimized by a successful cyberattack this year declined for the first time in six years, dropping from 76% to 72%. In addition, their overall concern about cyber threats ticked down with the percentage of organizations experiencing at least one successful attack in 2022 (85%) declined for the second consecutive year.
https://www.axios.com/2023/04/07/company-boards-sec-cybersecurity
Company boards are bracing for new SEC cybersecurity regulations
[Posted:
2023-04-26 ]
Driving the news: Publicly traded companies have spent the last year bracing for a proposed Securities and Exchange Commission rule that would require private companies to publicly report cyber incidents within four business days and detail companies' policies for responding. The rule, proposed last year, would also require an annual report on corporate boards' cybersecurity expertise. The SEC declined to comment on when the final rule is expected to be published.
https://www.axios.com/2023/04/07/company-boards-sec-cybersecurity
How an Ex-US Military & NSA Agent doing ‘Contract Work’ in Middle East, for a US Company (vetted by the US Gov’t) is almost compromised to Spy on American Citizens
[Posted:
2023-04-05 ]
Okay, this is a bit different than most of my picks. But after hearing this story, felt it is definitely share-worthy. The intelligence industry can certainly be a slippery slope. Even for ‘the good guys’...
https://darknetdiaries.com/transcript/47/
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022
[Posted:
2023-04-05 ]
Hackers continue to target zero-day vulnerabilities in malicious campaigns, with researchers reporting that 55 zero-days were actively exploited in 2022, most targeting Microsoft, Google, and Apple products. Most of these vulnerabilities (53 out of 55) enabled the attacker to either gain elevated privileges or perform remote code execution on vulnerable devices.
https://www.bleepingcomputer.com/news/security/hackers-mostly-targeted-microsoft-google-apple-zero-days-in-2022/
Healthcare Most Hit by Ransomware Last Year, FBI Finds
[Posted:
2023-04-05 ]
Healthcare and public health bore the brunt of ransomware attacks on critical infrastructure sectors launched during the last year, says the FBI. Critical manufacturing and the government, including schools, followed healthcare as the most-attacked sectors, IC3 data shows. The top strain of observed ransomware was LockBit, followed by BlackCat and Hive, IC3 found. Ransomware incident response firm Coveware and cryptocurrency intelligence firm Chainalysis last month reported that blockchain analysis revealed a notable decline of 40% in the dollar volume of ransoms being paid to criminals.
https://www.bankinfosecurity.com/healthcare-most-hit-by-ransomware-last-year-fbi-finds-a-21315
THE TOP 5 NEW SOCIAL ENGINEERING ATTACKS IN 2023
[Posted:
2023-04-05 ]
Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves.
https://blog.isc2.org/isc2_blog/2023/02/the-top-5-new-social-engineering-attacks-in-2023-.html
CRYPTO SCAMMERS GAME YOUTUBE FOR AMPLIFICATION WHILE KEEPING UNDER RADAR, RESEARCHERS FIND
[Posted:
2023-04-05 ]
Not even a pyramid scheme – they just convince people to give away their money. A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the video platform’s safety team, researchers at WithSecure have said.
https://blog.isc2.org/isc2_blog/2023/02/crypto-scammers-game-youtube.html
US FTC Seeks Information on Cloud Provider Cybersecurity
[Posted:
2023-04-05 ]
The global shift into cloud computing may come under increased scrutiny by U.S. regulators following an announcement by the U.S. Federal Trade Commission that it is studying cloud industry market dynamics, including potential security risks.
https://www.bankinfosecurity.com/us-ftc-seeks-information-on-cloud-provider-cybersecurity-a-21494
Google Suspends Chinese App Following Malware Discovery
[Posted:
2023-04-05 ]
Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. In a statement on Tuesday, Google said it took action to block the installation of Pinduoduo on Android devices and that it would scan smartphones for malicious versions through its Google Play Protect service. Google's action hasn't stopped Android app stores run by Huawei, Xiaomi and others from offering the app, reported the South China Morning Post. Google Play is blocked in China.
https://www.bankinfosecurity.com/google-suspends-chinese-app-following-malware-discovery-a-21492
Veeam Backup & Replication (Vulnerability) Exploit
[Posted:
2023-04-05 ]
This weakness could ultimately enable an attacker to gain access to hosts and devices managed by the Veeam Backup server. With access to the open TCP port 9401, any individual could obtain credentials and potentially move laterally throughout the network with the newly exposed username and passwords.
https://www.huntress.com/blog/veeam-backup-replication-cve-2023-27532-response
Preservation or Deletion: Archiving and Accessing the Dataverse
[Posted:
2023-04-05 ]
John Monroe, a long-time storage industry expert and Gartner analyst, recently published a new report entitled “Preservation or Deletion: Archiving and Accessing the Dataverse”. This new report looks at likely growth rates of new enterprise capacity shipments required to store the ever-expanding “dataverse” and manage the swelling installed base of enterprise-grade SSD, HDD and tape media from 2023 to 2030. The findings and conclusions in John’s report clearly suggest that the status quo in storage strategies is not sustainable.
https://datastorage-na.fujifilm.com/preservation-or-deletion-archiving-and-accessing-the-dataverse-new-report-by-john-monroe-of-furthur-market-research/
