INFORMATION TECHNOLOGY FOR SMBs

Our blog articles archive includes it security tips, cybersecurity alerts, state of IT reports, and tips on information technology for small and medium size businesses.

Security breach confirmed by Microsoft

Equifax Has Spent Nearly $1.4 Billion on Data Breach Costs

Equifax has incurred losses so far of over $1.35bn from a devastating 2017 breach which affected more than half of all Americans and millions of UK consumers, the firm revealed in its latest financials. The credit agency claimed in its Q1 2019 earnings statement that the figure “related to the incident, incremental technology and data security costs, and an accrual for losses associated with legal proceedings and investigations.” The firm has recouped the maximum possible $125m, minus $7.5m, from an

Read More »
Ransomware Report

WannaCry Remains a Global Threat Two Years On

WannaCry ransomware remains a global threat two years on from the initial outbreak of the attack in May 2017. That’s according to new analysis from Malwarebytes, which discovered that a total of 4,826,682 WannaCry detections have been identified since the malware variant first wreaked havoc. Although WannaCry variants detections have been subdued since the global kill switch was activated, they have far from disappeared. Malwarebytes’ research showed that Eastern countries are most at risk from WannaCry; the majority of detections

Read More »

SMS Spammers Expose 80 Million Records Online

SMS Spammers Expose 80 Million Records Online The administrators of an SMS spam operation left an unsecured MongoDB instance wide open online, exposing over 80 million records linked to their ‘leads,’ according to researchers. Bob Diachenko revealed the discovery in a blog post late last week, claiming the MongoDB instance was named “ApexSMS” and left without password protection. “Upon further research it was identified that the MongoDB instance name ApexSMS is also the name of an SMS Bombing program with

Read More »
Office 356 Attacks

Increased Office 365 Account Attacks

According to released information from Barracuda Networks, Microsoft Office 365 account takeover attacks are one of the most prevalent email attacks for the Office 365 platform. Barracuda states that approximately 29% of Organizations on Office 365 have had at least one account compromised by a bad actor. Account Takeover An Office 365 account takeover attack generally begins with social-engineering tactics to lure email recipients to a phishing website in which the email account credentials are entered. Once the account is

Read More »

Vulnerabilities Fallout: Not all fixed by Recent Microsoft Patch Releases

In a past month, Microsoft  has released patches for over 70 vulnerabilities in its products. The company has been under the fire from users and system administrators for quite some time. The pressure was following the stream of vulnerabilities, including two of a zero-day type flaws. The zero-day vulnerabilities are still being actively exploited in the cyber world. They should be a top priority for every sysadmin. The 15 updates include fixes for 74 unique Common Vulnerabilities and Exposures (CVE)

Read More »

PHI of 350,000 DHS Clients Compromised in Phishing Attack in Oregon

The Oregon DHS recently disclosed that the personal health information (PHI) of over 350,000 clients had been compromised in data breach. A phishing URL embedded into the spear-phishing email was clicked by nine employees, resulting in granting cybercriminals the access mailboxes of nearly 2 million of employee accounts. On January 28, Oregon DHS confirmed that clients PHI had been accessible to unauthorized persons. Further unauthorized access to the compromised mailboxes was halted, but it could not yet be verified if

Read More »

Home Office Error to Blame for Windrush Privacy Incident

In UK, The Home Office has apologized after an “administrative error” led to the personal details of hundreds of historic migrants being exposed. Around 500 private email addresses were accidentally shared with other applicants of a government compensation scheme for the so-called “Windrush” generation. Although around half a million migrants came to the UK between 1948 and 1971, many children did not have travel documents as they were travelling on parents’ passports. That became a problem when then home secretary Theresa

Read More »

Fake Malware Tricks Radiologists Diagnosing Cancer

With the use of deep learning, researchers Yisroel Mirsky, Tom Mahler, Ilan Shelef and Yuval Elovici at Cyber Security Labs at Ben-Gurion University demonstrated in a video proof of concept (PoC) that an attacker could fool three expert radiologists by falsifying CT scans, inserting or removing lung cancer, the Washington Post reported. “In 2018, clinics and hospitals were hit with numerous cyber attacks leading to significant data breaches and interruptions in medical services,” the researchers wrote. “Attackers can alter 3D medical

Read More »

9 in 10 Critical Infrastructure Providers Damaged by Cyber-Attacks

Some 90% of critical infrastructure (CNI) providers claim that their IT/OT environment has been damaged by a cyber-attack over the past two years, according to a new Ponemon Institute report. Sponsored by security vendor Tenable, the Cybersecurity in Operational Technology: 7 Insights You Need to Know report features responses from 701 firms that run industrial control systems (ICS) and operational technology (OT). Some 62% claimed they had suffered two or more damaging cyber-attacks over the previous two years, resulting in

Read More »

Advanced Phishing Threat: malicious emails posing as Adobe Acrobat or Microsoft Office365 message

We have received numerous reports and examples today of an advanced phishing email being used to harvest Office365 credentials. The email is sent through a compromised account of an individual that is familiar, such as a colleague, business partner, vendor, etc. The attacker gets your email address from the compromised mailbox and then sends you an email with an attachment. The HTML attachment contains a ‘Review Document’ button that takes you to a fake Office365 login page. As indicated, if

Read More »

Albany Works Through Impact of Ransomware

City officials in Albany, New York, have been working for several days in an effort to restore the city’s systems after it became the latest municipality to be hit with a ransomware attack. Mayor Kathy Sheehan announced the ransomware attack via social media on March 30, and today the mayor’s office released an availability update alerting citizens that marriage licenses and marriage certificates are available at the city clerk’s office. All other city services continue to be available to the

Read More »

IT Security and Cyber Insurance – Working Hand-in-Hand

Protecting your organization, large or small, from cyber attacks rests to a great extent on the IT security infrastructure and processes that are in place and managed by in-house and/or outsourced IT professionals. It is interesting to note that more than half of all cyber attacks are directed at small and mid-sized businesses. According to 451 Research, in 2019, small and medium businesses are increasing their cybersecurity budgets by 14% to better secure their data.  No matter how sophisticated IT

Read More »