Archive

Hackers are increasingly adopting practices that legitimate business owners will immediately recognize. Recently, a new PhaaS (Phishing as a Service) operation has surfaced that specifically targets major banks. These banks include Bank of America, Wells Fargo, Citibank, Capital One, PNC, US Bank, Lloyds Bank, Santander, and the Commonwealth Bank of Australia. Snarkily named "Robin Banks," the service also offers templates to steal T-Mobile, Netflix, Google, and Microsoft accounts.[...]

Read more

There's a new threat to be aware of if you own an android device.  Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem. Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into either calling or sending an SMS to a premium number. In this case, however, the scheme doesn't work over WiFi so it forces the device the user is on to connect to the[...]

Read more

If you haven't heard of DuckDuckGo, it's a tiny browser that only gets a fraction of the traffic that Google does. If we're being honest, it gets only a fraction of the web traffic that Bing does.  The search engine does have some pluck though and bills itself as the engine of choice for those who value their privacy. In fact, blocking trackers is DuckDuckGo's main selling point. It is the overriding reason that those who use the tiny search engine don't simply go somewhere else.[...]

Read more

If you eat out or are in the habit of ordering take-out on a regular basis, be aware. Recently, a large, well-organized web-skimming campaign has been uncovered that allowed hackers to swipe the payment card details for more than 300 restaurants, impacting more than 50,000 customers. Web-skimmers are sometimes called Magecart malware and they are bits of JavaScript that collects credit card data when shoppers enter their card data on the checkout page on an online payment portal. [...]

Read more

Researchers at Defiant authored the popular Wordfence security solution for WordPress users and they have detected a massive campaign that has seen hackers actively scanning for websites employing the Kaswara Modern WPBakery Page Builder plugin. The plugin was recently abandoned by the creative team behind it before receiving a patch for a critical security flaw. The flaw, tracked as CVE-2021-24284 would allow an attacker to inject a malicious Javascript into any site using any [...]

Read more

According to ongoing research by Group-IB, a massive phishing campaign is currently underway. This is a campaign that has impacted no less than 130 organizations across a broad range of industries. These include but are not limited to professional recruiting firms and companies connected to finance and technology. Some of the companies targeted include giants in their respective fields such as: TTEC Best Buy HubSpot Evernote Riot Games AT&T Epic Games [...]

Read more

Do you make use of the "MyChart" portal to refill prescriptions, contact your healthcare providers or make appointments? If so, you should know that recently, the healthcare giant Novant disclosed a data breach that impacted more than 1.3 million patients.  Impacted patients had their personal information collected by a Meta Pixel ad tracking script. Meta Pixel, which was formerly known as Facebook Pixel, is a mostly innocuous tracking script used by Facebook advertisers to track[...]

Read more

Twilio is the Cloud Communications Company. They are the latest to fall victim to a data breach. The company recently disclosed that some of its customer data was accessed by unknown attackers who gained access to the system by stealing employee login credentials via an SMS phishing attack, known as 'Smishing,' for short. The company's disclosure reads in part as follows: "On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of [...]

Read more

Researchers at Lumen's Black Lotus Labs recently spotted evidence of a highly sophisticated and tightly targeted campaign aimed at SOHO (small office/home office) routers across both Europe and North America. Based on the evidence the team has collected thus far, their conclusion is that the unidentified actor must be state sponsored. This is because garden variety hackers do not typically have the tools, techniques, and procedures in place to pull off the kinds of attacks that the [...]

Read more

The more efficient you are, the more effective you are.  That's true whether you're working from the office or from home. Fortunately, most office environments lend themselves to being efficient, so there's probably not much you need to do on that front. So, the tips below are aimed mostly at those who are working from home. Having said that, if you want to try and squeeze out a bit more efficiency from your office setup, you can certainly apply these ideas there too! 1 - A [...]

Read more