Blog

While "vishing" is by no means a new threat, it's not something that has ever happened with sufficient frequency to get most people's attention. So, if you haven't heard the term before, you're not alone. "Vishing" is short for voicemail phishing, and it is apparently on the rise based on data collected by the security firm Zscaler. Attackers are specifically targeting tech firms and US military installations. No actual voice mails are involved, which is interesting.  What the [...]

Read more

Data security isn't something that's at the forefront of most people's minds, but it probably should be.  These days, we use far more than just our trusty laptops and desktops to do real, meaningful work.  Most people have a plethora of devices they tap into on a regular basis and take with them wherever they go. From smart phones to smart watches and more, the average person has no less than four different devices they can and often do use to get stuff done. How safe are [...]

Read more

Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent shockwaves through the entire world. Well, it's back. In a way. While this new side-channel attack isn't identical, it's similar enough that the researchers who discovered it gave it a similar sounding name:  Hertzbleed.  It allows remote attackers to pilfer full cryptographic keys by[...]

Read more

If you grew up in the days before the internet, it's absolutely staggering to think of all the ways that mobile technology has changed our lives (and mostly for the better). Remember when you had to pay for long distance telephone calls?  That's mostly a thing of the past.  In under a minute, you can install any number of messenger apps, most of which offer VOIP capabilities and make calls to just about anywhere for nothing. Today's youngsters might not believe this, but [...]

Read more

These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies not only spend heavily on antivirus software, but also on a wide range of tools that IT security professionals can leverage to intercept attacks "at the gates" and prevent attackers from ever breaching their defenses. Further, many companies will engage with third-party specialists to [...]

Read more

Top quality talent can be difficult to find in any field, if you have spent any time looking for and hiring people, you know the challenge can be an especially daunting one.  There's tremendous competition for talented folks. Given the cost of hiring and training new people, it's something you want to get right the first time as often as possible. The question is: how? The good news is that there are multiple things you can do to take the guesswork out of the equation. The [...]

Read more

Do you receive healthcare of any kind from Kaiser Permanente?  If so, be aware that they recently published a data breach notification indicating that an unidentified attacker accessed an email account that contained personal health information on April 5th, 2022. Based on the investigation to this point, it appears that sensitive health information belonging to more than 69,000 individuals was exposed.  For context, Kaiser Permanente provides a wide range of health care [...]

Read more

According to research conducted by the cybersecurity firm PIXM, there is a massive phishing campaign that peaked in April and May of this year (2022) and it is still ongoing. The campaign has lured millions of unsuspecting users to phishing pages by abusing Facebook and Facebook Messenger and tricking users into entering their account credentials. Worse, the hackers then used those credentials to send additional phishing messages to friends of the affected users, luring them in as [...]

Read more

Researchers at HP have discovered a new malware loader that they've dubbed SVCReady.  While new malware strains are common, this one is distinct for a couple of different reasons. Like many malicious programs, this spreads primarily via phishing email campaigns.  One way that this new strain differs however, is the fact that the malware is loaded onto the target machine via specially crafted Word documents attached to the email. The idea is that these Word documents [...]

Read more

It's never a good thing when well-organized groups of hackers start working together, but that's what appears to be happening. Recently, evidence has emerged that the Black Basta ransomware gang has begun tight-knit cooperation with the infamous QBot malware operation. They share the specific goal of inflicting maximum damage on corporate targets. While many different groups make use of QBot for initial infection, Black Basta's use is somewhat different. The group is leveraging it to [...]

Read more