You are here

Home » Cybersecurity

Cybersecurity

Recent Swatting Attacks Targeting Camera and Voice-Capable Smart Devices

The FBI has issued a Public Service Announcement (PSA) warning users of smart home device with cameras and voice capabilities to use complex, unique passwords and enable two-factor authentication to help protect against “swatting” attacks. Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out these attacks.

Microsoft and McAfee Part of New Ransomware Task Force

A group made up of 19 security firms, tech companies, and non-profits, headlined by big names such as Microsoft and McAfee, have announced plans to form the Ransomware Task Force (RTF), a new group that will focus on assessing existing technical solutions that provide protections during a ransomware attack. The end result should be a standardized framework for dealing with ransomware attacks across verticals, one based on an industry consensus rather than individual advice received from lone contractors.

Ransomware Prevention for Businesses

The Federal Trade Commission (FTC) has posted a blog with tips for preventing ransomware infections at businesses. The blog begins with an overview of ransomware, reminding its readers that attacks aren’t just directed at large corporations and adding, “every company is a potential target.” After going through a list of steps to take to protect against ransomware, the blog addresses the potentially tricky question of whether to pay. On this, it notes that, for one thing, paying the ransom doesn’t guarantee the victim will get their data back.

Widespread Malware Campaign Seeks to Silently Inject Ads into Search Results, Affecting Multiple Browsers

Microsoft has discovered that a persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers, including Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox.

Risks Associated with Edge Computing in 5G Networks

Today the Cybersecurity and Infrastructure Security Agency (CISA) released a Critical Infrastructure Security and Resilience Note, Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks, to inform stakeholders about the risks of untrusted components within 5G networks. This product is intended to provide an overview of edge computing and represents CISA’s analysis of the risks associated with installation of untrusted components into 5G infrastructure.

New NIST Guides for Securing Data Integrity against Ransomware Attacks

The National Institute of Standards and Technology (NIST) has released two new guides to help address data integrity challenges poses by ransomware attacks and other “destructive” events, which include destructive malware. Organizations can use the first guide, SP 1800-25, to develop a strategy for identifying and protecting assets against one of these events.

Security Awareness – Recent Microsoft 365 Phishing Campaign

Attackers are convincingly mimicking the ‘microsoft[.]com’ domain in a recent phishing campaign. In spite of Microsoft’s reported lack of email spoofing protection mechanisms such as DMARC (Domain-based Message Authentication, Reporting and Conformance), users need to be vigilant for emails appearing to come from Microsoft using a relatively new Microsoft 365 capability to review quarantined messages as a pretext to trick users into following the offered link.

Pages

Subscribe to Cybersecurity