This week’s updates would tell you why it is crucial to patch vulnerabilities in your applications if you’re a business owner, and similarly, why it is essential to have the latest versions of these applications and software installed for the end-users. Here are the weekly cyber headlines.
The education sector is often a lucrative and easy target for malicious actors as they provide various access points and vast volumes of data. Moreover, the student body often keeps changing, making it difficult to train them in email security. A successful cyber-attack can damage the brand name and cause a substantial financial impact. Hence, maintaining a robust email security posture is essential to provide adequate protection for students and staff from email threats and attacks. This article looks at the various email security threats the educational sector faces and steps to prevent them.
The first week of the year is not without cybersecurity updates, and we bring to you the most relevant of these security headlines. Here are the updates from this past week.
Supply Chain Attacks Target Real Estate Websites
Supply chain attacks are known to sabotage organizational networks, and these attacks have increased late. The most recent targets of these attacks are real estate websites. Popular real estate listing website Sotheby’s was a victim of a supply chain attack where attackers deployed a skimmer on the cloud video platform it uses – Brightcove. Consequently, all videos projected on its website (via Brightcove video player) were infected. All websites importing real estate property videos from Sotheby also had their websites compromised by the payment card details stealing skimmer. Interestingly, this scam has been ongoing for a year and has only recently come to light.
One more year is over, and there is no respite from cybercrimes across the globe yet. It is a never-ending battle, and 2022 opens up yet another chapter in the cybersecurity space. Ransomware attacks continued to cause havoc for businesses in 2021, along with the infamous attacks, such as the SolarWinds hack and the Log4j vulnerability. This article examines the cybersecurity and email security trends to watch out for in 2022. (more…)
Here are the top cybersecurity headlines this week to help you understand what’s going on in the cyber world and how you can plan to strengthen your organization’s security posture in 2022.
K-12 Cybersecurity Act Becomes Law
US President Joe Biden recently signed the K-12 Cybersecurity Act into law which will add to the efforts at strengthening the cybersecurity of the K-12 educational institutions. The newly passed law will require the CISA director to analyze the cybersecurity risks facing K-12 schools within 120 days of the act being passed. The CISA director will also have to explore the possible cybersecurity challenges faced by these K-12 schools, including securing information systems, implementing cybersecurity protocols, and protecting sensitive employee and student and employee data.
Cybersecurity threats and data breaches will be among the most significant predicaments enterprises face in 2022. Below is an examination of the most critical data breaches of 2021 and a few areas where you should concentrate your efforts to defend yourself from such risks as you move into the new year. (more…)
The global managed services market is expected to hit $274 billion by 2026. With over 40,000 operational managed service providers (MSPs) in the US alone, there can be intense competition among providers at times. If you are an MSP business or plan to offer managed email security, this article discusses some crucial aspects of managed service offerings to help you do a profitable business.
The Christmas holidays are a fragile period in the world of cybersecurity. Many organizations undergo unfortunate cyber incidents during this time, and the simplest way to avoid such instances is to learn from the mistakes of others. Here are the top cybersecurity headlines the world over to help you plan your cyber moves better.
A zero-day vulnerability was recently detected in the popular logging library, Apache Log4j. Such an attack on your organization would enable the perpetrators to remotely carry out a complete code execution. While you must have already invested in anti-phishing services and other solutions, you need to consult professional IT teams to keep your digital assets secure from such new forms of cyber threats, too.
This week’s major cyber news headlines reflect the cybersecurity warnings being circulated ahead of the Christmas holidays and a host of other significant updates. Here are the most important of those security updates.
Imperva Reports a Surge in Web Application Attacks
Renowned security vendor Imperva recently released a cybersecurity analysis report highlighting that there have been over 4.7 million web application attacks since October 2019. Imperva’s findings reveal that web-app attacks are increasing by 22% every quarter. Data breaches in the UK have increased significantly because of the rising attacks on businesses (increased by 250% between October 2019 and the present day).
Microsoft Exchange Server primarily helps organizations send, receive, and store organizational email messages. However, there are many more functions that Microsoft Exchange Server provides to its users. It is deployed on the Windows Server Operating System and is primarily used for business purposes.
A few of the leading collaborative features are calendaring and integrating with other Microsoft applications. Microsoft Exchange Server is widely used by organizations around the world, which makes it highly vulnerable to malicious actors, who are always on the lookout to exploit one vulnerability or another. For instance, earlier this year, Chinese threat actors were reported to exploit vulnerabilities of the Exchange Server to attack organizations throughout the United States that were using Exchange Server for their email operations or other activities.
On Friday December 10, 2021 we observed the announcement of the unknown zero day vulnerability (CVE-2021-44228) for the commonly used logging library for Java-based software called log4j.
DuoCircle uses the Log4j in AWS ElasticSearch for our email message logging service. Amazon has issued a patch for the service and it has been applied to our system.
As a security measure, our team has conducted a full impact assessment since the vulnerability was initially documented, and we have found other component or service offered by DuoCircle to be affected.
Components analyzed and identified as secure:
Applications, RESTful APIs, API Gateways
DuoCircle Web (Public Website)
DuoCircle Support (Freshdesk)
Backup Services (AWS Backup, AWS S3)
At this moment there are no additional components that were identified as vulnerable to the exploit.
We are constantly monitoring the response of security researchers to observe the further discovery of this vulnerability and others that may arrive. Further updates will be posted on this page as necessary.
This week’s cybersecurity headlines are proof that vulnerabilities should be patched the moment they are reported. Here are the top headlines this week that re-emphasize the need to heed security warnings by law enforcement.
Scandinavian Hotel Chain-Nordic Choice Has The Hardest Time Checking Guest In
Having caused much disruption in Ireland’s Health Service Executive (HSE) and the US-based Broward County Public Schools, the Conti ransomware group has now targeted a Scandinavian hotel chain. While the hotel – Nordic Choice, has no plans to negotiate with the attackers, it suspects a theft of its guests’ personally identifiable information (PII). As a result of the attack, guests are also struggling to check in because the reservations system at over 200 Nordic Choice locations remains affected. All procedures related to check-in, new room key creation, check-out, etc., were affected, which compelled the hotel staff to escort guests to their rooms.
Email services will not be outdated anytime soon as most businesses still prefer it to be their primary means of communication. However, as 4.6 billion people will be using emails by 2025, there is an alarming rise in email impersonation attacks and email security risks. In a single case in Colombia, $8 million was compromised by malicious actors in a recent example of an impersonation attack.
Malicious actors target Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) as attack points for malware delivery. Attacks on distribution networks have increased in frequency in recent times. The reward to any attempt that successfully infiltrates a Managed Service Provider (MSP) far surpasses the cost of the incident. Attackers install ransomware on various networks and devices after exploiting vulnerabilities in email services and systems managed by MSPs. Several managed service providers have lately acknowledged becoming victims of targeted ransomware attacks.
The cyber realm has progressed much over the last week; here is the compilation of the top cybersecurity headlines from the past seven days.
UK Government Passes New Cybersecurity Bill
The general notion among consumers of electronic goods today is that a seller or manufacturer does a good job of ensuring their security from cyberattacks. More often than not, this isn’t true. Of late, cyber adversaries have been intruding into netizens’ private and public spaces – right from attacks on their organizational networks to home systems such as smart TVs, CCTVs, baby monitors, etc. The United Kingdom government has implemented the Product Security and Telecommunications Infrastructure (PSTI) Bill as a corrective measure. The PSTI bill mandates all manufacturers and sellers of IoT devices to abide by cybersecurity protocols and protect the privacy of Britons.
Designing a successful email marketing campaign takes time and strategy. While it is imperative to partner with an established email marketing vendor, you cannot possibly overlook email security. As an enterprise head, you might be focusing on intensifying your digital footprint by working on your email list and leads. Amidst all these responsibilities, it’s easy to ignore online threats from malicious actors. While most established email marketing vendors offer anti-phishing services and ransomware protection, you need to guard yourself against other modes of attacks too. To craft a better experience on your digital journey, you need to know the best practices while selecting your email marketing vendor. (more…)
Cyber adversaries’ ways of intruding into private networks only seem to be evolving. The best way to stay ahead of them is to invest time and resources in acquiring the right cybersecurity tools. Here are this week’s top cyber news headlines to help the pursuit of creating safe cyberspace for all.
Malicious actors reportedly attacked the Federal Bureau of Investigation (FBI) mail system Saturday (November 13, 2021) morning, ostensibly as a DHS warning of a cyberattack. The FBI confirmed that attackers compromised its mail servers and sent out bogus messages. Despite spending millions to ensure cybersecurity, the FBI’s network has been compromised. The attackers could have used the emails for spear phishing and ransomware attacks but instead outlined how recipients avoid cybercrimes. They used a compromised server to send spam, warning that someone could steal their data.
Threat actors continue to launch cyber attacks on organizations around the world. This week’s headlines cover some of these, among other cyber news.
If You Have The SoSafe App, Then This Should Interest You
Pakistan-based threat actors running the GravityRAT remote access trojan have recently developed a chat application called SoSafe chat which spreads malware under the disguise of a ‘safe messaging platform.’ Cybersecurity experts say that the malware is currently targeting high-profile individuals from India. Although the download link and registration for this malicious site remain un-operational, it is very much online.
