This week’s cybersecurity headlines are proof that vulnerabilities should be patched the moment they are reported. Here are the top headlines this week that re-emphasize the need to heed security warnings by law enforcement.
Scandinavian Hotel Chain-Nordic Choice Has The Hardest Time Checking Guest In
Having caused much disruption in Ireland’s Health Service Executive (HSE) and the US-based Broward County Public Schools, the Conti ransomware group has now targeted a Scandinavian hotel chain. While the hotel – Nordic Choice, has no plans to negotiate with the attackers, it suspects a theft of its guests’ personally identifiable information (PII). As a result of the attack, guests are also struggling to check in because the reservations system at over 200 Nordic Choice locations remains affected. All procedures related to check-in, new room key creation, check-out, etc., were affected, which compelled the hotel staff to escort guests to their rooms.
Email services will not be outdated anytime soon as most businesses still prefer it to be their primary means of communication. However, as 4.6 billion people will be using emails by 2025, there is an alarming rise in email impersonation attacks and email security risks. In a single case in Colombia, $8 million was compromised by malicious actors in a recent example of an impersonation attack.
Malicious actors target Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) as attack points for malware delivery. Attacks on distribution networks have increased in frequency in recent times. The reward to any attempt that successfully infiltrates a Managed Service Provider (MSP) far surpasses the cost of the incident. Attackers install ransomware on various networks and devices after exploiting vulnerabilities in email services and systems managed by MSPs. Several managed service providers have lately acknowledged becoming victims of targeted ransomware attacks.
The cyber realm has progressed much over the last week; here is the compilation of the top cybersecurity headlines from the past seven days.
UK Government Passes New Cybersecurity Bill
The general notion among consumers of electronic goods today is that a seller or manufacturer does a good job of ensuring their security from cyberattacks. More often than not, this isn’t true. Of late, cyber adversaries have been intruding into netizens’ private and public spaces – right from attacks on their organizational networks to home systems such as smart TVs, CCTVs, baby monitors, etc. The United Kingdom government has implemented the Product Security and Telecommunications Infrastructure (PSTI) Bill as a corrective measure. The PSTI bill mandates all manufacturers and sellers of IoT devices to abide by cybersecurity protocols and protect the privacy of Britons.
Designing a successful email marketing campaign takes time and strategy. While it is imperative to partner with an established email marketing vendor, you cannot possibly overlook email security. As an enterprise head, you might be focusing on intensifying your digital footprint by working on your email list and leads. Amidst all these responsibilities, it’s easy to ignore online threats from malicious actors. While most established email marketing vendors offer anti-phishing services and ransomware protection, you need to guard yourself against other modes of attacks too. To craft a better experience on your digital journey, you need to know the best practices while selecting your email marketing vendor.
Cyber adversaries’ ways of intruding into private networks only seem to be evolving. The best way to stay ahead of them is to invest time and resources in acquiring the right cybersecurity tools. Here are this week’s top cyber news headlines to help the pursuit of creating safe cyberspace for all.
Malicious actors reportedly attacked the Federal Bureau of Investigation (FBI) mail system Saturday (November 13, 2021) morning, ostensibly as a DHS warning of a cyberattack. The FBI confirmed that attackers compromised its mail servers and sent out bogus messages. Despite spending millions to ensure cybersecurity, the FBI’s network has been compromised. The attackers could have used the emails for spear phishing and ransomware attacks but instead outlined how recipients avoid cybercrimes. They used a compromised server to send spam, warning that someone could steal their data.
Threat actors continue to launch cyber attacks on organizations around the world. This week’s headlines cover some of these, among other cyber news.
If You Have The SoSafe App, Then This Should Interest You
Pakistan-based threat actors running the GravityRAT remote access trojan have recently developed a chat application called SoSafe chat which spreads malware under the disguise of a ‘safe messaging platform.’ Cybersecurity experts say that the malware is currently targeting high-profile individuals from India. Although the download link and registration for this malicious site remain un-operational, it is very much online.
Cyber threats of various kinds are rising, but as businesses and individuals become aware of the lurking dangers, cybercriminals are coming up with increasingly sophisticated methods. In a recent cyber attack, threat actors accessed customer support systems and stole data, including names and emails of 2 million Robinhood customers. After the attack on Robinhood Markets was discovered, the platform admitted that the attacker stole the client data by tricking a customer support employee.
Maintaining email security remains a challenge, especially when threat actors are so particular about sustaining their malicious activities despite law enforcement penalizing them. Here are the latest cyber headlines this week to guide you through the never-ending hunt for cyber offenders.
I’m here to provide you a quick but thorough overview of the tenant migration process, and hopefully this will answer the majority of your questions.
The core issue is that the same domain name cannot exist really in two different accounts at the same time. The examples we have on the screen, Microsoft or Google Workplace are just two of those examples, but you can use this on any hosted email system that doesn’t allow you to have multiple domains attached to multiple accounts.
While cyber adversaries aspire to rob netizens of their credentials and monetary assets, much progress is also occurring in the cybersecurity realm. This week’s headlines highlight some significant cybersecurity measures that organizations are adopting to tackle the menace of cyber attacks.
Email masking is a technique that alters an email address to protect the actual email from misuse. Email masking can help protect an organization’s email address and that of thousands of its customers. A masked email address retains its original format and cannot be traced back to the actual address.
The bygone week has been eventful in the cybersecurity realm. Here are the major cyber updates from across the globe
Unknown Threat Actor Exploits Vulnerability in BillQuick Web Suite
BillQuick Web Suite is a popular US-based billing system developed by BQE Software and has over 400,000 users globally. Unfortunately, it was targeted by a critical SQL injection bug recently deployed by an unidentified ransomware group. The vulnerability has been dubbed CVE-2021-42258 and allows adversaries to gain initial access to customers’ BillQuick data and infect the windows server with malicious commands. All the adversaries need to do is make login requests using invalid characters.
Autodiscover, a Microsoft Exchange protocol, now has a vulnerability that miscreants can exploit, according to a security firm that discovered the loophole as part of their email security research efforts. If anyone uses the vulnerability, they can access sensitive credentials from the Exchange-connected client, in a threat akin to spear phishing. These sensitive credentials are Windows domain credentials that can authenticate Exchange servers. And malicious actors using the vulnerability for their nefarious activities can be a nightmare to any organization.
The pandemic has fueled the use of online applications and services. And even malicious actors are well aware of it, who continue to launch cyberattacks to rob you of your information or monetary assets. This week’s headlines cover how a group of cyber adversaries conned people over a dating app in South Africa, among other significant cyber developments worldwide.
While website security tools secure the data that passes from server to browser, email security tools prevent unauthorized access to email accounts, content, and communications. In general, the safety of email servers tends to be limited to problems with messaging and the application of security measures that have more to do with anti-virus and anti-spam protection. If a business is dependent solely on a platform such as Gmail or MS Outlook, it does not need to focus on protecting email servers. However, when one decides to implement and maintain a dedicated email server, one must employ spam protection, phishing protection, ransomware protection, and other advanced safeguards against email threats.
Cybersecurity is an important aspect determining the smooth functioning of an organization. The following headlines from the bygone week indicate just how essential adopting cybersecurity tools are
Email is the most effective digital communication tool, and valid email addresses are paramount for email marketing. Roughly 320 billion emails are sent every day, but many emails land in the wrong inboxes due to incorrect email addresses. Some emails are not delivered because a false email address is provided while subscribing. This unintentional error makes it difficult for email marketers to reach those customers. The number of email users is set to grow to 4.6 billion by 2025. However, despite the high number of email users, reaching inboxes has become more complicated than before. In such a scenario, email validation is the key to a higher degree of email engagement.
This week’s cybersecurity headlines have had significant updates related to recent acquisitions, patches, and adversary actions. Here are the most important of those cyber news headlines:
Apache Fixes Severe Vulnerabilities
In an abundance of caution, Apache has released patches for two cybersecurity vulnerabilities in its HTTP server. Adversaries actively exploited the vulnerabilities related to path traversal and file disclosure until 29th September, when Apache discovered the same in Apache HTTP Server 2.4.49.
