Malwarebytes releases State of Malware report
Growth in attacks designed to obfuscate access and purpose should put organizations on alert as cybercriminals gain control over endpoints to do just about anything they want.
The most dangerous cyberattack is the one you don’t know about.
That’s exactly what cybercriminals are focusing on, according to Malwarebytes’ 2019 State of Malware report. If an attack can either run completely in stealth, or simply hide their true intention, in many ways, they’ve already won.
According to the report, two very specific types of attacks are on the rise from 2017 to 2018:
Trojans saw a 132% increase
Backdoors saw a 173% increase
Trojans and backdoors
Malwarebytes defines each of these separately. Trojans are programs "that claim to perform one function but actually do another", with Backdoors defined as "a type ... Read More
Why Is Ransomware a Threat?
Ransomware is a big problem for businesses because it can lock up important files and demand money to unlock them. These attacks are becoming more common, so it's important to know how to protect your business. See https://youtu.be/PBQsk_yGUJI to learn what gets stolen in a ransomware attack.
Steps to Protect Your Business
Here are some simple steps to help keep your business safe:
Train Employees: Teach your employees how to spot fake emails that might contain viruses. This can help stop ransomware before it starts.
Update Software: Make sure all your computer programs are up to date. This can help protect against known problems that hackers might try to use.
Control Access: Only let people who really need it access important files. This can help stop ... Read More
Scammers use Google Translate to create spoof login pages
A clever use of Google Translate fools victims into believing spoofed authentication requests are being handled by Google itself.
Compromising credentials are the number one staple in any cybercriminal’s book of activities, according to the Verizon Data Breach Investigation’s Report. A new phishing scam uses Google Translate to hide spoof logon pages when asking a user for their Google credentials. The user is sent a supposed Google Security Alert about a new device accessing their Google account with a “Consult the Activity” button to find out more.
The user is then taken to a spoofed Google logon page (shown below).
Random text in the URL
The kicker is that instead of seeing the mediacity.co URL, the cybercriminals use Google Translate to display the page, ... Read More
AI Disclosure necessity
I added a global AI disclosure to my website. You should too. My disclosure is
Some content here is generated by AI. The views expressed are the author's opinion and not legal advice. The author is not a lawyer. You are an adult and responsible for anything you do.
Why you should disclose AI usage too
As a content creator (we are all content creators, BTW), you might be wondering why you should include AI disclosure statements in anything you publish. Here are five reasons:
Build Trust and Transparency. With an open AI disclosure, you build trust with your audience. When you inform them that some content comes from AI, you demonstrate transparency in your creative process, which strengthens your relationship with readers.
Embrace Ethical Responsibility. Open ... Read More
Tic Tac Toe on Perplexity.ai
Have you ever wanted to take a break from your daily routine and engage in a quick game of Tic Tac Toe? Well, now you can do just that on Perplexity.ai! This classic game, loved by many for its simplicity and strategic depth, is now available for you to enjoy at https://perplexity.ai.
Fun for young and old
Playing Tic Tac Toe on Perplexity is not only easy but also a great way to challenge your mind. Whether you’re waiting for an appointment or just need a fun distraction, this game allows you to jump right in and start playing against the AI. The interface is user-friendly, making it accessible for players of all ages. You can choose to play as either "X" or ... Read More
What Is a Disaster Recovery Plan?
A disaster recovery plan is a plan that helps a business get back on its feet after something bad happens. This could be a natural disaster like a flood or a cyberattack like ransomware. Having a plan means the business can keep working and not lose too much money or important information. You are not isolated. You are a target. See https://youtu.be/JR0eKrQhbV8.
What Should Be in Your Plan?
Here are some important things to include in a disaster recovery plan:
Identify Risks: Think about what kinds of problems your business might face. This could be things like cyberattacks or natural disasters.
Back Up Data: Make sure you have copies of important files stored in a safe place. This way, if something happens, you can ... Read More
Scammers using hijacked GoDaddy domains to launch large-scale spam campaigns
GoDaddy took steps in January, 2019 to address the authentication flaw exploited by the attackers, according to Brian Krebs. Krebs first reported on the authentication weakness on January 22nd, when he outlined two massive spam campaigns during 2018 that were very successful at getting into people’s inboxes. Their success was due to the fact that the emails were sent through trusted but dormant domains, many of which were registered and owned by Fortune 500 companies.
Anti-spam researcher Ron Guilmette discovered that nearly all of these domains had used GoDaddy’s DNS service at some point. The scammers had realized that they could add domains to their GoDaddy accounts without proving that they owned the domains. GoDaddy quickly addressed the ... Read More
The Rising Threat of Ransomware
In recent years, ransomware attacks have emerged as one of the most significant cybersecurity threats to businesses worldwide. These attacks involve malicious software that encrypts a victim's files. This renders them inaccessible until a ransom is paid to the attacker. The financial and operational disruptions caused by ransomware can be severe, often leading to significant data loss, reputational damage, and costly downtime. I introduced the concept at https://youtu.be/qTk4I67no7s.
Lessons from Notorious Attacks
One of the most notorious attacks was the WannaCry outbreak in 2017, which affected hundreds of thousands of computers across the globe. This incident served as a wake-up call for businesses. It highlighted the critical need for robust cybersecurity measures and a comprehensive disaster recovery plan. To protect your business from ... Read More
European-level GPDR becomes California law in CCPA
Governor Brown signed into law California Assembly Bill 375, the California Consumer Privacy Act of 2018 (CCPA) in June, 2018. The law is new in the United States. It applies European-level compliance obligations akin to the now infamous General Data Protection Regulation (GDPR). The CCPA law takes effect on January 1, 2020.
What CCPA means for organizations doing business in California
CCPA includes new disclosure requirements, consumer rights, training obligations, and potential penalties for noncompliance, among other things.
Below are some of the key provisions:
Right to Transparency – Similar to the GDPR, the law creates a right to transparency regarding personal information. The law defines personal information very broadly, also like the EU definition, to include information that identifies, relates to, describes, is capable of being associated with, or could ... Read More
Social engineering on Wikipedia
Social engineering scammers are selectively editing Wikipedia pages. These lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye banking Trojan was changed in mid-December to include a typo-ridden paragraph which claims that only three tech companies can remove the malware, and that “Best buy, Geek squad, Office Depo will not be able to fix it at all.” <sic>
VandenBrink says that the scammer made these edits to convince victims that “only we can help you fix this (fake of course) infection you have on your computer.” The edit history of the Wikipedia user who made the changes shows that the account made similar edits to the “Macro virus” Wikipedia page, ... Read More