The Coronavirus outbreak has been spreading national fear, and cyber-criminals have found a way to exploit that. Cyber attacks through emails have been circulating by attackers falsely impersonating a trusted establishment – the World Health Organization. Hackers have created their own email campaign that is feed on public fear. The campaign uses conspiracy and indicates that the email contains information filled with unknown cures for the virus. When the victim presses on the attachment in the email, they are accepting a malware. One campaign even provides a DocuSign page where users enter their personal information in hopes of receiving further information regarding the secret cure. Another method uses a Microsoft Word attachment to redirect users to a fake Microsoft Office website where the World Health Organization name appears to give a sense of credibility.
The U.S Centers for Disease Control and Prevention indicates that the risk for the American Public regarding the Corona virus is quite low. If are afraid your staff is not prepared to handle cyber-security threats, OptfinITy can help keep your data safe. Give us a call at 703-790-0400 or email us at email@example.com
Google was forced to remove 500 malicious Chrome extensions from its web store after it was discovered that many extensions carried malicious ads which siphoned off browsing data to servers being controlled by attackers.
It’s been reported that the extensions were part of an Ad-fraud campaign that’s been operating since January 2019. However, some evidence shows that the actor may have been operating from as early as 2017.
The extensions posed as promotions and advertising services. Unfortunately, this was not the first time Chrome extensions on chrome were caught stealing data from browsers. For now, individuals are cautioned to continue reviewing extension permission, uninstalling extensions not often used or don’t require access to your browser activity.
If you or your business are unsure on how to handle ad-fraud, OptfinITy can help. Call us at (703)790-0400 or contact us at firstname.lastname@example.org for more information.
Last year businesses worldwide lost billions of dollars due to ransomware. This year, however, some ransomware criminals are looking to collect something other than money.
Researchers at Emisoft have discovered a ransomware that demands payment of a different kind – nude photographs. The creator of the ransomware distorts the typical sextortion scam which is to usually ask for payments in order not to post explicit photographs of the victim. Now, the criminal offers up a decryption tool to the victim but only if they send explicit photos of themselves first.
Although the scam is worrisome, the new strain of Ransomware has proven not to be very sophisticated in its execution yet. It is important before turning over sensitive images of yourself to consult a professional before. Thankfully, OptfinITy is equipped to deal with threats of cybercriminals. If you or your organization fear that you are not prepared to deal with these types of security issues attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at email@example.com
In case you missed it, Microsoft released an important security patch as a result of a massive security breach found in Windows 10 Microsoft has admitted that between December 5th – 31st 2019, a security vulnerability inside of internal customer support database was left entirely exposed for anyone to access without requiring a password.
According to researcher Bob Diatchenko, who was the one to discover the vulnerable database, 250 million Costumer Service and Support records which contained endless conversations between Microsoft’s support team and costumers were accessible to just about anyone. Microsoft is still investigating the security breach but it appears none of the information that was potentially available has been used in a malicious way so far. They did, however, begin to inform customers whose data was involved in the breach.
If your organization is not trained to handle misconfigurations in your database, OptfinITy is always ready to help. Contact us at OptfinITy at (703)790-0400 or contact us at firstname.lastname@example.org
Are you still on Windows 7? Microsoft released its final public security updates for Windows 7 earlier this month after more than 10 years. While the final updates seemed routine, Microsoft has now revealed that one is causing wallpaper issues for some Windows 7 users. The bug is yet another embarrassment for Microsoft as the company has recently decided to stop supporting Microsoft 7 but Microsoft is now in the position of informing customers how to get it fixed.
While Microsoft initially said it was working on a Windows 7 fix that would only be available “for organizations who have purchased Windows 7 Extended Security Updates (ESU),” they have changed its mind overnight and now says the fix will be available to everyone running Windows 7 and Windows Server 2008 R2 SP1. Ironically, this now means Microsoft must extend its Windows 7 support to fix the bug it has newly introduced.
If you or your company are experiencing issues with your Windows 7 or 10 updates, OptfinITy can help. Give us a call at 703-790-0400 or email us at email@example.com
On Tuesday January 14, 2020, Microsoft released a very important security patch regarding a massive security vulnerability on Windows 10. Prior to its release, a leading investigative reporter stated there seems to be “an extraordinarily serious security vulnerability” inside of a cryptographic component that is present in Windows 10; originally discovered by the National Security Agency (NSA). This patch is to fix the cryptographic component present in every version of Windows including Windows 7, which is no longer supported. This patch is considered extremely important that the U.S military and high-value internet infrastructure targets were provided access to this patch ahead of time.
So, what does this mean for companies using Windows? If not protected properly, this vulnerability is an exploit that could allow a hacker into your company’s data by tricking your computer into thinking software downloads and programs are trusted programs when they are not. This could allow the attacker to decrypt confidential information on connections affected by the software and have complete access. As advised by Microsoft, all Windows 10 users are asked to apply the Patch as soon as it becomes available to them. (Note: For OptfinITy users, we are taking care of this for our clients)
If you or your company are not prepared to handle this type of sophisticated vulnerability, feel free to contact OptfinITy for a FREE consultation at (703)790-0400 or contact us at firstname.lastname@example.org
The CCPA (California Consumer Privacy ACT) is a new California law which allows residents of California to learn what data companies are collecting about them, as well asrequiring companies to delete their data and not sell it, upon request.
Although the full force of the new privacy law isn’t entirely transparent since regulations are still being finalized, companies outside and inside of California are already taking action to remain complaint so they can continue doing business with California
There is no doubt that this law will have an effect both inside and outside of California.. In the past, companies weren’t legally required to tell you what data they’ve collected of you or how they plan on using it. With the CCPA in force, you’ll be able to ask companies to delete your private information or refrain from selling it. This law will apply to even major tech companies such as Facebook and Google – who already let you delete some of your data off their systems but not in a way where it fully disconnects user from the data it has collected. This new law changes that.
If organizations fail to follow this law, they could be fined up to $2,500 per violation, and up to $7,500 if the violation is found to be intentional. Californians can sue businesses directly even if their data was released through an accidental breach.
This law will also allow users to continue to use free services even if they ask bigger companies not to collect their data. After California’s legislature passed CCPA, several major tech companies told federal lawmakers that they would like to see one privacy law that covers the whole country.
The FBI recently issued a warning to the private industry providing information and guidance on the LockerGoga and MegaCortex Ransomware. LockerGoga and MegaCortex are ransomware infections that target the company by compromising the network and encrypting all devices.
When the network is compromised, the perpetrator be residents of the network for months before they release the LockerGoga or MegaCortex ransome infections. Once the attackers have taken everything of value from the network, they release the infections so that it can encrypt the device on the network and completely take over.
For this reason, the FBI has recommended organizations take the following precautions:
1. Back up data regularly using revisions. Backing up your data regularly, especially with offline and revision based backups eliminates the effects of the threat since you can restore your data.
2.Enable two-factor authentications and encrypt your data with strong passwords to block stolen credentials, phishing attacks, or other login compromises.
3.Businesses are encouraged to audit logs for all remote connection protocols since exposed remote servers are the most common way for attackers to first gain access.
4.Audit all new accounts to make sure no back door accounts are being created.
5.Make sure you are using the most up to date Powershell and uninstall older versions
If you or your organization are not prepared for ransomware attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at email@example.com
Technology over the past year has improved drastically and while this is a great thing as it relates to productivity, it has also meant a rise in security breachesand attacks. Unfortunately, it is not looking much better for 2020. According to recent articles, here are three predictions as it relates to Cybersecurity for 2020:
1. Voting machine hacks
It has been shown that network-attached voting machines can be hacked and with a large presidential election coming up in 2020, this is going to be a major issue. Will machines be breached and votes changed?
2. A massive cloud data breach
For a few years now, everyone has been moving to the cloud because it is represented as elastic, secure and cost-effective. So what happens if a massive breach affects one or many of these major cloud providers? A breach like this may cause a shift regarding how cloud providers handle security.
3. Smarter Al Cybersecurity attacks
AI is revolutionary in the way it solves challenges but what happens when AI is used for nefarious reasons? It is believed that hackers may use AI technology to trick people into installing applications and/or giving up credentials in a much smarter process than exists currently.
Are you worried yet? Is your team trained for this? If you are not sure and need more information, contact PerusITy, the cybersecurity team of OptfinITy.. Give us a call at 703-790-0400 or email us at firstname.lastname@example.org
If you haven’t received an email yet that accuses you of watching porn, it may be arriving soon. A familiar scheme with updated context has been making the rounds lately. The scam involves data from a previous breach which had emails and associated passwords. Assuming the end-user uses passwords across multiple sites, the perpetrator contacts individuals claiming that they have the recipients email password and has installed a malicious malware on their computer which has captured them masturbating while watching porn.
Although the scam may seem convincing since the perpetrator offers the recipient their actual current or former password, it is unlikely that there is malware inside the computer itself. Unfortunately, people who may have in fact gone to such a site (pornography is still a top searched item on the web) may fall for the scam and send money.
Our advice to you is to generally ignore these scams and if you are concerned, talk to your trusted IT provider. If you don’t have one, give OptfinITy a call.