Malicious Android App Infects 100,000

Have you ever downloaded a fun app to your phone that allows you to edit your photo into an avatar, meme, or possibly a cartoon? If so, you probably didn’t even think twice about it. Many of us trust that the Apple Store or Google Play Store has vetted all of the apps for sale and trust that they are safe. Unfortunately, that is not the case, and recently there was an app on the Google Play store that installed malware and stole over 100,000 users’ Facebook passwords. Were you a victim?

Read more

Balancing The Scales of Cybersecurity and Insurance

Small and medium businesses (SMBs) are facing a reckoning now. Insurance companies are forcing many to get proper security measures in place, or they risk not being insured. But how did it come to this? Over the years, cybersecurity insurance has paid out billions in claims from malware and other attacks bringing businesses to their knees. As these attacks became more frequent and more targeted, it became costlier and more likely that insurance companies would have to pay out claims because companies were, and always will be, vulnerable to attack. Insurance companies have introduced a few new tools to lower their risk of paying out on losses due to cybersecurity incidents. And some of these tools have affected how the industry couples cybersecurity and insurance.

Read more

Cyber-Spike: Attacks Hit All-Time High

Researchers found that cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits.

2021 dragged itself to a close under a Log4Shell-induced blitzkrieg. With millions of Log4j-targeted attacks clocking in per hour since the flaw’s discovery last month, there’s been a record-breaking peak of 925 cyberattacks a week per organization globally.

Read more

What is Crypto-jacking?

Crypto-jacking is the unauthorized use of someone else's computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads crypto-mining code on the computer or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim's browser. Either way, the crypto mining code then works in the background as unsuspecting victims use their computers typically. The only sign they might notice is slower performance or lags in execution.

Read more

The Dark Web Uncovered

Picture this: You’re on an e-commerce website you haven’t shopped on before and you’ve got a couple of nice-looking items in your cart—but you’re debating whether or not to hit that shiny “place order” button. The stuff looks good, but you’re not quite convinced yet. So, you decide to do some quick research on the company and its products. 

You read more about the company’s history, and your heart swells when you learn that the company got its start when its three founders were only teenagers (what entrepreneurship!). They seem to have a pretty solid business model, and no major red flags are jumping out as you hop around the site a bit more. 

Read more

How to Defend Against Credential Stuffing

Credential Stuffing was our topic last week. If you missed it, here is the link. We discussed what it is, the steps hackers take, and how likely you are to be a victim. Other than not reusing passwords, we did not cover how to prevent falling victim to one of the most common attacks. Let’s look at how to stay safe from a credential stuffing attack.

Read more

What is Credential Stuffing?

There are so many keywords and topics when it comes to cybersecurity that it is hard to keep everything straight. We hear about hacks, phishing, breach, ransomware, malicious emails, as well as so many more. One topic you may not hear often is Credential stuffing. Credential stuffing is the automated insertion of stolen username and password pairs (“credentials”) into website login forms to fraudulently gain access to user accounts. Credential Stuffing is a subset of the brute force attack category. Brute forcing will attempt to try multiple passwords against one or multiple accounts, guessing a password, in other words. Credential Stuffing typically refers to specifically using known (breached) username/password pairs against other websites.

Read more

Recent Posts

20 Critical Questions You Must Ask Before Hiring any IT Company