This week, medical information continues to be an easy target for hackers, a major Australian university loses control of student data, and phishing scams become increasingly difficult to defend.
Read More
This week, malware infects POS systems of US fast-food chain, ransomware continues to impact local governments, and a phishing scam tricks Office 365 users.
Read More
So you’ve been breached. Now what? Once the dust has settled use it as a learning opportunity & tune up your cybersecurity plan. We can help.
Read More
This week, the tech unicorn Canva endures a significant data breach, local government agencies are under attack, and Canada sees a spike in malicious emails.
Read More
This week, hackers continue to phish for patient data from US healthcare providers, a British police website goes down, and Australians see a spike in credential stuffing attacks.
Read More
This week, a global accounting firm is afflicted by a malware attack, more media companies are brought down by ransomware, and Magecart makes another appearance in an online store.
Read More
The benefits of moving your business to the Cloud have become crystal clear in recent years. It allows you to empower your aging IT infrastructure, integrate your existing tools seamlessly, scale as your organization grows and work anywhere on any device. However, as is often the case, convenience comes at a cost to security. Cloud services are no exception. In fact, the Cybersecurity and Infrastructure Security Agency (CISA) has released an Analysis Report after having conducted interviews with customers who used third-party partners to migrate their email services to O365. It found that these organizations had a mix of configurations that lowered their overall security posture and led to user and mailbox compromises and vulnerabilities. Here is what you need to know about the risks involved in transitioning to O365 and other cloud services. Default settings = Defeated settings CISA found that multi-factor authentication for administrator accounts was not enabled by default by either the customer or third-party integrator. Azure Active Directory (AD) Global Administrators in an O365 environment have the highest level of administrator privileges at the tenant level. This is equivalent to the Domain Administrator in an on-premises AD environment. The Azure AD Global Administrator accounts are the first accounts created so that administrators can begin configuring their tenant and eventually migrate their users. Multi-factor authentication (MFA) is not enabled by default for these accounts. These accounts are exposed to internet access because they are based in the cloud. If the password has been compromised on the Dark Web or elsewhere, these cloud-based accounts could allow an attacker to maintain a constant presence in a customer’s critical O365 services from the very start of migration – essentially giving them the keys to the kingdom. Solution: Ensure that multi-factor authentication is enabled from the beginning of your migration to the cloud. If you are unsure how to do this, a reliable Managed Service Provider will be able to implement this step. Think Before You Sync Azure AD Connect integrates on-premises environments (non-cloud) with Azure AD when customers migrate to O365 (cloud). This technology provides the capability to create Azure AD identities from on-premises AD identities (or to match previously created Azure AD identities with on-premises AD identities). The on-premises identities then become the authoritative identities in the cloud. In order to match identities, the AD identity needs to match certain attributes. If matched, the Azure AD identity is flagged as on-premises managed. Therefore, it is possible to create an AD identity that matches an administrator in Azure AD and create an account on-premises with the same username. One of the authentication options for Azure AD is “Password Sync.” If this option is enabled, the password from on-premises overwrites the password in Azure AD. In this particular situation, if the on-premises AD identity is compromised, then an attacker could move laterally to the cloud when the sync occurs. Solution: Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users. A knowledgeable Managed Service Provider will be able to guide you through proper implementation of this precautionary measure. Just Following (Legacy) Protocol? Azure AD is the authentication method that O365 uses to authenticate with Exchange Online, which provides email services. It is important to keep in mind that there are several protocols associated with Exchange Online authentication that do not support modern authentication methods with multi-factor authentication features (such as POP3, IMAP and SMTP). Legacy protocols are used with older email clients and can be disabled at the tenant level or at the user level. However, if your organization requires older email clients as a business necessity, these protocols will not be disabled. This leaves email accounts exposed to the internet with only the username and password as the primary authentication method. Given the rampant exposure of credentials on Dark Web markets and elsewhere, a breach is highly likely to follow. Solution: One approach to mitigate this issue is to inventory users who still require the use of a legacy email client and legacy email protocols. Using Azure AD Conditional Access policies can help reduce the number of users who have the ability to use risky legacy protocol authentication methods. Taking this step will greatly reduce the attack surface for organizations. Again, an experienced Managed Service Provider will be able to ensure that your business is using the proper protocols. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.
Read More
This week, software companies are put under siege by ransomware, computer viruses infect Austrian construction company, and a flaw in Google Chrome may lead to phishing scams.
Read More
The future of community organizing or the latest flagrant violation of online privacy? That’s the debate currently raging over the Bernie Sanders presidential campaign’s roll-out of its new “BERN” application. The campaign positions it as a new organizing tool that assists volunteers in tracking potential supporters – permitting them to log the name and background of anyone they talk to: from friends and family members to complete strangers on the street. But skeptics argue that the database of personal information could open non-supporters up to harassment. While a sizable proportion of the data the app requests is publicly available for savvy political operatives who know where to look, critics say that having the data neatly compiled — while not giving people a way to opt out of it — presents online and offline safety concerns. So how did this hotly debated application expose private information of up to 150,000,000 American voters? It seems that an error in the app’s source code caused personal voter identification numbers to be exposed for several hours before ultimately being corrected. Visitors to the website could simply use the F12 Developer Tools shortcut to inspect HTML elements, displaying results like this: (personal information redacted to protect user privacy) Defenders of the application note that information like this has long been accessible by campaigns through the use of CRM tools like NGP VAN and others. However, opponents argue that there are some important caveats. Traditionally, campaign staff using the above tools are limited to data about the precincts they work in, data packets are coded, and personnel are monitored – the BERN app contained no such restrictions. Publishing voter files online is illegal in every state – and for good reason. In some states, voter ID numbers are identical to other identifying numbers like those found on Driver’s Licenses or Social Security cards. This is deeply troubling as hackers and criminals could use these legitimate records to make counterfeit IDs and subsequently use them to open bank accounts and commit other types of fraud. Setting aside critical identifiers like Social Security numbers, the exposed information such as a user’s age, residence, gender, zip code and other “banal” data can be cross-referenced with personal records already compromised on the Dark Web. For example, a cybercriminal typically purchases stolen credit card information on the Dark Web for less than $10 per record. To carry out an online purchase, a hacker would have to know your address and ZIP code – and thanks to the BERN leak, this information is already out there. For in-store purchases, a hacker could simply clone your credit card and, in the rare case that a store associate asks for a photo ID, use the Driver’s License number found on BERN to create a convincing and scannable counterfeit ID. (sample Dark Web advertisement for stolen credit card information) So how do you protect yourself from becoming a victim of identity theft? Organizations have proved time and time again that they are unable to ensure complete security of your personal information; therefore, it would benefit private citizens to enroll in an Identity Monitoring service. By enlisting the help of a trusted provider, online users can monitor their credit cards, driver’s license, Social Security number, medical records and even their passwords – and be alerted when they are for sale on the Dark Web, the world’s largest marketplace for stolen information. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.
Read More
This week, employee phishing runs rampant, ransomware brings an airport offline, an NBA team’s online store leaks credit card information, and another Dark Web marketplace takes a dive.
Read More