Your address will show here +12 34 56 78
Blog

Think your smart phone is safe from hacks? Think again.

This week Apple released iOS 14.4 and iPadOS 14.4 updates after an anonymous researcher discovered a backdoor so that attackers could remotely hack certain iPhones, iPads and iPods.


Apple responded quickly, launching updates. On the company’s support page, Apple outlined two security threats, now fixed in the newest operating system update, version 14.4. Both security threats, Apple said, may have already been exploited.


The company shared that one vulnerability, linked to the web browser rendering engine, WebKit, allows remote hackers access to a device. 


Katie Moussouris, CEO and founder of cybersecurity firm Luta Security, said that means an attacker could control a user’s phone. “You’ve zombified that device,” she said. “You are controlling it from a distance.”


And since the threat is tied to internet browsing, she noted, “Your regular web browsing may cause you to be held compromised, without having to do really much of anything else,” she said. “And that’s a problem.”


According to CBS news, a second security threat Apple outlined involves a “malicious application” that may be able to elevate user privileges. In theory, Moussouris said, a malicious actor could exploit this with an app. “It is possible that a vector could be, almost like a sleeper cell of an app,” she said. “If you’re vulnerable, it tries to exploit it.”


Known as a kernel vulnerability in the industry, “Kernel vulnerabilities, just by their nature are going to be more serious.” Moussouris said, “[The kernel] is part of the brain of the operating system. It’s supposed to be the most protected… For sure, you know this is a serious issue.”


Apple has encouraged iOs and iPadOS users to upgrade their devices. The site’s security update page notes, “Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security.” 


Moussouris said users should update their operating systems as quickly as possible. “The window of exposure for consumers is between that time when a patch is available and when they actually apply that patch,” she said, and noted that Apple doesn’t always make updates automatic. 


“Apple does need to come into a modern age of transparency around security vulnerabilities and make it a lot easier,” Moussouris said, “for the average person to set it and forget it and have a lot more automation.”


If you need assistance with cybersecurity for your business contact MicroPac today.
Image Source: Person Holding Black Ipad · Free Stock Photo (pexels.com)

0

Blog

As COVID-19 drags on and on, cyber attackers continue to exploit vulnerabilities, specifically targeting healthcare institutions.


Using social engineering, hackers target exhausted and overworked healthcare workers. Unfortunately this method is all too successful and it’s why bad actors continue to target people to click on bad links.

So what’s an IT department to do?


Most importantly, using effective tools to discover loaded emails and messages can help protect your business and employees.


Research from Proofpoint’s 2020 Healthcare Threat Landscape report, which reviewed thousands of threat campaigns targeting healthcare organizations in the first half of 2020, found that 77% of those campaigns used a malicious message. And by the summer of 2020, nearly 20 countries were seeing an increase in COVID-19-themed lures.


Cyber-related incidents targeted to the healthcare industry as a whole have dramatically risen. Recently, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and Health and Human Services sent out a red flag on a Ryuk ransomware threat that may be sitting on the networks of more than 400 healthcare institutions. This ransomware, where denotated, has taken down medical systems and caused significant interruptions to patient care.


Unfortunately, healthcare workers have become the first and last line of defense. Healthcare workers who are already at their breaking point. Security tools today need to reflect that by protecting the end-user, on whom attackers are spending most of their time trying to exploit.


Healthcare IT professionals might want to look at solutions that identify and block an inbound email threat before it reaches the inbox and stops outside threats that use their domain to target customers. Also, having an effective email data loss prevention tool helps keep data secure and accessible.


Social media only exacerbates the problem.


Using LinkedIn, Facebook and search engines, hackers can assess people’s profiles and understand how an organization is run. They lay a framework for their attack.


It is crucial to note that socially engineered attacks profile people first, using the victim’s own information against them and helping the hacker to infiltrate the network.


Now that your employees have become the edge of your network, using a security strategy that focuses on protecting people is paramount.


It means employee security awareness training and adopting authentication techniques.


If your business needs help with a cybersecurity solution contact MicroPac for a solution.

0

Blog

2021 is limping in weakly as software vulnerabilities continue to leave companies vulnerable to attack. Understaffed IT professionals are drowning in a sea of patching, reporting and pending attacks.

“Based on vulnerability data, the state of software security remains pretty dismal,” Brian Martin, said vice president of vulnerability intelligence in the Risk Based Security Report (RBS).

“With the pandemic seeing a resurgence in most of the world, it is difficult to predict the exact influence COVID-19 will have on the vulnerability-disclosure landscape,” the RBS report concluded.

Before Covid, IT teams were already under tremendous pressure to keep up with patching due to what RBS has dubbed “vulnerability Fujiwara events.” The term “Fujiwara,” according to RBS researchers, describes the confluence of two hurricanes, which they liken to days like Jan. 14, April 14 and July 14 this last year, when 13 major vendors, including Microsoft and Oracle, all released patches at the same time. RBS said these three vulnerability Fujiwara events in 2020 put massive stress on security teams.

Another issue are major vendors’ regular Patch Tuesday events which are starting to create a type of rolling Vulnerability Fujiwara Effect year-round, RBS added, since the number of patches for each of them have ramped up. With 2020’s December’s Patch Tuesday, for instance, Microsoft’s patch tally totals 1,250 for the year – well beyond 2019’s 840.

Sadly, Microsoft and Oracle lead the Top 50 vendors in the number of reported security vulnerabilities, according to the latest research from Comparitech.

“New software is being released at a faster rate than old software is being deprecated or discontinued,” Comparitech’s Paul Bischoff told Threatpost. “Given that, I think more software vulnerabilities are inevitable. Most of those vulnerabilities are identified and patched before they’re ever exploited in the wild, but more zero days are inevitable as well. Zero days are a much bigger concern than vulnerabilities in general.”


The biggest red flag in software security flaws has been attributed to third-party online software, according to Cyberpion, which has developed a tool to evaluate security holes in entire online ecosystems. Their research shows that 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.

“Software developed for the desktop is fundamentally different than software developed for online,” Cyberpion’s CRO Ran Nahmias told Threatpost. “Desktop software code needs to be secured against a virus for rewriting the code (and the attack occurs on one desktop at a time). Online software has a strong dependency on the infrastructure that hosts, operates and distributes it.

This infrastructure provides a huge attack surface.

“These online infrastructures can get complex, and one misconfiguration anywhere could lead to the code being compromised or modified,” Nahmias said. “Additionally, because the software is centrally located and then serves many customers, a single breach can affect many companies and people (as opposed to the desktop software being infected by a virus which would impact one user).”


What most companies really need are well trained security professionals, but these are hard to come by.

“Aside from the increasing volume of software, the lack of qualified cybersecurity staff contributes to the rise in software vulnerabilities,” he said. “In almost every sector of the economy, cybersecurity personnel are in high demand.”


Unfortunately, software bugs aren’t going anywhere.

“Despite more organizations taking secure development more seriously, and despite more tools available to help find and eliminate vulnerabilities, the amount of disclosed vulnerabilities suggest it hasn’t tipped the scale yet,” Martin added. “We’re hopeful that as more and more news of organizations being breached are taken seriously, and organizations and developers better understand the severity of vulnerable code, that they will make the extra effort to ensure more auditing is done before releasing [software].”

If you need help with securing your network contact us for a consultation.  

Image Source: Person Encoding in Laptop · Free Stock Photo (pexels.com)

Source: https://threatpost.com/record-levels-software-bugs-it-teams-2020/162095/

0

Blog

None of us can go a day anymore without being impacted by Artificial Intelligence (AI). From ordering groceries, to streaming music, and even our wakeup calls on Alexa and Amazon, AI is all around us–our world is run by algorithms. Usually, that is a positive thing — using Siri to tell you how to layer for the climate can make your life easier and even assist with running your household, for example. But does AI pose a security risk to your business?


How can AI impact your business?


At the office, AI can make it possible to connect with your ideal audience, segment groups based on a wide range of factors, build brand recognition, and more. However, there are some risks AI poses to your business.


Risks in the workplace from AI?


While AI can help a business grow it can also lead to new threats:


  1. Information Manipulation: Social media is a great example of this– AI when used inappropriately can be used to manipulate public opinion, pretending to be factual, accurate information when it is at best half-truths. AI can reach almost anyone through social media and other digital channels today to spread propaganda and even alter the fates of entire nations, as well as individual businesses.
  2. Invasion of Privacy: Want to keep a secret from Google? Hide from your phone and Alexa.  More and more, AI is being used to track and analyze people’s online behavior, and this can, in turn, lead to a significant invasion of privacy. A business found to be invading the privacy of its customers or clients through AI would immediately suffer from a dramatic erosion of trust to the point that it might not recover.
  3. Discrimination: AI can track, segment, and store information that allows businesses to make more informed decisions. However, that data may be used to discriminate against certain individuals. For instance, insurance companies might use AI to discriminate against individuals with specific genetic risks, even though they may never develop a particular disease. Employers might discriminate against potential hires based on their social value.
  4. Security: AI has many positives, but it increases exposure to cybersecurity risks. Without the right protection in place, AI could become an open door for hackers, exposing company data or even customer financial and personal information.

 

With the right tools in place to protect your business from intrusions, AI can be a beneficial tool to improve your business. If you have any questions as to how AI can benefit your business, contact Micropac at (866) 535-5887.


Image Source: Grayscale Photo of Human Eye · Free Stock Photo (pexels.com)

0