United States Improves Critical Infrastructure Security

  United States Improves Critical Infrastructure Security by Passing Five Bills The cyber security incident that recently affected Colonial Pipeline showed the extreme need to protect our critical infrastructure.  Ransomware successfully hindered the delivery of fuel to a large portion of the East Coast.  Colonial Pipelines and other critical infrastructure could prevent cyber security incidents with enhanced security that prepares themselves for the imminent attacks.  Finally, the United States House Committee on Homeland Security recently passed five bills to increase cyber defenses for United State organizations and critical infrastructure.   Why Attack Critical Infrastructure? People and organizations not only depend on critical infrastructure, they need the critical infrastructure.  These organizations… Read More

Continue Reading

Hacking Group Stops Oil Pipeline and Breaks 45% of the United States Oil Supply

    Hacking Group Stops Oil Pipeline and Breaks 45% of the United States Oil Supply When you hear about a cyber attack, generally you assume that some sort of IT infrastructure suffered damage.  Your assumptions might include servers, web applications, or even the business processes that those systems support.  However, ransomware disables the largest pipeline in the United States in a recent attack.  This attack goes to show that as cyber attacks evolve, the cyber world can be used to inflict damage on the physical world and its infrastructure.   The Victim On May 7, 2021, the Colonial Pipeline suffered a ransomware attack that brought the pipeline’s operations to… Read More

Continue Reading

What is Penetration Testing and Why Do You Need It?

    What is Penetration Testing and Why Do You Need It? Across all your systems, applications, and software on your network lay vulnerabilities. Malicious attackers can exploit vulnerabilities and serious damage.  These vulnerabilities can lead to data loss, system downtime, financial loss, malware, and even ransomware.   Most of the time, organizations can easily remediate these vulnerabilities; however, if you do not know of their existence, how can you fix it?   What is Penetration Testing Penetration Testing is a practice conducted on systems in order to find exploitable vulnerabilities.  By finding vulnerabilities, organizations can stay proactive in their security stance.  With the knowledge and understanding of the exploitable… Read More

Continue Reading

Quick! Update Your iPhone and iPad!

  Quick! Update Your iPhone and iPad! These days, your smartphones and tablets are more of extra ligaments rather than just simply devices. Monday, Apple quickly released a security update for their iPhone and iPad product lines. Furthermore, if you happen to own either an iPhone, iPad, or Apple Watch you should immediately run updates in order to install the latest security patches.  Do you need to update your iPhone, iPad, and Watch?   What Apple devices are affected? Apple released iOS version 14.5.1,iPadOS 14.5.1, and watchOS 7.4.1 on Monday.  In addition, this update comes just a week after they released versions 14.5.  The purpose of releasing this quick update… Read More

Continue Reading

A Week in Security: REvil Extortion, RDP Stolen Credentials, Geico Breach, and Chrome Exploits

  A Week in Security: REvil Extortion, RDP Stolen Credentials, Geico Breach, and Chrome Exploits As we approach the weekend, let us look back at this past week at the top cyber security news.  This week in cyber security, REvil attempted to extort Apple using their stolen data.  Additionally, UAS leaked 1.3 million Windows RDP logins for sale on their marketplace.  Also in other news, Geico suffered a data breach that exposed some of their customers’ sensitive data and Google rushed to fix several zero-day exploits in Chrome.   REvil Attempts to Extort Apple Early in the week, the threat group REvil, known for their successful ransomware campaigns and living… Read More

Continue Reading

1.3 Million Windows RDP Logins Stolen and Sold on Dark Web

    1.3 Million Windows RDP Logins Stolen and Sold on Dark Web   Remote Desktop Protocol (RDP) is one of the most widely used services to remotely control other systems.  However, when left open, the system is vulnerable to complete remote control to whomever decides to access it.  Essentially, it is like the hacker is sitting right in front of the mouse and keyboard controlling the system.  Now imagine the extent and potential impact 1.3 million windows RDP logins stolen and being sold on the dark web.   The Dark Web Marketplace The actor behind the leak is known as Ultimate Anonymity Services, or UAS.  UAS is a very… Read More

Continue Reading

Half a Billion LinkedIn Accounts Are Being Sold Online

  Half a Billion LinkedIn Accounts Are Being Sold Online When setting up a LinkedIn account, you enter certain information regarding yourself such as an email address, birthday, schooling, work experience.  This information and platform allows you to network with others like yourself.  However, even though this information you enter can be publicly accessible, attackers can still find a way to profit or exploit social engineering attacks using it.  Recently, over half a billion LinkedIn accounts are being sold online after attackers scraped and compiled the data.   The Attack Attackers posted personal data, scraped from over 500 million LinkedIn profiles for sale.  To prove that they were successful in… Read More

Continue Reading

The Second Largest Ransomware Attack In History

  The Second Largest Ransomware Attack In History   Suffering from a ransomware attack can be devastating in itself.  Operations and systems become disabled, workflow stops, not to mention the financial loss and exfiltration of your sensitive data.  Companies are usually the high value targets because of the huge financial gain an attacker can achieve.  However, local townships and schools generally do not possess the greatest security countermeasures, making them easy pickings.  Recently, the Broward County Public School system became the victim of the second largest ransomware attack in history.   Broward County Public School System Located in Florida, the Broward County Public School (BCPS) is the second largest school… Read More

Continue Reading

BYOB? What about BYOD?

BYOB? What about BYOD? Generally, no company ever lets employees bring in their own beer, but what about their own devices?  The IT field consistently debates whether or not an employee should be permitted to use their own personal devices or be mandated to those provided by their employers.  In the scheme of things, security concerns battle the increased productivity and money saved, however, as the world becomes more tech-oriented, how will workplaces respond to BYOD?   Cost-Benefit Analysis First and foremost, BYOD policies create an annual cost savings opportunity for businesses.  For small businesses struggling through recent times, saving any amount of money can greatly help the business’s mission. … Read More

Continue Reading

What is a Sim Swapping Attack?

  What is  a Sim Swapping Attack?   You just set up multi-factor authentication (MFA) to further protect your online bank account.  Success! No one else can log into your bank accounts without your phone…right?  By performing a Sim Swapping attack, can gain access to your MFA,   Sim Swapping Attack Through exploiting social engineering, attackers perform sim swapping attacks.  An attacker contacts the victim’s wireless phone service provider (AT&T, Verizon, T-Mobile, etc.),  and then proceeds to convince, sometimes bribe, or even trick them into believing the attacker is the authentic user. Now, the attacker can request to assign your phone number to a new sim card or phone.  These… Read More

Continue Reading