Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Ransomware: How To Lose Your Business In 24 Hours

Great insightful story about ransomware and how it can hurt you.

In 2013, 72% of data breaches analysed world-wide were at companies with 100 or fewer employees

Average cost of cybercrime rises by 200% in just five years

Cybercrime keeps growing and becoming more expensive for companies to deal with. These numbers are staggering and there doesn’t seem to be any end in sight.

Cybercrime is costing the global economy up to $450 billion annually, a new report by Hamilton Place Strategies reveals.
The document finds that the median cost of cybercrime has actually increased by approximately 200% in the last five years alone, and that it is very likely to continue in that vein

A Skeleton Key of Unknown Strength

A new vulnerability has been discovered that’s present in a shocking amount of devices. It’s not clear what the exploit landscape looks like yet for this bug, but it may be the most widely distributed vulnerability of all time.

We’ve investigated the DNS lookup path, which requires the glibc exploit to survive traversing one of the millions of DNS caches dotted across the Internet.  We’ve found that it is neither trivial to squeeze the glibc flaw through common name servers, nor is it trivial to prove such a feat is impossible.  The vast majority of potentially affected systems require this attack path to function, and we just don’t know yet if it can.  Our belief is that we’re likely to end up with attacks that work sometimes, and we’re probably going to end up hardening DNS caches against them with intent rather than accident.  We’re likely not going to apply network level DNS length limits because that breaks things in catastrophic and hard to predict ways.

Adding Up The Total Costs of Ransomware

If you’ve got ransomware on your systems, it can get really expensive. The Hollywood Presbyterian Medical Center had to pay $17,000 in Bitcoins just to get rid of it.

Hollywood Presbyterian had $974,387,384 in revenue and $20,979,948 in net income for 2015. If we divide both figures by 365 days we see that the hospital takes in roughly $2.7 million in revenue and generates $57,479 of net income per day. It was noted in several reports that long delays were experienced by patients and that medical information was being shared via phone and fax between doctors.

Trend of ransom payoffs to unlock malware from ‘electronic stickups’ troubles law enforcement

More shocking ransomware news. It’s more widespread than we think. And businesses have to pay a lot to get rid of it. This is not a good scenario.

Often, businesses conclude paying the ransom is the quickest and most efficient way to get their data back.
“People don’t like to talk about it. It’s happening across all industries, banking, small businesses and other places,” said Phil Lieberman, a cybersecurity consultant.

It’s Here. New Ransomware Hidden In Infected Word Files

Another ransomware strain has been found. This particular one comes in an old form that computer security experts hadn’t seen much for years.

There is a new ransomware strain somewhat amateurishly called “Locky”, but this is professional grade malware. The major headache is that this flavor starts out with a Microsoft Word attachment which has malicious macros in it, making it hard to filter out. Over 400,000 workstations were infected in just a few hours, data from Palo Alto Networks shows.

The battle of the reboot

If you download a new security patch, you need to reboot your computer to install it. Unfortunately, many people neglect to do the second step for way too long – leaving their systems vulnerable to attack.

Windows computers must be rebooted to complete the patch installations. And because a reboot takes the computer out of service for a few minutes, it causes downtime. And when that system is dependent on other systems, or vice versa, rebooting can cause a chain reaction that cripples critical software services. So in fact, the simple act of rebooting a computer to complete the patch installations is the hardest part of the job.

Mega Mess: Records Escape from Disposal Truck

A cyber attack isn’t the only way to lose customer data. You can also just drop it on the street.

“During transport, a small quantity of records were released on Fowler Street in Fort Myers, Florida,” the statement says. “This incident resulted from the condition of the container used by Lee County Solid Waste Division to transport the records and the Lee County driver’s failure to properly secure the container door.”

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Stay safe with our Facebook cheat sheet

Everybody uses Facebook. But not everybody uses it securely. Here are some good tips on keeping your Facebook time as safe as possible.

Studies have shown that although 92% of internet users worry about their online privacy, only 29% have taken steps to change their privacy settings to ensure greater protection on social networking sites.

The Phishie Awards: (Dis)Honoring The Best Of The Worst Phishing Attacks

Phishing attacks are one of the biggest threat on the internet. It’s a scam anyone can fall for. Here are some of the most cunning, most dangerous and most creative phishing attacks out there.

These days, the social engineer’s favorite tool isn’t the smile; it’s the humble phishing message.

It’s a very adaptable piece of kit. It can deliver any manner of malicious payloads, as attachments, embedded objects, or links. It can be customized to lure in any kind of game — from John Q. Public to John Q. White House Ambassador. It can be used as part of attacks to steal data, steal money, or steal secrets.

Samsung warns customers not to discuss personal information in front of smart TVs

Just when you thought you were safe, you find out that your TV might be spying on you! If you have a “smart TV” – definitely read this.

Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets.

CTO Perspectives: Why do Security Professionals need Threat Intelligence

As eliminating threats becomes more and more difficult, it becomes more and more important to realize the danger you might be in in your technology environment.

Many factors influence relevancy. Is the threat source known? Is the target known? Are the protocols or behaviors being used by the threat in use in your environment? Does the threat discriminate or does it apply techniques that can broadly apply to many different environments?

Skimmers Hijack ATM Network Cables

A scary new technique to hide ATM skimmers. To stay safe make sure you ALWAYS use a first party ATM.

“These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN,” NCR warned. “A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.”

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Monday Morning Quarterbacking Super Bowl 50: Infosec Edition

Some advice for football teams is also applicable to information security. Good advice for your business.

Don’t skip practice
It goes without saying that a football team that doesn’t practice isn’t going to win anything. But it’s interesting how many security teams only practice on-the-job training for data breaches, highly targeted attacks, insider data leaks, and the like.

10 Shocking New Facts About Ransomware

Ransomware has taken over the cybercriminal world in the last few years and there’s no end in sight. My favorite excerpt of this article is the extremely awkward advice from the FBI.

Last fall the FBI said that it suggests to consumers or businesses caught with their proverbial pants down to just pay the blackmailers if they want to access their data.

New Magic Ransomware developed from open source EDA2 Ransomware

Yet another type of ransomware has been developed. More threats to watch out for.

…the eda2 ransomware kit contains everything a would-be criminal needs in order to create their very own ransomware. This kit includes the code for not only the ransomware executable and the encryption algorithm, but also the PHP web panel that acts as a Command & Control server for storing the encryption keys of victims.

Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer

Turns out a hacker grew a conscience. Is this a good Samaritan or a black hatter gone grey? No one knows.

But the recent hack means part of the botnet has been requisitioned to quite different ends. “The content behind the malware download URL has been replaced, it’s now providing an original, up-to-date Avira web installer instead of the usual Dridex loader,” explained Moritz Kroll, a malware expert at Avira.

Java installer flaw shows why you should clear your Downloads folder

Got old Java installers in your download folders? Delete them – or risk getting infected. It’s important.

On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later.

Adwind malware-as-a-service hits more than 400,000 users globally

If you can’t build your own malware, you can just buy it. Adwind is currently undetectable by anti-virus programs. Network egress policies should catch the outbound traffic but, further research is needed.

Criminals who bought and used Adwind kit targeted private individuals and small and medium businesses from a number of industries, including: manufacturing, finance, engineering, design, retail, government, shipping, telecom and a lot of others.

That’s why we can’t but encourage enterprises to review the purpose of using Java platform and disable it for all unauthorized sources.

#TheSAS2016 Comics: Banking APTs

Dozens of banks recently lost millions of dollars via so-called APTs. It’s complicated. So here’s a simple “comic” to explain it.

We know that the blogs were a tad long so to summarize we’ve turned it into comic form for your enjoyment.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

NSA Hacker Chief Explains How to Keep Him Out of Your System

An unusual insight into what issues the NSA top hacking and cyber security team takes advantage of. Advanced criminals probably use the same methods to break into organizations like yours.

Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

FTC: Tax Fraud Behind 47% Spike in ID Theft

Cyber criminals like stealing your identity. Here are some scary numbers from the IRS about tax fraud and identity theft. It’s more common than you think.

…nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud.

Remember – never give out sensitive information on incoming phone calls to anyone. Reputable institutions like the IRS would never ask you to:

The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

Big Week For Ransomware

Several major organizations were victims of ransomware this week. Read their horror stories here.

What a week for ransomware. The bullish code that extorts users by locking or encrypting their files and devices has made headlines all week. In case you missed it, here’s a roundup.

Moving to a Plugin-Free Web

In a historic move,  Oracle announces plan to deprecate the Java Plugin browser plugin. The attack surface area on most PC’s just shrank by one.

Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.

Here’s Why You Need to Install iOS 9.2.1, Stat

A massive security flaw was spotted in iOS recently. The new update fixes the flaw – so download it immediately.

The update fixes a rather serious security flaw, which allowed cybercriminals to potentially monitor, copy and steal the data you use, send and access over a phony Wi-Fi connection. The stolen goods could have included anything you typed while using the device, such as usernames, passwords, and private messages.

Scammers increasingly using rogue extensions to victimize Chrome and ChromeOS users

If you thought Google Chrome and ChromeOS were free from security issues, think again.

Jerome Segura, a Malwarebytes senior security researcher, said cybercriminals are finding extensions are an excellent way to infiltrate Chrome and ChromeOS because, like apps, most users pay little attention to the permissions that must be agreed to prior to downloading an extension.

CryptoWall 4 Targets Booking.com Customers

There’s a new variant of CryptoWall on the loose – infecting systems and causing mayhem. This article explains how it works.

How It Infects Your System: If users ignore Microsoft’s default security warning, the computer becomes infected when the malicious macro code drops and executes an Upatre variant.
This Upatre variant utilizes a common malware technique called process hollowing or dynamic forking to ultimately infect the computer with CryptoWall.

Monday review – the hot 29 stories of the week – Naked Security

Want to read some more? Here are some more great security stories from around the web.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Too many people still use terrible passwords

When you make your password easy to guess, attackers can easily break into your systems and access your sensitive data. So – please don’t use one of these passwords!

The fifth annual SplashData chart of the internet’s worst passwords is out, and it looks like people just can’t learn the lesson. The firm has aggregated the passwords from around two million that were leaked in 2015, finding that basic, easy-to-guess terms are still in abundance. The most popular code behind which people store their valuables is “123456,” with “password” sitting comfortably in second place. Places three and four are similarly guessable, with “12345678” and “qwerty” being the… look, guys, just no, please stop doing this.

Fake Facebook emails deliver malware masquerading as audio message

Phishing attacks are one of the most common scams on the web. Now, you can even find them in Facebook Audio messages. Moral of the story: always be careful with attachments.

A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same.

The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message

Symantec Disavows Business Partner Caught Running a Tech Support Scam

Don’t think you can trust someone just because they seem trustworthy. One of Symantec’s partners recently got caught running the “Tech Support Scam”. To make things worse, one of their competitors (MalwareBytes) caught them.

This type of online fraud is known in the industry as “tech support scam,” and most of the times, scammers pose as official support staff for companies such as Microsoft, Google, or Apple.

In this particular case, Malwarebytes was investigating a tech support scam reported by one of its users.

The anatomy and physiology of APT attacks

Curious what a real cyberattack looks like? Here’s a great overview of APT’s (Advanced Persistent Attacks) and how the techniques used by early cyber criminals have been expounded upon and are in use by governments around the world today.

Building on what cybercriminals began, security services from many countries have the capability to attack and steal for their national interests.

Firm Sues Cyber Insurer Over $480K Loss

Business email compromise scams (BEC) are a common type of attack business owners face. Here’s a detailed case study of one BEC scam that is being fought by cyber insurance provider Chubb.

In a letter sent by Chubb to the plaintiff, the insurance firm said it was denying the claim because the scam, known alternatively as “business email compromise” (BEC) and CEO fraud, did not involve the forgery of a financial instrument as required by the policy.

Plus – even the FBI recommends adopting two step or two factor authentication. Please take their advice.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

83% of InfoSec Pros Think (Another) Successful Cyberattack On Critical Infrastructure Likely In 2016

When 2900 cybersecurity experts voice their opinions, we listen. This article gives you valuable insights into what these experts are thinking – and how it can impact the security of your organization.

Believe it or not, basic cybercrime does not win the top spot as the worst threat to organizations, according to respondents; in fact it’s not even in the top three. Social engineering is number one (52.26%), followed by insider threats (40.34%) and advanced persistent threats (38.84%) — all ahead of cybercrime, malware, and distributed denials of service.

22 Sites Where You Should Enable Two Factor Authentication RIGHT NOW

Two factor authentication is a vital line of defense against attacketrs. Here is a good list of sites that support two factor authentication that you should enable as soon as possible.

Some of the most popular websites have added another layer of security that makes it a lot harder for attackers to get to your stuff. The cool part is that these same websites have worked really hard to make sure this extra layer of security isn’t a huge hassle for legitimate users.

Security Experts Speak: Biggest AppSec Priorities and Concerns in 2016

Another great article with lots of good insights into what top security pro’s are worried about in 2016.

To help give a bit of perspective to what top security experts are gearing up for this year, we asked eight of the world’s top security experts in various roles, including a pentester, several CISOs, a secure developer, a security engineer and an international speaker on security topics, to share their thoughts with us.

Malvertising – why fighting adblockers gets users’ backs up

A new type of attacks has recently been spreading itself around the internet. This form of attack ads malicious code to otherwise good websites (which you might visit).

…malvertising, short for malicious online advertising, which is where usually-trustworthy sites temporarily go rogue because one of the ads they display turns out to be booby-trapped, and tries to foist malware or potentially unwanted content on your computer.

A Flaw on eBay’s Site Allowed Hackers To Steal User’s Passwords

This is a scary situation: attackers have managed to plant a phishing site within the EBay domain. Most phishing scams just try to replicate the website’s look and feel. This criminal was able inject this malicious webpage into the eBay.com domain. This particular presentation would have fooled almost all casual observers. There are two key take always:

1. Have Two Factor Authentication (2FA) enabled for every site possible, especially ones with access to critical data or information about yourself (eBay, bank accounts, credit cards, etc…)
2. These scams start out as a standard phishing scam where the attacker sends an email to you and tries to get you to click on a link that will lead you to the compromised site.

This is a common web bug, also known as XSS, which attackers can exploit to inject malicious code into a website. Several websites in the past have been hit with XSS vulnerabilities. Perhaps the most well-known case of XSS is when a teenage Samy Kamkar, now a well-known security researcher, was able to trick one million MySpace users into becoming his friend thanks to a self-replicating worm that took advantage of an XSS bug on the social network. That incident, which put Kamkar in the law’s cross hairs, changed the internet for

PayPal and zero dollar invoice spam

This is another interesting new way scammers found to send spam without being detected by the normal filtering process. The normal phishing rules don’t protect you against this one.

Mac Users Vulnerable To Malware As Gatekeeper Security Hole Not Yet Fixed Four Months After Discovery

Everyone always said that the Mac’s day for security issues was coming. I think it has finally arrived. Mac users: you’re not as secure as you think.

While Gatekeeper carries out several checks on apps before they are launched on a Mac, it does not prevent apps from running or loading other apps or dynamic libraries from an alternate directory. This is because Gatekeeper only verifies the first application that the user launches.

The security researcher that found the Gatekeeper Vulnerabiltiy has released a tool that fixes the issue until Apple release a patch.

Wardle has released a personal tool named Ostiarius that would do a better job than Gatekeeper in the prevention of such attacks for the protection of OS X users, as it could block the execution of all unsigned Internet binaries.

Internet Explorer 11 – now the only way to go

Finally, one of the buggiest pieces of software has deprecated all version except the latest: Internet Explorer 11.

…the Internet Explorer cumulative update that was published by Microsoft on Tuesday 12 January 2016 (MS16-001) is the last ever update for Windows 7 that will patch IE 8, 9 and 10.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Antivirus software could make your company more vulnerable

You rely on your antivirus software to keep your technology safe from attacks. But what if these very tools can be used to break into your organization? Bad news: they can.

Security researchers are worried that critical vulnerabilities in antivirus products are too easy to find and exploit

When it Comes to Cyberattacks, Half Protected is Half Not Protected

Your credentials are your digital “keys to your kingdom”. Protecting your credentials is one thing. But making sure that your credentials don’t have more rights than are needed on a daily basis is just as important. This article shows why Security Awareness and proper Privileged Account controls will continue to be extremely important in the effort to keep small and medium businesses safe from information security “bad actors”.

According to cyber security experts Verizon and Mandiant, over half — and trending toward 100% — of recent data breaches were due to compromised credentials. These credentials are the digital “keys to the kingdom” and give hackers everything they need to access corporate apps, siphon off sensitive data and damage or destroy critical systems.

The Latest Pawn in the Warranty Fraud Game? Fitbit Users – McAfee

Even your fitness device can be a security threat. Make sure sure that you don’t use the same password that you use for your personal or work email account for other accounts. By gaining access to these less secure accounts your critical accounts can be easily breached.

All that stands between you and a cybercrime is a not-so-strong login. In fact, just this week, the problem of weak passwords played a strong role in the latest hacker ploy: a warranty fraud scheme aimed at Fitbit users.

Data Insecurity: Flawed Technology Or Outdated Business Process?

Business process security is another soft target that can be taken advantage of.

When it comes to protecting critical data, legacy processes are just as vulnerable as legacy software.

At a recent healthcare conference I attended, one insurance company compliance executive admitted that his organization found eight copies of their main patient record database in their enterprise environment

Fake Tech Support Scams Evolve to Include Support, Purchase History

Fake Tech Support scams keep evolving. Each iteration of these scams gets harder and harder to tell from a real call. For SMB’s the telltale sign is that Dell would not call you directly about product support. If there is ever a doubt whether a call like this is legitimate, offer to call them back using the vendor information that you have on file. Or better yet: contact your Managed Service Provider to have them ferret out the situation.

Various other versions of this scam can involve ransomware being installed on victims’ PCs, which can cost the victims quite a bit of money. However, the latest variant involves not random, ill-informed people throwing things against the wall, but rather highly knowledgeable scammers who know highly specific details of each target’s history with the company they’re spoofing. A case in point is a recent rash of calls to Dell customers in which the caller says he is from Dell itself and is able to identify the victim’s PC by model number and provide details of previous warranty and support interactions with the company.

James Veitch: This is what happens when you reply to spam email

Scammer tries to scam innocent guy. Guy messes with scammer. Here’s a funny video about one guy having enough and fighting back. I don’t recommend this but, it’s funny nonetheless.

Suspicious emails: unclaimed insurance bonds, diamond-encrusted safe deposit boxes, close friends marooned in a foreign country. They pop up in our inboxes, and standard procedure is to delete on sight. But what happens when you reply? Follow along as writer and comedian James Veitch narrates a hilarious, weeks-long exchange with a spammer who offered to cut him in on a hot deal.

Cyber Wars: Star Wars of Cyber Crime |

Getting confused with all these technical terms thrown around when talking about cyber crime? Are you more familiar with Star Wars instead? Then this funny Star Wars to Cyber Crime analogy will entertain you!

Life in the Galaxy hasn’t been the same since the emergence of cyberspace. Cyberspace’s impact on life has been colossal. Galaxy citizens now refer to it simply as the Internet – the international network where all species communicate and share their experiences, powers and thoughts.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Advent tip #24: The Big One! |

The Sophos Security Blog put together a great list of cyber security tips and published it in December. Here are a bunch of simple, but really important security tips to use your technology responsibly.

Software with the most vulnerabilities in 2015: Mac OS X, iOS, and Flash | VentureBeat | Security | by Emil Protalinski

Did you know that six out of the top ten pieces of software with the the most vulnerabilities of 2015 are in regular use by small- and medium-sized businesses across the country? They are. Read this article to see if you use these vulnerable tools (and how to use them safely).

Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apple’s Mac OS X, with 384 vulnerabilities. The runner-up? Apple’s iOS, with 375 vulnerabilities.

The Employee Password Habits That Could Hurt Enterprises

If your employees use weak passwords, they can hurt your company. Quality passwords are one of easiest safeguards that your company can make to improve your threat surface area. Read more about it in this article.

Inside an SMB Hack | Breach Secure Now!

This research conclusively shows that security breaches are more likely to happen in small and medium businesses.

In a Verizon Data Breach Investigations Study, they found that 71% of breaches occurred in businesses with less than 100 employees. You would think that Small to Midsize Businesses (SMBs) would be very worried about security. And many SMBs might be worried but for the majority they just don’t believe that they need to worry or that they could be a victim.

Information Security Testing Continuum – Cybersecurity Defense Solutions

Great blog post that illustrates the increasing levels of a cyber security plan.

There are a lot of companies out there who will sell you anything they can, even when your business is not ready for it. These companies are not doing our industry or your business any favors by selling assessments and tests that your business will in the end see little value in. We will try and shed some light on this for the average business owner/IT Manager.

Ransom32 Is a JavaScript-Based Ransomware That Uses Node.js to Infect Users

New threat incoming. Ransomware authors continue to innovate. This particular version is cross platform and spread by phishing emails.

Ransom32 is currently distributed only via spam email campaigns. This is a classic method of distributing any type of malware, not just ransomware, and is not unique to Ransom32.

Microsoft mirrors rivals, pledges to warn customers of state-backed hacks after leaving users in the dark | Computerworld

Just in case you missed it,  cloud providers are going to notify users of government request for information. Microsoft finally joins the pack.

Microsoft this week announced that it, too, would alert users when they are beset by state-sponsored cyber attacks, following the lead of Google, Facebook and, most recently, Yahoo.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 
Security’s Biggest Winners and Losers in 2015 | WIRED

This is a quick overview of the cyber security stories that made the headlines this year.

THIS YEAR, LAWMAKERS surprised us by taking initial steps—albeit, baby ones—to rein in some of the NSA’s mass spying and provide better oversight of the intelligence agency’s activities. It’s unclear, however, if these gains and other privacy victories will hold or will be undone in the panic after the Paris attacks.

15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn’t

Cyber security threats are everywhere: from breaches, to flash, zero days, ransomware, and “insiders”. You can’t hide from them. The only way to feel safe is becoming aware of the issues and techniques to deal with them.

Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
As is the case every year in the cybersecurity field, 2015 was full of lessons to be learned. Some brand new, others that it’s absurd we haven’t learned yet.

Cyveillance Weekly Phishing Report – December 28, 2015

Staggering phishing numbers show that this cyber scam keeps growing each month. With overall increases in SPAM, how long will it be before email goes away for good?

In this week’s phishing activity report, we saw an increase (>35%) in overall phishing activity for the top 20 brands we’re tracking, grouped by industry. Banking (>145%) and Computer Hardware (>100%) saw the greatest increases in phishing activity last week. While we saw an increase in almost all industries last week, Telecommunications (>15%) was the only industry which showed a slight drop.

Top 5 Cyber Security Predictions for 2016 : security

Ransomware is one of the most prevalent security issues companies will face in 2016. Here are a few other things to keep your eyes on this year.

Until now, hackers have used ransomware – or malware that prevents users from accessing their data until they pay a ransom fee – as forms of petty crimes against small businesses and government agencies. And although ransomware has been around for decades, there’s been a steep rise, specifically a 165% increase, in ransomware related incidents this past year.