Top Cyber Threats of 2017

Posted by Alexa Villanueva on Thu, Jul 13, 2017

Every year cyber criminals devise new high profile and sophisticated attacks against organizations worldwide. 2017 is no exception: from complex ransomware attacks to large data breaches, it is obvious this year’s cyber-attacks have caused major damage. Below you will find the most prominent cyber security news so far and the lessons they’ve left behind.

Read More

Topics: Malware, data breach, hackers, security breach, cyber threats, online risk, ransomware, Cyber Attack, cybersecurity, DDoS attack, malicious apps, online threat, top cyber threats of 2017

WannaCry Ransomware: 5 Steps to Protect Your Company Against It

Posted by Alexa Villanueva on Mon, May 15, 2017

On Friday, May 12 2017 a large scale cyber-attack known as “WannaCry” was launched targeting more than 230,000 computers in 150 countries affecting Britain’s National Health Service (NHS), FedEx, LATAM Airlines and other important companies around the world.

This is certainly not the last time we’ll hear about this cyber-attack, here’s what you need to know…
Read More

Topics: hackers, online risk, ransomware, Cyber Attack

How to Be Prepared for the Oldest Trick in the Book....

Posted by Greg Mancusi-Ungaro on Wed, Jul 27, 2016



Regardless of their politics, the recent news of the DNC server hack, allegedly by Russian-government-backed hackers, should have security teams pulling their hair out.  Why?  Because the first phase of the attack used one of the oldest tricks in the book -- a phishing email attack, leveraging a copycat domain. 

"For example, the first group, APT 28, often uses the same tactic: registering a domain whose name is similar to that of its target, to trick users into disclosing their passwords when logging into the wrong site. In this case, hackers set up — switching two letters — to target users of MIS Department, which manages networks for the Democratic committee."  NY TImes, July 27, 2016

It should be no surprise to learn that almost every devastating cyber breach, from Target to the DNC, starts with the same exploit:

Read More

Topics: Identity Theft, data breach, hackers, Domain Management, Phishing, cybercrime, Spear Phishing, 2016 Elections, MX Records

When You Can’t Trust Criminals on the Deep Web, Who Can You Trust?!

Posted by Jeff Daisley on Fri, Jul 31, 2015

During my morning news scan, I came across some interesting articles surrounding the recent Hell Tor deep web cybercrime forum.  And in particular, discussion about the associated text file that contained more than 23,000 records that “appeared” to be a user database populated exclusively by user accounts with dot-gov email from the Office of Personnel Management (OPM). After a close review of the file, experts stated that these records -- made available as a teaser and/or as “proof” that the hackers had compromised the agency --  were not from the OPM,  instead they were a list of users stolen from a different government agency —, also known as Federal Prison Industries.

Read More

Topics: scam, hackers, cyber threats, OPM Breach, deep web, pastebin

CyberAttack Exposes IRS Tax Returns

Posted by Greg Mancusi-Ungaro on Wed, May 27, 2015


Just a month ago, I wrote about an emerging critical cyber threat trend -- attacks centered on health care providers and health insurance systems.  These schemes are very lucrative for thieves because the loot, electonic health records, contains everything needed -- social security numbers, known addresses, phone numbers, relatives, payment preferences -- to create duplicate identities for individuals.  Just add the photo.

Read More

Topics: Security, data breach, hackers, security breach, cybercrime, cyber threats, impersonation, PII, Health Care

Password Panic Can Put Your Brand’s Reputation At Risk

Posted by Omri Benhaim on Mon, Apr 28, 2014

Earlier this month we were all informed that the Heartbleed bug which affected versions of OpenSSL, a widely used data encryption standard had potentially compromised our personal information. Around the world the response was the same “change your password”. Seems like a simple enough solution, but if you are using an unsecure password changing it will not protect you for long. In addition if you did not wait for each website to patch their OpenSSL before changing your passwords, then your new passwords may have already been compromised too.

Read More

Topics: hackers, password protection, employees social media

Target’s Once-Stellar Reputation Is In Trouble… Big Trouble

Posted by Adriana Tayraco on Mon, Jan 27, 2014

Earlier last week Jody Westby wrote a very insightful article for Forbes highlighting the lack of experience and expertise from most board members and CEOs when dealing with serious cyber risks. A great point is made when she remarks that “they [CEOs and board members] are beginning to realize that there are best practices for cyber governance, and this involves more than asking interesting questions now and then or accommodating an annual ten-minute IT report on the board agenda”.

Read More

Topics: risk management, hackers, brand abuse, online brand protection, security breach

Do You Know Who is Viewing Your LinkedIn Profile?

Posted by Rosemary Brkopac on Tue, Jan 14, 2014

A couple of days ago I filed a Notice of False profile with LinkedIn (operator of a professional networking site with 259 million members) because a fake member account had been set up involving one of my financial clients.  The perpetrator’s profile indicated that “she” was a company branch manager, and she was sending out LinkedIn invites to her “co-workers” at the financial institution.  The profile should have screamed “a fake” to experienced users of the site.  Some tell-tale signs were that the profile was bare bones, with only my client listed as an employer (along with the presence of the company logo), and the image of the individual on the page looked like a robot.   I received a quick response back from LinkedIn saying they HAD begun processing the complaint, but that it may take some time to process.  Last week the news was full of articles stating that LinkedIn had sued hackers over the creation of thousands of fake accounts.  The hackers’ objective was to tap into legitimate member profiles (which they did at apparently a rate of hundreds of thousands of profiles each day) where they could glean a plethora of personal information.  At this point the identity of the hackers is unknown, and subpoenas are being served on Amazon Web Services, the cloud platform used to create the fake accounts, in an attempt to unmask them. 

The scheme was explained in an article published by Bloomberg on January 7th which stated “hackers using automated software created thousands of fake member accounts and copied data from actual member profile pages.”  The article goes on to say “the practice, known as data “scraping,” violates LinkedIn’s user agreements and federal and state computer fraud laws, the company said in a complaint filed yesterday against the unknown hackers in federal court in San Francisco. It has also strained and disrupted the company’s network computers and threatens to degrade the value of LinkedIn Recruiter, a fee-based service used by Fortune 100 companies that’s one of the company’s fastest-growing offerings, according to the complaint”.

Read More

Topics: Brand Protection, hackers, brand abuse, brandjacking

Recent Posts

Posts by Topic

see all