Blogs Archives - Page 23 of 63 - D1 Defend D1 Defend

Blogs Archives - Page 23 of 63 - D1 Defend D1 Defend

x

Category: Blogs

Protect Your Business from the Latest Emotet Phishing Scam Targeting Taxpayers

Posted on by D1 Defend

Scammers will use anything to target businesses, including tax forms. A new phishing campaign is spreading a malicious program disguised as documents from the IRS. With the tax season in full swing soon, business owners must take extra precautions to protect sensitive company data.

Emotet Phishing Campaign Targets Taxpayers

Emotet is one of the most widespread malware programs in recent years. The latest emotet phishing campaign targets taxpayers. It impersonates the IRS and other private organizations, sending emails containing phony Form W-9 attachments.

When someone falls for the scam and installs the emotet on their computer, the malware will steal data and take control of their email. It will send spam emails using the target’s account to spread other malicious programs.

Obvious Emotet Phishing Signs to Look Out For

The Emotet phishing emails may seem legitimate, but some telltale signs give them away. The malicious emails have an attached Zip file. It contains a Word document that is supposedly the Form W-9. But you can tell it is fake because it is over 500 megabytes. No ordinary Word document is ever that big.

In addition, Microsoft has disabled macros from operating on the system. A security warning will appear when a user tries to open a malicious Word document, saying it contains blocked macros. That is the ultimate warning sign of a phishing scam, so don’t enable the content.

Emotet is trying to circumvent Microsoft’s solution by sending OneNote files instead. When a user opens the attachment, it will say the document is protected and that they must click the “View” button. Once they do, it will cause the embedded VBScript to run. OneNote will display a warning about the potentially malicious script, but inattentive users will launch it anyway.

It is essential to note that legitimate tax documents are usually in PDF form. Be cautious about opening Word, OneNote, and other file types from dubious sources.

How to Minimize Your Risks 

The Emotet phishing campaign can have disastrous outcomes for companies. But you can minimize risk by knowing the warning signs. The same goes for other malicious schemes. If business owners and employees learn about these techniques, they can prevent data loss and stop the spread of malware.

Used with permission from Article Aggregator

Cerebral Data Breach – 3.18 Million Affected

Posted on by D1 Defend

Cerebral, an online platform that offers mental health care services, recently suffered a data breach that may have affected up to 3.18 million users. According to its report, the breach was due to the company’s use of third-party pixel trackers.

Cerebral did not say the exact number of users affected. However, the company said it had taken steps to ease the breach’s impact.

What Exactly Are Tracking Pixels?

Tracking pixels are tiny pieces of code that businesses can embed on their websites, online ads, or marketing emails.

Whenever you use a webpage, ad, or email that contains a tracking pixel, it sends a message to a server. This message can collect data about the users, including their behavior and activity.

But criminals can use these pixels maliciously, posing a significant risk to users’ privacy.

Cerebral has been using pixels since it started in October 2019. By using third-party pixel
trackers, Cerebral left themselves open to illegal access to their system.

Consequently, the hackers were able to get their hands on users’ personal information, including their names, medical histories, and health insurance plans.

What Are the Consequences of a Data Breach?

Data breaches can have far-reaching effects on both individuals and companies. Identity theft, financial losses, and reputational damage are just a few of the dangers.

It was on Jan. 3, 2023, that Cerebral uncovered the breach. The company found out it had
mistakenly shared sensitive user information with other companies, including mental health evaluations, findings, and treatment plans.

The breach also exposed user subscription plans. Unfortunately, this put Cerebral in violation of HIPAA regulations to safeguard people’s private health information.

How Can Businesses Avoid a Data Breach?

To prevent data breaches, you must understand the potential risks of using third-party trackers. Protecting your customers’ data and being wary of data breaches is essential.

To keep your business safe from a data breach:

  • Check for weak spots and threats to your business.
  • Use passwords and access controls to protect critical information.
  • Keep an eye out for any suspicious activity or unauthorized access.
  • Train your employees to spot and deal with security problems.
  • Have a plan in case there is a security breach.

The Cerebral breach highlights the importance of keeping users’ information safe. As a business, you must remain proactive in securing your data and staying updated with the latest security measures.

Used with permission from Article Aggregator

Hiatus Malware Targets Business Routers

Posted on by D1 Defend

There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.

Hiatus is the first of its kind. Lumen’s security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here’s everything you need to know about the malicious campaign.

How Does the Hiatus Campaign Work?

The Hiatus campaign uses three components, namely a bash script, HiatusRAT, and a tcpdump variant. The threat actor will breach the target device and deploy the bash script. That will download and trigger the HiatusRAT. Next, the malware will steal the following: network data, system data, process data, and file system data.

The HiatusRAT malware will maintain communication with the C2 server. That way, the threat actor can keep watch over the target network. The bash script will also set up a packet-capturing program to monitor activity in TCP ports. The data there is unencrypted, so it is easy for hackers to steal.

Who Is the Hiatus Campaign Targeting?

The Hiatus campaign targets DayTrek Vigor VPN routers nearing the end of their lives. These are the 3900 and 2690 models with the i386 architecture. Businesses use these high-bandwidth routers to provide VPN support to their remote employees.

Small to medium-sized companies are the common users of these routers, so they are at high risk for attack. As of February, researchers said around 4,000 machines are vulnerable. They suspect the threat actors are spying on their targets and building a proxy network. The affected regions include Europe and North and South America.

However, the attackers are keeping a low profile to avoid detection. Out of all the routers they can attack, they have only breached 2%. That’s around a hundred compromised routers. The strategy also allows them to focus on the most critical profiles.

The Bottom Line

The HiatusRAT malware can harvest all kinds of data and communicate with remote servers. The Hiatus campaign is ongoing, and no one knows how many it will victimize. That is why business owners should not let their guard down. Not only can you lose money and intellectual property in a data breach, but you will also break your customers’ trust. Invest in your organization’s security before it is too late.

Used with permission from Article Aggregator

AT&T Data Breach – 9 Million Affected

Posted on by D1 Defend

In a recent statement, telecommunications giant AT&T confirmed that a hack on a vendor it was working with exposed around 9 million accounts. AT&T said that the sensitive information was mainly about device upgrade eligibility.

The hacking happened in January 2023 using a weakness in the vendor’s system. The hackers accessed customer data, such as their names, addresses, phone numbers, and account numbers.

AT&T said the hack did not involve sensitive information like Social Security numbers, credit card details, or account passwords. Also, the exposed data was old information.

The hack did not affect its internal systems, according to AT&T. The company is actively contacting customers affected by the data breach.

What Is a Data Breach and Its Consequences?

A data breach occurs when someone gains unauthorized access to sensitive information, such as confidential or personal information. This can lead to severe consequences for those affected, including identity theft, fraud, and other malicious activities.

In the case of AT&T, the consequences of their recent breach may include phishing attacks, spam, and potential legal and financial penalties.

Additionally, the company’s reputation may suffer due to the failure to protect its customers’ data.

How to Minimize the Risk of a Data Breach When Working With Vendors

Business owners need to know the potential risks and threats when working with vendors. Here are some ways to minimize the risk of data breaches:

1. Check the vendor’s reputation before working with them. Before you start working with a vendor, conduct a full background check. Ensure they have a good reputation and a
history of securing their data.

2. Use contracts. Establish a comprehensive agreement outlining the security measures the vendor must fulfill to protect your data.

3. Limit access to data and only share what is necessary. Only give them access to the data
they need to perform their duties. Also, ensure that the vendor places measures to protect
the data, such as encryption and access controls.

4. Monitor vendor activity. Regularly monitor the vendor’s movement and keep track of any changes in how they access your data. This will help you detect any potential breaches or misuse.

5. Have an incident response plan. An incident response plan outlines the steps to take in
case of a data breach. This should include communication protocols, containment
measures, and actions for notifying affected parties.

By following these practices, business owners can reduce the risk of data breaches when working with vendors and help ensure the security of their data.

Final Thoughts
Identity theft and fraud are common after-effects if there is a breach in your data. It is crucial for businesses to monitor their accounts for suspicious activity, regularly review account statements and credit reports, and report any unauthorized activity immediately.

Used with permission from Article Aggregator

Microsoft Patch Tuesday

Posted on by D1 Defend

Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.

Microsoft Outlook Vulnerability

The Outlook bug, CVE-2023-23397, affects all versions of Microsoft Outlook from 2013 to the most recent one.

Microsoft said that threat actors are taking advantage of this bug. It starts working automatically when a malicious email goes to an email server, even before it appears in the Preview Pane.

CVE-2023-23397 is an NTLM relay exploit that enables an attacker to gain a user’s Windows account password and use it in a “Pass The Hash” attack.
The flaw makes it possible for a threat actor to pose as a trustworthy person. This is the same as an attacker having a valid password and getting into an organization’s systems.

Windows SmartScreen Vulnerability

The second exploited flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows
SmartScreen. The flaw can let malicious code run without SmartScreen checks.
CVE-2023-24880 lets threat actors create files that get around Mark of the Web (MOTW)
defenses. By bypassing the MOTW, hackers can spread malware through documents and other infected files that SmartScreen normally blocks.

Microsoft also fixed seven other security flaws this week with a “critical” rating. The rating
means that a threat actor could take complete remote control of a Windows host without the user having to do much.

Action Plan for Business Owners

Windows is a staple in many businesses. Owners should take the following precautions to protect their clients and make sure their systems are safe:

  • Install security updates quickly. Once there’s a new patch, you should update your
    software to stop exploitation.
  • Establish a regular update schedule. Check for and apply updates for your operating
    system, apps, and security programs on a regular basis.
  • Get people to use strong passwords. Encourage employees to use strong, unique
    passwords and consider using a password manager.
  • Enable multi-factor authentication. This provides an added layer of security.
  • Train your workers about security. Teach your employees best practices, like spotting suspicious emails and what to do when a cyberattack happens.
  • Always have a backup plan. Back up your data regularly and keep it in several places for quick recovery.
  • Monitor network activity. Use tools for network monitoring to find strange behavior and possible threats.
  • Develop an incident response plan. Plan for handling cybersecurity issues, including ways to deal with threats.
  • Review policies on security. Regularly review and update security policies to adapt to new threats and technology.

Final Word

Organizations need to be always aware of cyber dangers. By regularly reviewing and updating security rules, you can keep your digital environment safe from threats.

Used with permission from Article Aggregator

View More

Schedule a Call