Sin categoría Archives - D1defend D1defend

Sin categoría Archives - D1defend D1defend


Patched Microsoft Outlook Vulnerability

Microsoft recently fixed a serious security flaw in Outlook that scored a 9.8 on the Common Vulnerability Scoring System.

This flaw, CVE-2023-2339, is a zero-click vulnerability. It could let hackers steal sensitive information from user accounts and send malicious emails as if they were the user.

The CVE-2023-2339 flaw affects all supported Windows Outlook versions. However, Outlook on the web, Android, iOS, Mac, and Microsoft 365 services are unaffected.

How the Security Flaw Works

The flaw comes from a Microsoft Outlook feature that allows users to customize their
notification sounds. The problem is that the audio file is on a remote server.

Cybercriminals can send malicious emails posing as calendar invites. The victim’s computer then loads the notification sound from a server controlled by the threat actor.

This can expose login credentials, which the hacker can use for unauthorized access.

The victim doesn’t even have to do anything for this to happen. When Outlook gets the
malicious email, it automatically starts the process remotely.

Protecting Your Business

The first step is to install the latest security update for Microsoft Outlook. For now, you should also limit using the New Technology LAN Manager (NTLM).

Companies can also block outbound SMB traffic over port 445. This will help prevent
unauthorized access.

Microsoft has also released an audit tool to help businesses determine if there was a breach.

Actionable Steps for Business Owners

To protect your business and customers from this Microsoft Outlook security flaw, consider these proactive steps:

1. Educate staff about the importance of security updates.
2. Keep Microsoft Outlook installations updated with the latest patches.
3. Monitor network traffic and block unauthorized connections.
4. Encourage strong, unique passwords and install multi-factor authentication (MFA).
5. Regularly review and update cybersecurity policies and practices.

These strategies help address potential cyber threats and keep your business data secure.

Cybercriminals can use the weakness in Microsoft Outlook to steal sensitive information and pose as users. This is a big risk for businesses.

Owners must act quickly to secure their systems and protect their customers. Use the steps above to avoid potential threats and keep your computer system safe.

Used with permission from Article Aggregator

How Cybercriminals are Exploiting the Silicon Valley Bank Shutdown

Recently, there was a rise in cybercrimes related to the closing of Silicon Valley Bank (SVB). Threat actors go after businesses and sometimes use them in their illegal activities.

SVB was the 16th largest bank in the U.S. The bank worked with tech giants like Buzzfeed, Roblox, and Roku. However, global inflation and a deposit run caused regulators to close the bank on Friday, March 10, 2023.

Hackers are using SVB-related content to manipulate people’s emotions. Analysts are finding more phishing attacks connected to the SVB closure, and new threats appear daily.

How Hackers Set Up SVB-related Attacks

Cybercriminals started buying fake SVB domains shortly after SVB closed. This is how they set up their SVB-related attacks. The attackers then made and tested phishing flows before starting their campaigns.

More than 62 new domains were set up for SVB-related attacks, and there were 200 phishing scams, most of which targeted businesses in the U.S.

The Public Response Helped Hackers

Unfortunately, the public’s response to the SVB crisis may have been unwittingly aiding cybercriminals. Attackers used websites that listed affected SVB customers to find targets.

Also, emails from companies switching to new banks can look like phishing emails, which can cause confusion and make the risks higher.

Getting Ready for the Wave of SVB Fraud

To counter SVB-related attacks and protect your business, you should:

1. Raise employee awareness about phishing and cyber threats.
2. Provide regular security training.
3. Implement email security solutions with anti-phishing features.
4. Use multi-factor authentication.
5. Keep software updated to prevent vulnerabilities.
6. Encourage strong, unique passwords and start using password managers.
7. Monitor the company’s online presence for fake domains or websites.
8. Develop and maintain an incident response plan.
9. Periodically review and update security processes.
10. Collaborate with cybersecurity experts for audits and vulnerability assessments.

The recent failure of SVB has given cybercriminals a chance to take advantage of businesses and individuals. To protect yourself from SVB-related attacks and other cyber threats, you need to put cybersecurity at the top of your list of priorities.

You can shield your company from these attacks by being proactive, improving security infrastructure, and using your resources wisely.

Used with permission from Article Aggregator

Using Technology to Improve Employee Productivity

It is crucial to make the most of available technology to stay ahead of the competition in today’s fast-paced business environment. As a result, business owners are always searching for ways to increase efficiency and employee productivity. Here are some tips and strategies for using technology to boost employee productivity.

Project Management Tools
Project management tools provide a clear and organized view of tasks and progress. Using a project management tool, teams can stay on schedule and meet deadlines while maintaining efficient communication between team members. In addition, employees can share updates, feedback, and files quickly and easily.

Virtual Assistants
With virtual assistants, routine tasks can be automated, allowing employees to devote more time to other critical tasks. As a result, employees can focus on high-value work when a virtual assistant schedules appointments, sends reminders and responds to emails.

Collaboration Tools
Collaboration tools allow employees to communicate and collaborate in real-time, regardless of location. In addition to reducing the time required to complete tasks, collaboration tools enable teams to share information and updates in one centralized location.

Time-Tracking Software
With time-tracking software, employees can track how much time they spend on various projects and tasks. By analyzing this information, managers can identify areas where they increase productivity.

Cloud Computing
A cloud computing solution allows employees to access their work files from any location and device, allowing them to work at home or on the go. In addition, cloud computing allows teams to collaborate and share files regardless of location, facilitating a more efficient work-life balance.

Technology is critical to increasing employee productivity. By leveraging technology, business owners can maximize employee productivity while collaborating with customers. In addition, by taking advantage of modern technological advances, business owners can gain an edge over their competitors.

Used with permission from Article Aggregator

Firefox 111 Boosts Security, Fixes Bugs, and Adds New Features

Mozilla has released a new version of Firefox for Android, equipping it with a built-in PDF viewer. Firefox 111 also provides a more secure experience for users through its Total Cookie Protection feature. In addition, the upgrade addresses the security issues and unusual bugs in the last version.

Android Users Finally Have Total Cookie Protection on Firefox

In 2021, Mozilla launched Total Cookie Protection for incognito Windows. It was an optional feature that users could turn on. In 2022, the company rolled it out to all Mac and Windows users. It enabled the security feature by default for all Windows. A year later, Mozilla finally debuted it for Android users.

Total Cookie Protection acts as a “cookie jar” for each website you visit. It contains cookies within their respective sites to prevent cross-site tracking. It is an extra layer of protection for your online data. It also gives you a break from intrusive ads, deterring companies from gathering information about you.

Mozilla Releases Additional Features for Android Users

Another highlight of the new Firefox 111 is its built-in PDF viewer. It eliminates the need for third-party apps when viewing PDF documents on your Android phone. There is also an exclusive feature for Pixel phone users with Android 12 or 13. You can now share links to recently viewed pages from the recent screen.

Aside from these new features, Firefox 111 has bug fixes for Android. It resolves the compatibility issue with Android 13 that was causing problems with copying saved passwords. Mozilla has also fixed the crashing that users were experiencing with the media playback notification.

Firefox 111 Has Browser Improvements for macOS and PC

Android users aren’t the only ones to benefit from the Firefox 111 upgrades. Mozilla has also addressed Windows 11 and macOS issues. It fixed the bug that was causing Firefox to freeze during start-up. It also resolved the issue that made Firefox crash when users pinch-zoomed.

Update to Minimize Your Risks 

No matter what browser you use in the office, encourage all your team members to upgrade to the latest version. Outdated versions are open to more security vulnerabilities. Once your browser is compromised, threat actors can steal sensitive information and install malware. Aside from improving security, upgrading your browser will also speed up the browsing experience and boost your team’s efficiency.

Used with permission from Article Aggregator

Protect Your Business from the Latest Emotet Phishing Scam Targeting Taxpayers

Scammers will use anything to target businesses, including tax forms. A new phishing campaign is spreading a malicious program disguised as documents from the IRS. With the tax season in full swing soon, business owners must take extra precautions to protect sensitive company data.

Emotet Phishing Campaign Targets Taxpayers

Emotet is one of the most widespread malware programs in recent years. The latest emotet phishing campaign targets taxpayers. It impersonates the IRS and other private organizations, sending emails containing phony Form W-9 attachments.

When someone falls for the scam and installs the emotet on their computer, the malware will steal data and take control of their email. It will send spam emails using the target’s account to spread other malicious programs.

Obvious Emotet Phishing Signs to Look Out For

The Emotet phishing emails may seem legitimate, but some telltale signs give them away. The malicious emails have an attached Zip file. It contains a Word document that is supposedly the Form W-9. But you can tell it is fake because it is over 500 megabytes. No ordinary Word document is ever that big.

In addition, Microsoft has disabled macros from operating on the system. A security warning will appear when a user tries to open a malicious Word document, saying it contains blocked macros. That is the ultimate warning sign of a phishing scam, so don’t enable the content.

Emotet is trying to circumvent Microsoft’s solution by sending OneNote files instead. When a user opens the attachment, it will say the document is protected and that they must click the “View” button. Once they do, it will cause the embedded VBScript to run. OneNote will display a warning about the potentially malicious script, but inattentive users will launch it anyway.

It is essential to note that legitimate tax documents are usually in PDF form. Be cautious about opening Word, OneNote, and other file types from dubious sources.

How to Minimize Your Risks 

The Emotet phishing campaign can have disastrous outcomes for companies. But you can minimize risk by knowing the warning signs. The same goes for other malicious schemes. If business owners and employees learn about these techniques, they can prevent data loss and stop the spread of malware.

Used with permission from Article Aggregator

Cerebral Data Breach – 3.18 Million Affected

Cerebral, an online platform that offers mental health care services, recently suffered a data breach that may have affected up to 3.18 million users. According to its report, the breach was due to the company’s use of third-party pixel trackers.

Cerebral did not say the exact number of users affected. However, the company said it had taken steps to ease the breach’s impact.

What Exactly Are Tracking Pixels?

Tracking pixels are tiny pieces of code that businesses can embed on their websites, online ads, or marketing emails.

Whenever you use a webpage, ad, or email that contains a tracking pixel, it sends a message to a server. This message can collect data about the users, including their behavior and activity.

But criminals can use these pixels maliciously, posing a significant risk to users’ privacy.

Cerebral has been using pixels since it started in October 2019. By using third-party pixel
trackers, Cerebral left themselves open to illegal access to their system.

Consequently, the hackers were able to get their hands on users’ personal information, including their names, medical histories, and health insurance plans.

What Are the Consequences of a Data Breach?

Data breaches can have far-reaching effects on both individuals and companies. Identity theft, financial losses, and reputational damage are just a few of the dangers.

It was on Jan. 3, 2023, that Cerebral uncovered the breach. The company found out it had
mistakenly shared sensitive user information with other companies, including mental health evaluations, findings, and treatment plans.

The breach also exposed user subscription plans. Unfortunately, this put Cerebral in violation of HIPAA regulations to safeguard people’s private health information.

How Can Businesses Avoid a Data Breach?

To prevent data breaches, you must understand the potential risks of using third-party trackers. Protecting your customers’ data and being wary of data breaches is essential.

To keep your business safe from a data breach:

  • Check for weak spots and threats to your business.
  • Use passwords and access controls to protect critical information.
  • Keep an eye out for any suspicious activity or unauthorized access.
  • Train your employees to spot and deal with security problems.
  • Have a plan in case there is a security breach.

The Cerebral breach highlights the importance of keeping users’ information safe. As a business, you must remain proactive in securing your data and staying updated with the latest security measures.

Used with permission from Article Aggregator

Hiatus Malware Targets Business Routers

There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.

Hiatus is the first of its kind. Lumen’s security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here’s everything you need to know about the malicious campaign.

How Does the Hiatus Campaign Work?

The Hiatus campaign uses three components, namely a bash script, HiatusRAT, and a tcpdump variant. The threat actor will breach the target device and deploy the bash script. That will download and trigger the HiatusRAT. Next, the malware will steal the following: network data, system data, process data, and file system data.

The HiatusRAT malware will maintain communication with the C2 server. That way, the threat actor can keep watch over the target network. The bash script will also set up a packet-capturing program to monitor activity in TCP ports. The data there is unencrypted, so it is easy for hackers to steal.

Who Is the Hiatus Campaign Targeting?

The Hiatus campaign targets DayTrek Vigor VPN routers nearing the end of their lives. These are the 3900 and 2690 models with the i386 architecture. Businesses use these high-bandwidth routers to provide VPN support to their remote employees.

Small to medium-sized companies are the common users of these routers, so they are at high risk for attack. As of February, researchers said around 4,000 machines are vulnerable. They suspect the threat actors are spying on their targets and building a proxy network. The affected regions include Europe and North and South America.

However, the attackers are keeping a low profile to avoid detection. Out of all the routers they can attack, they have only breached 2%. That’s around a hundred compromised routers. The strategy also allows them to focus on the most critical profiles.

The Bottom Line

The HiatusRAT malware can harvest all kinds of data and communicate with remote servers. The Hiatus campaign is ongoing, and no one knows how many it will victimize. That is why business owners should not let their guard down. Not only can you lose money and intellectual property in a data breach, but you will also break your customers’ trust. Invest in your organization’s security before it is too late.

Used with permission from Article Aggregator

AT&T Data Breach – 9 Million Affected

In a recent statement, telecommunications giant AT&T confirmed that a hack on a vendor it was working with exposed around 9 million accounts. AT&T said that the sensitive information was mainly about device upgrade eligibility.

The hacking happened in January 2023 using a weakness in the vendor’s system. The hackers accessed customer data, such as their names, addresses, phone numbers, and account numbers.

AT&T said the hack did not involve sensitive information like Social Security numbers, credit card details, or account passwords. Also, the exposed data was old information.

The hack did not affect its internal systems, according to AT&T. The company is actively contacting customers affected by the data breach.

What Is a Data Breach and Its Consequences?

A data breach occurs when someone gains unauthorized access to sensitive information, such as confidential or personal information. This can lead to severe consequences for those affected, including identity theft, fraud, and other malicious activities.

In the case of AT&T, the consequences of their recent breach may include phishing attacks, spam, and potential legal and financial penalties.

Additionally, the company’s reputation may suffer due to the failure to protect its customers’ data.

How to Minimize the Risk of a Data Breach When Working With Vendors

Business owners need to know the potential risks and threats when working with vendors. Here are some ways to minimize the risk of data breaches:

1. Check the vendor’s reputation before working with them. Before you start working with a vendor, conduct a full background check. Ensure they have a good reputation and a
history of securing their data.

2. Use contracts. Establish a comprehensive agreement outlining the security measures the vendor must fulfill to protect your data.

3. Limit access to data and only share what is necessary. Only give them access to the data
they need to perform their duties. Also, ensure that the vendor places measures to protect
the data, such as encryption and access controls.

4. Monitor vendor activity. Regularly monitor the vendor’s movement and keep track of any changes in how they access your data. This will help you detect any potential breaches or misuse.

5. Have an incident response plan. An incident response plan outlines the steps to take in
case of a data breach. This should include communication protocols, containment
measures, and actions for notifying affected parties.

By following these practices, business owners can reduce the risk of data breaches when working with vendors and help ensure the security of their data.

Final Thoughts
Identity theft and fraud are common after-effects if there is a breach in your data. It is crucial for businesses to monitor their accounts for suspicious activity, regularly review account statements and credit reports, and report any unauthorized activity immediately.

Used with permission from Article Aggregator

Microsoft Patch Tuesday

Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.

Microsoft Outlook Vulnerability

The Outlook bug, CVE-2023-23397, affects all versions of Microsoft Outlook from 2013 to the most recent one.

Microsoft said that threat actors are taking advantage of this bug. It starts working automatically when a malicious email goes to an email server, even before it appears in the Preview Pane.

CVE-2023-23397 is an NTLM relay exploit that enables an attacker to gain a user’s Windows account password and use it in a “Pass The Hash” attack.
The flaw makes it possible for a threat actor to pose as a trustworthy person. This is the same as an attacker having a valid password and getting into an organization’s systems.

Windows SmartScreen Vulnerability

The second exploited flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows
SmartScreen. The flaw can let malicious code run without SmartScreen checks.
CVE-2023-24880 lets threat actors create files that get around Mark of the Web (MOTW)
defenses. By bypassing the MOTW, hackers can spread malware through documents and other infected files that SmartScreen normally blocks.

Microsoft also fixed seven other security flaws this week with a “critical” rating. The rating
means that a threat actor could take complete remote control of a Windows host without the user having to do much.

Action Plan for Business Owners

Windows is a staple in many businesses. Owners should take the following precautions to protect their clients and make sure their systems are safe:

  • Install security updates quickly. Once there’s a new patch, you should update your
    software to stop exploitation.
  • Establish a regular update schedule. Check for and apply updates for your operating
    system, apps, and security programs on a regular basis.
  • Get people to use strong passwords. Encourage employees to use strong, unique
    passwords and consider using a password manager.
  • Enable multi-factor authentication. This provides an added layer of security.
  • Train your workers about security. Teach your employees best practices, like spotting suspicious emails and what to do when a cyberattack happens.
  • Always have a backup plan. Back up your data regularly and keep it in several places for quick recovery.
  • Monitor network activity. Use tools for network monitoring to find strange behavior and possible threats.
  • Develop an incident response plan. Plan for handling cybersecurity issues, including ways to deal with threats.
  • Review policies on security. Regularly review and update security policies to adapt to new threats and technology.

Final Word

Organizations need to be always aware of cyber dangers. By regularly reviewing and updating security rules, you can keep your digital environment safe from threats.

Used with permission from Article Aggregator

Everything to Know About Essendant’s Multi-Day Outage

Essendant, a Staples-owned wholesale distributor of office supplies and stationery, paused its operations recently because of a multi-day, network-wide outage. The system disruption has prevented customers from placing orders online or contacting the company’s customer care unit.

While Essendant has yet to disclose the reason behind the outage, many think someone had hacked into the company’s system. Customers are expressing their frustration over the company’s lack of transparency.

Essendant’s Outage Is Preventing Fulfillment of Orders

The network-wide outage started on the night of March 6, 2023. Essendant then began notifying customers about it the following day. Because of the disruption, the company can’t accommodate new online orders or fulfill existing ones. Aside from customers and suppliers, the incident also affects freight carriers. The company has told them to postpone pickups for now.

Essendant carries more than 160,000 items and caters to around 30,000 resellers. The disruption has a significant impact on its supply chain.

What Is Essendant Doing to Address the Issue?

Since March 20, 2023, Essendant has taken significant steps to recover its operations.
The company has restored at least a hundred systems and performed end-to-end testing. It is currently in the pilot stages of its pick, pack, and ship efforts.

Here’s what customers can expect from Essendant at this point of its recovery:

Empower users now have new login credentials and can place orders through the

Aside from Empower, customers can access other Solution Central applications. That
includes List Assistant, ICAPS, Essendant Marketing Studio, and Market Xpert.

Essendant’s customer care team is only accessible through email. Request volumes are high, and turnaround time will be longer.

There will be longer shipment times because of higher order volumes.

The Bottom Line

The Essendant outage highlights the importance of data backups. Losing large amounts of
information, whether employee, customer, or systems data, can cripple a business. But with a data backup strategy, you have a duplicate of your systems and can recover faster.

Secondly, it’s a reminder for business owners to have a contingency plan. If your supplier can’t deliver for whatever reason, having a backup plan will save your business.

Used with permission from Article Aggregator

Schedule a Call