Cyber World

  More than ever, organizations must balance a rapidly evolving cyber threat landscape against the need to fulfill business requirements. To help these organizations manage their cybersecurity risk, NIST convened stakeholders to develop a  Cybersecurity Framework  that addresses threats and supports business. While the primary stakeholders of the Framework are U.S. private-sector owners and operators of critical infrastructure, its user base has grown to include communities and organizations across the globe. Credit: Natasha Hanacek/NIST

  In the current threat landscape, businesses across every sector are affected by cybersecurity risks. However, the financial sector has been taking the brunt of it. What’s going on? The New Zealand  stock market  was hit by a major cyberattack, knocking off its websites offline. This was the fifth attack in a series of DDoS attacks against NZX Ltd. The attacks resulted in the discontinuation of trading in its cash markets and interrupting operations in its debt and derivatives markets. What does this imply? Damage to reputation concerted with downtime could cost targeted organizations a loss of revenue in millions. Financial data is one of the most important popular purchases on the dark web. Often, businesses have to close compromised accounts and refund fraudulent transactions as it is difficult to find where the pilfered information originated from. Other recent attacks Apart from NZX, some other financial service providers were also recently  attacked  by t...

  According to researchers at cybersecurity firm Quick Heal, attackers are still using COVID-19 as bait to drop malicious payloads to consumer devices, usually in the form of phishing emails that contain infected attachments. More than 143 million  malware  targeted consumer smart-devices in the second quarter of 2020, mainly in the form of coronavirus-themed attacks, a new report said on Tuesday. Among the top scams that were reported during the April-June period were free Netflix subscriptions and fraud PM CARE Fund apps. The month of June clocked the highest detections of Windows malware with 1.5 million daily detections due to the opening up of businesses under the unlock phase. According to researchers at  cybersecurity  firm  Quick Heal , attackers are still using COVID-19 as bait to drop malicious payloads to consumer devices, usually in the form of  phishing  emails that contain infected attachments. "In the same category, ' Trickbot ' pro...

File hosting / cloud storage services today are a dime a dozen. Players in this vertical constantly top each other with free storage offerings, business features, and custom plans, all designed to cater to every possible audience. But they all have one thing in common: the cloud. Cloud storage is somewhat of a double-edged sword: it’s a convenient way to keep your entire fleet of devices in sync, but it can also spell disaster if someone finds the keys to your vault. Remember the celebrity nudes leak a few years ago? Yeah. You don’t want that ‘ fappening ’ to you. So it’s a good idea to remind ourselves that cloud storage services like iCloud, Dropbox and Google Drive are not impenetrable. Your vendor can only do so much to protect you. ‘The Fappening’ was mostly the result of those celebrities falling victim to phishing emails. So it’s important to enable extra safeguards to avoid falling victim to scams that steal your password. In this guide, we’ll look at five practices to secure y...

  Twitter account used to spread cryptocurrency scam Hackers deny that they have hacked Paytm Mall, India’s leading online shopping app A Twitter account posting tweets on behalf of the Indian Prime Minister’s personal website and mobile app has been hijacked by hackers, who abused it in an attempt to scam 2.5 million followers. The @narendramodi_in account, linked to Indian Prime Minister Narendra Modi‘s website, was commandeered by hackers who posted bogus messages asking followers to make cryptocurrency donations to a supposed national Covid-19 relief fund.  if you believe that sending cryptocurrency to the wallet address quoted in the now-deleted tweet will ever end up helping people affected by the pandemic. In a separate tweet posted by the hackers, they claim that they are a hacking group known as “John Wick” and deny  claims  that they were responsible for an alleged hack at Paytm Mall, India’s leading online shopping app. For its part, Paytm Mall denies it h...

  An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495. Researchers are warning of a critical remote code-execution (RCE) flaw in the Windows version of Cisco Jabber, the networking company’s video-conferencing and instant-messaging application. Attackers can exploit the flaw merely by sending targets specially crafted messages – no user interaction required. The flaw ( CVE-2020-3495 ) has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory. Researchers with Watchcom, who discovered the flaw, said that with remote workforces surging during the  coronavirus pandemic , the implications of the vulnerability are especially serious. “Given their newfound prevalence in organizations of all sizes, these applications are becoming an increasingly attractive target for attackers,” Watchcom researchers said in an  analysis on Wednesday . “A lot of sensitive information is shared through video calls or ins...

  Amid the Coronavirus scare, employees everywhere are packing their laptops and working remotely. Different organizations have different remote-working policies. While some mandate strict security protocols, others are more permissive, and even careless in some regards. Employees must nonetheless be cautious when connecting to the company infrastructure from home, protecting not only their employers, but also themselves from cyber malice. Today, we outline five golden rules every employee should abide by when working from the confines of their home. Prep your PC In most cases, remote workers can’t renew their access data from outside the company’s infrastructure. Before taking your company-issued laptop home, change your password. If your operating system has been nagging you to renew your login credentials, be sure to do so while you’re still at the office and avoid being locked out of the infrastructure while working remotely. Also, check if your organization’s VPN is installed ...

  The instant-messaging site WhatsApp has announced that it has fixed six previously undisclosed vulnerabilities after they were revealed on a security advisory news website. This site will continue to update a comprehensive list of WhatsApp security updates and associated Common Vulnerabilities and Exposures (CVE). It is believed WhatsApp remediated the majority of the flaws on the same day with one taking more time. Thankfully for WhatsApp users, there were no signs of cybercriminals using the vulnerabilities for nefarious means.

  Hackers often use every cloaking and obfuscation technique under the sun to host fraudulent and potentially malicious apps on the Google Play Store in an attempt to steal from users or generate illicit revenue. The latest discovery of infected applications on Google Play Store shows the store's struggle to prevent malicious activities on its platform. Latest discoveries Researchers with Pradeo found  six apps infected  with a malicious trojan named Joker malware (a.k.a. Bread). The claimed functionalities of the infected apps ranged from text messaging to emoji wallpaper. Together, the apps accounted for nearly 200,000 installs. During the initial upload to Google Play Store, the apps function as a genuine app. After being published in the store, the embedded Joker malware conducts billing fraud by either sending SMS texts to premium rate numbers or exploiting the compromised account to make multiple transactions using WAP billing. The malicious apps are Convenient Scan...

  With the increased volume of online shopping, it's important that consumers understand the potential security risks and know how to protect themselves and their information. Tips to Help You Stay Secure Make sure your computer has appropriate security controls (firewalls, anti-virus and anti-spyware software, and the latest security updates). Limit your online shopping to merchants you trust. Beware of pop-up windows and sudden emails. Pay by credit or charge card. Keep a paper trail. Don't email your financial information. Look for the "lock" icon on the browser's status bar and be sure "https" appears in the website's address bar before making an online purchase. Use strong passwords. Never use the same passwords for online shopping websites that you use for logging on to your home or work computer. Do not share your login information with anyone, ever. Rakibul Alam Network Analyst-IT at   Chevron

  Cyber-criminals often use current news, sensational topics, and promises of shocking photos and video to get you to click on malicious links. Don't fall for it! Stop and think before you click. 1. Clicking Without Thinking Is Reckless 2. Use Two-Factor Authentication 3. Look Out for Phishing Scams 4. Keep Track of Your Digital Footprint 5. Keep Up With Updates 6. Connect Securely 7. Secure Your Mobile Device 8. Beware of Social Engineering 9. Back-Up Your Data 10. You’re Not Immune Rakibul Alam Network Analyst-IT at   Chevron

  After you have installed an anti-virus and/or anti-spyware package, you should scan your entire computer periodically. If your anti-virus package has the ability to automatically scan specific files or directories and prompt you at set intervals to perform complete scans, enable this feature. How to Protect My Computer? Don't click on pop-up ads that advertise anti-virus or anti-spyware programs. Use and regularly update firewalls, anti-virus programs, and anti-spyware programs. Properly configure and patch operating systems, browsers, and other software programs. Turn off ActiveX and Scripting, or prompt for their use. For more information: U.S.-CERT Security Tip: " Recognizing and Avoiding Spyware " U.S.-CERT Publication: " Recovering from a Trojan Horse or Virus " Rakibul Alam Network Analyst-IT at   Chevron

  Cyber ethics" refers to the code of responsible behavior on the Internet. Just as we are taught to act responsibly in everyday life with lessons such as "Don't take what doesn't belong to you" and "Do not harm others," we must act responsibly in the cyber world as well. The basic rule is  "Do not do something in cyberspace that you would consider wrong or illegal in everyday life." Considerations When Determining Responsible Behavior Do not use rude or offensive language. Do not cyberbully. Do not plagiarize. Do not break into someone else's computer. Do not use someone else's password. Do not attempt to infect or in any way try to make someone else's computer unusable. Adhere to copyright restrictions when downloading material from the Internet, including software, games, movies, or music. Rakibul Alam Network Analyst-IT at   Chevron