Apple users to update immediately. Apple Zero-Click Exploit
The Citizen Lab has discovered a zero-click zero-day flaw in all Apple products. The new zero-day flaw is called ForcedEntry, and it affects iPhones, iPads, Macs, Apple Watches, and even AirPods. Citizen Lab urges all Apple users to update their devices immediately.
Apple released a Security update on Monday. The iOS 14.8 for iPhones and iPads includes patches for vulnerabilities, which may have been exploited by hackers. Also included are Apple Watch and macOS updates.
Citizen Lab, a digital watchdog, discovered a new kind of spyware that is used to illegally monitor activists’ iPhone communications. It’s allegedly been used by the NSO Group to target the communications of people in Bahrain. The researchers called this new zero-click attack ForcedEntry. Citizen Lab said it had identified nine Bahraini activists whose iPhones had been targeted with Pegasus spyware between June of 2020 and February of 2021. These phones suffered zero-click attacks that … Read the rest
Ensure Your Cybersecurity While You Travel With NordVPN
Cyber security is no longer just about protecting your computer, website or network. Over the last decade, the borders between cyberspace and travelling have been eliminated. As a result, it’s become a necessity to make sure you’re protected wherever you go – especially if you’re travelling abroad
Free WiFi is a hacker’s dream! A skilled hacker can get all the information from your computer or device by intercepting your connection, since you wrongly assumed it was free. This is why it is important to use a VPN while traveling.
What is a VPN?
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used in corporate environments.
NordVPN is
Microsoft Office 0-day Vulnerability
On Tuesday, Microsoft revealed an alarming vulnerability in Internet Explorer, a bug that is being used to harm Windows users. The attack is enabled by a weaponized Office file and works like this: A victim receives an email with a link to a Word document inside. It is very important that you do not click on the link; instead, you should open the document directly.
The critical vulnerability has been found in Microsoft’s proprietary web rendering engine. The flaw, tracked as CVE-2021-40444, allows attackers to remotely execute code on a vulnerable system. The engine is used to render web content inside Word, Excel, and PowerPoint documents.
… Read the restThey have said. “Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,”.
They also added: “An attacker could
CISA & FBI Releases Ransomware Awareness for Holidays and Weekends
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned of a rise in holiday and weekend related ransomware attacks. The reason: They can catch businesses by surprise and cause major damage. holiday ransomware awareness report.
The report stated: “The FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday. However, the FBI and CISA are sharing the below information to provide awareness to be especially diligent in your network defense practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyberattacks over holidays and weekends during the past few months,”
WhatsApp Photo Filter Security Flaw
Users should be careful about the pictures they view on WhatsApp. If a user receives a picture from a malicious third party, the picture could be edited in such a way that the app could read sensitive data from the memory of the app. In addition, users should update their apps to get the latest security fixes.
WhatsAppAccording to security research firm Check Point, a vulnerability has been found in WhatsApp. The issue causes the app to crash when a user receives certain images. These images are crafted to take advantage of visual effects such as color changes, saturation adjustments, and other alterations.
The bug (CVE-2020-1910) carries a severity rating of 7.8 out of 10. It’s due to a memory corruption error, the firm said – and more specifically, an out-of-bounds read-and-write issue. Typically, this kind of bug can allow attackers to read sensitive information from other … Read the rest
Understanding Hacker Motives
Not all cases are clear-cut. Even when you know how something happened, there’s usually more than one way to interpret the events. Cyber crime is a good example. Investigators often spend a lot of time trying to understand why the crime occurred in the first place. They ask questions like “why did the perpetrator do it?” And “what was their motive?” Even when you can’t answer these questions, trying to understand the why is still useful.
Personal Identifiable Information
Known simply as PII, this data includes a long list of items that can specifically identify an individual, such as full names, home addresses, and national ID numbers (to name just
The Tiers of HIPAA violations
If you violate HIPAA, you will be fined. The penalty fee is determined by how serious the violation is. However, most cases are solved with a technical guidance from the OCR or agreeing to change your policy and procedures to prevent future violations. Financial penalties for HIPAA violations are reserved for the most serious violations of HIPAA Rules.
What Happens if you Violate HIPAA? – HIPAA Violation Classifications
What happens if you break HIPAA? Well, that depends. The Office for Civil Rights prefers to resolve violations using non-punitive measures, such as with voluntary compliance or issuing technical guidance to help covered entities address areas of non-compliance. But more serious violations may result in corrective action, such as termination of your business or even criminal charges.
The four categories used for the penalty structure are as follows:
- Tier 1: A violation that the covered entity was unaware of and could not
Keep Your Home Office Safe And Secure
I am sure we can all say that working from home is great but it poses a whole new set of cyber security challenges and without the convenience of in-house technical support, it can be a problem it’s not like a corporate tech will just go to your house. Here are a few cyber security housekeeping steps to consider to ensure your new office is safe and secure.
Many vendors provide you with a router or if you purchase them in the store make sure to follow these 5 steps.
Log in to your router to access its settings, if you’re unsure how to log in, look at your routers make and model and then you can use that to search the internet for articles or YouTube for videos.
Change the SSID (Service Set Identifier). The SSID is the name of your wireless network. Use WPA instead of WEP Wifi
How To Downgrade Or Update Unifi UAP Firmware
If you are having problems your Unifi wireless access points it could be do to a bug in the firmware. In this tutorial you will be shown how to downgrade or update the Unifi UAP firmware.
How to Downgrade or update firmware.
- Log into your Unifi Controller.
- Make sure that Auto Update is disabled
- Settings > Site > Services , uncheck Automatically Upgrade Device Firmware.
- Also check scheduled upgrades. Settings > Services > Scheduled Upgrades and remove them.
- On the left hand side menu Click on Unifi Device Icon
- Click on the the wireless access point you would like to start with so the side menu expands to display a GUI like below.
- Click on the gear\config icon
- Scroll down to the bottom and expand MANAGE DEVICE
- In the Custom upgrade section use the copy/paste the firmware version you would like to use, for example: https://dl.ui.com/unifi/firmware/U7PG2/4.3.20.11298/BZ.qca956x.v4.3.20.11298.200704.1347.bin
Note: if you
FBI says that hackers are hijacking online food and agriculture accounts
The FBI has a warning for companies in the food and agriculture industries: Hackers are using the tactic known as credential stuffing to hijack your online accounts and drain your cash. The FBI’s Cyber Division recently sent a Private Industry Notification to businesses in these sectors, warning them that hackers have been targeting accounts at grocery stores, restaurants, and food-delivery services.
In the agency’s report, it said that cybercriminals are using stolen passwords at one company to log into another company’s account. They do this hoping that customers had used the same password for both accounts. Cybercriminals usually use automated tools and proxy botnets to attack multiple companies, including grocery and food delivery services.
The FBI warned that companies can be unaware of account compromises until customers complain that their accounts have been compromised. For example, a customer might notice suspicious activities on their accounts such as food orders for … Read the rest