image
Patrick Domingues

Category Archives: Cybersecurity


New Windows malware strain creeps quietly past your antivirus

Security researchers have discovered a new malware campaign that uses code signing certificates and other techniques to avoid detection by antivirus software. A recent blog post from Elastic Security, the cybersecurity firm, reveals that its researchers discovered a cluster of malicious activity after reviewing its threat prevention telemetry.

Cybercriminals are getting smarter. They have figured out how to use valid digital certificates to sign their malware, so security programs won’t find them. However, this new campaign from Blister is different. The cybercriminals have created a new kind of loader for the malware. It has been named Blister by researchers because it burns like a blister on the skin, but you will never see it until it is too late.

With the help of valid code signing certificates and other counter-detection measures, these cybercriminals have been running this campaign for the past few months.

Blister malware

Cybercriminals have been using a … Read the rest

Security Awareness

Can Someone Spy On You Through Your Webcam or Phone Camera?

Are hackers spying on you through your computer camera and phone camera? Yes, it is true. Your webcam or phone camera can be hacked, which means that the hacker can monitor you and potentially steal your personal information. However, there are ways to prevent or identify the hacking of your webcam and phone camera.

What would a hacker do with a device’s camera?

If you see a camera icon at random, when you know none of your trusted apps are running, your device may be hacked. The good news is that modern devices use a light to indicate whenever the camera has been activated. If you see this light even though you know no app is running, it might be time to back up your data and wipe your device clean.

If a hacker infiltrates your device, they’re probably looking for something specific. But usually they’re after big data, rather … Read the rest

Security Awareness

4 Steps to Take If Your Social Security Number Has Been Stolen

Whether your personal information has been subjected to by hacking or you’ve been a victim of identity theft, before you panic, there are steps you can take to minimize the damage.

Security breaches at large corporations are common. In fact, according to the National Cyber Security Alliance, over 143 million Americans have had their information stolen in recent years. Many of these individuals have had their Social Security numbers stolen, which has led to identity theft. These are just a few examples of the many large-scale security breaches that have occurred in recent years.

If your Social Security number were stolen, it could be taken from documents in your mailbox or trash can, or by someone fraudulently posing as a representative of a trusted institution. If you think that your Social Security number has been stolen, here are three things you can do to protect yourself:

 

  1. If you believe your

Read the rest
Security Awareness

An ideal tactic for security training engagement

In this article, we’ll explore the two main approaches to employee engagement: the carrot and the stick. We’ll look at what motivates employees to engage in security awareness training, and how each strategy can positively impact a company’s security program.
 
When businesses get punished for bad security practices, they often try to avoid the punishment in the future. However, punishing a business for bad security is not the best long-term strategy. This is according to the panelists who spoke at CyberRisk Alliance’s InfoSec World conference. They said that when businesses are punished for security breaches, they often try their best not to get caught again. But in the long run, this can actually harm consumers and businesses alike.
 
But, the panelists suggested, companies should not focus on scaring people into thinking that their information will be stolen. Instead, these companies should instill good cyber habits by providing positive reinforcement and
Read the rest
Security Awareness

Windows Zero-Day Allows Privileged File Access

A Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, but there is a way to protect yourself. A micropatch has been rolled out as a stop-gap measure.
 
 
Security researcher Abdelhamid Naceri reported a bug in Microsoft’s Autopilot software last October. Microsoft patched it in April, but it has not yet been released. Naceri recently discovered that CVE-2021-24084 could also be exploited for local privilege escalation. He demonstrates that users can copy files from a chosen location into a Cabinet (.CAB) archive, which they can then open and read.
 
 
The process of exploiting the bug is very similar to the LPE exploitation techniques used in a vulnerability in Windows 10, CVE-2021-36934. This bug affects the Security Accounts Manager (SAM) database, which houses user account credentials and network domain information.
 

Windows 10 Bug Exploitation Details

Read the rest
Vulnerabilities

Stripchat Breach Exposed 200m User Records

Stripchat founded in 2016 is an adult site for live nude cam shows has had its 200m user database exposed online. This data exposure puts both models and users at risk of extortion, violence, and other risks. 

The database was found on Nov. 5 by a security researcher. It contained about 200 million records from Stripchat, including 65 million user records with email addresses, IP addresses, the amount in tips they gave to models, when they created their accounts and when they last logged in. Another database discovered which had a lot of information about models. This data included their usernames, gender, studio IDs, tip menus and prices, whether they were online or not, and a number that reflects how much money they earned during private shows. We don’t know if anyone evil saw this information before they secured it.

 

Stripchat Data Exposure Threat

“The exposure could pose a significant

Read the rest
Data Breach

Why HIPAA Compliance Matters In Telehealth

While the world has dealt with the far reaching effects of COVID-19, the healthcare industry has had to deal with many unique challenges. The procedure to protect both patients and staff from possible exposure to virus’s is a tricky process, especially when in some locations hospitals have also been dealing with patient surges. Keeping up with scheduled visits and procedures is a challenge, and keeping patients and staff aware of what is going on around them is a challenge as well.

 

Telehealth Grew Exponentially Due To COVID

The Centers for Disease Control and Prevention (CDC) has created a specific condition in which many physicians’ offices are finding themselves doing routine patient visits virtually. While the concept of telehealth appointments has been around for years, telemedicine has only recently become the new norm for many people. During the recent pandemic, the number of Medicare beneficiaries using telehealth services increased by 11,700%. … Read the rest

Security Policies and Compliance

Google Banned 150 Android Apps And They Need To Be Removed From Your Phone

It’s a rough world out there. You must be wary of threats — even if it’s as simple as an email or text message. We can’t go a week without a new threat popping up, and the latest crucial warning concerns 150+ fake Android apps on the Google Play Store that can steal your information.

Security software company Avast has been reporting on a scam campaign that has been going on for more than a year. The scam is called UltimaSMS, and it involves hundreds of fake apps that are disguised as popular ones, such as photo editors and camera filters. What they actually do is get victims to sign up for expensive SMS services and charge their accounts. It’s all about getting consumers to give their consent and payment information.

 

A list of the apps removed from the Google Play store

If you are wondering which apps are the … Read the rest

Security Awareness

How Can Businesses Prevent Common Wireless Network Attacks?

If you’re a business owner, how do you keep your wireless network secure from today’s most common online threats? While it may be difficult to prevent hackers from creating fake WiFi hotspots, there are steps you can take to protect your business.

Isolate the Guest Network

If your business WiFi is not isolated from your guest WiFi, it could be used to gain access to business data and place your POS at risk of compromise. Use a router that offers multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless network could be compromised by an attacker who is already on the guest WiFi.
 

Encrypt WiFi Traffic with WPA2 or WPA3

If you have a router that is not WPA2 compliant, it is time for an upgrade.
Read the rest
Security Awareness

Hashthemes Demo Importer WordPress Plugin Vulnerability

The Hashthemes Demo Importer and is found in more than 8,000 blogs, according to researchers at Wordfence. It’s a high-severity security flaw. This WordPress plugin is designed to import demo content from HashThemes.com. However, it’s possible for subscribers to use the demo importer as a tool to wipe out content on any WordPress site.

The HashThemes Demo Importer plugin allows you to easily import demos for WordPress themes with a single click. It also has no dependencies such as XML files, .json theme options, .dat customizer files or .wie widget files.
 
 
A security researcher named Ram Gall from Wordfence said that he reported the bug to the developer of the plug-in on Aug. 25. However, the developer did not respond for nearly a month. So, he got in touch with the WordPress team Sept. 20.
 

WordPress Yanks Plugin, Puts Out Fix

 
On the same day, the WordPress team removed the
Read the rest
Vulnerabilities

Available On Amazon

Polls

What Content Do You Want To See?

View Results

Loading ... Loading ...

Categories

Archives

Subscribe Today

Want to know when new posts are published? Enter your email & click on that subscribe button.