Category Archives: Security Awareness
Polkit vulnerability provides local privilege escalation bypass
Many of the Linux distros are vulnerable to the Polkit exploit. This vulnerability provides a local privilege escalation bypass. A hacker can easily obtain root access with this vulnerability.
The vulnerability was recently discovered by GitHub Security Lab security researcher Kevin Backhouse. The vulnerability CVE-2021-3560 was publicly disclosed, and a fix was released on June 3, 2021. Make sure to update your Linux servers if you haven’t done so already.
A few of the vulnerable distros shared by Backhouse includes distros such as RHEL 8, Fedora 21 (or later), Ubuntu 20.04 and Debian.
“When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process,” Red Hat’s security advisory explains.
The few commands which allow this exploit to work is nothing complex.
This vulnerability … Read the rest
Fraud Awareness: What Does Fraud Look Like?
Fraud happens every day and you and your employees may not even know that you have been defrauded out of your information or money. Cyber Fraud is real and you must be vigilant.
Identifying when someone is trying to defraud you or your organization is a vital part of the day-to-day responsibilities of your employees. Here are a few red flags that might indicate a fraud attempt:
Large orders:
- When a fraudster uses stolen payment methods, they will attempt to maximize spending in a single transaction before the victim realizes their information has been stolen.
Multiple transactions in a short period of time:
- This could be a sign that someone gained unauthorized access to a customer’s account or that someone is attempting to max out a stolen credit card.
Fast shipping:
- Most consumers choose affordable shipping options. Beware of overnight or priority shipments, especially those that involve high-priced orders.
Unusual
… Read the rest
Staying Safe In The Cloud
I’m sure by now your company has you working with some cloud applications like Microsoft 365, Google Docs, Dropbox and Salesforce just to name a few. You need to be vigilant because hackers can use tactics to trick you into fake landing portals.
Did you know that Nearly 80% of organizations have experienced a cloud security hack in the past 18 months? Did you know $4.41 million is the average cost for an organization when its cloud services are hacked? Also, cloud-based cyberattacks rose 630% in a recent 3-month period. Obviously cybercrime is on the rise and hackers find creative ways into tricking you.
There is no such thing as a completely safe cloud provider and the way you go about using the cloud can have a significant impact for your organization. In these four scenarios, we will explore the security risks and tips associated with each.
… Read the rest
Scenario 1
Your
Have You Heard Of Text Message Scams Called Smishing?
Have you ever received unsolicited mobile text messages with an unfamiliar or strange web link? Well this is a trick to target recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.
Fewer people are aware of the dangers of clicking links in text messages and they happen to be more trusting of text messages, so smishing is often a lucrative endeavor for obtaining credentials, banking information and private data.
Smishing is a form of phishing that involves text messaging. Victims will typically receive a deceptive text message that is intended to lure you into providing your personal or financial information. These scammers often attempt to disguise themselves as a government agency, bank, or other high ranking companies.
These criminals are looking to obtain your personally identifiable information (PII) such as: account usernames and passwords, Social Security number, date of birth, credit … Read the rest
Why Cybersecurity Matters For Your Small Business
Cybersecurity is a crucial element for continued success in any industry. What I am sharing with you today are reasons why cybersecurity matters for your small business.
To succeed in today’s technical ecosystem cybersecurity must be part of your small to medium-sized business operations. So the same way that you’d never leave your store or office unlocked and vulnerable to street crime, you should never leave any aspect of your business network unprotected without security. Myself and many other managed service providers can provide a fully up-to-date understanding of cybersecurity — how to help you mitigate the risks and build cyber-resilience.
Why Cybersecurity Matters
Hackers and cybercriminals are getting more sophisticated each year, devising new, creative ways to fool people into handing over money or data. In some instances, they can target your systems without interacting with anyone at the company. There are many cyber security professionals but what really … Read the rest
What Your Out Of Office Message Tells Hackers
It’s time for a vacation or your going on a business trip and your super excited, naturally our out of office message may reveal some of this excitement to hackers. People don’t naturally think about how cybercriminals would benefit from the details of your Out Of Office Message (OOO). But this attack vector is a great social engineering opportunity.
What Can Hackers Learn From Your OOO Message?
If the company is being targeted an OOO message will raise a flag for the cyber criminal to take action to learn more about you. Many employees share information on social media publicly which can give them a painted picture to what you are doing. Many people would provide overly detailed leave notification in email signatures or add details about their time off in their OOO responses, even when they plan to return to work or the details of the conference they are … Read the rest
Let’s plant some trees with Ecosia
Ecosia is all about planting trees. 15 million users have planted over 120 million trees, for free. Just by searching the web. Ecosia donates all of its charitable contributions to tree planting charities that work to plant trees in South America, Africa and Indonesia, where the cost of planting trees is lower.
Ecosia knows each tree can remove around 50 kg of carbon dioxide from the atmosphere over a 15 year period, this equates to around 5 million metric tones of CO2 removed from the atmosphere. Since 2020 Ecosia has removed around 0.01% of the CO2 in the atmosphere.
Ecosia donates 80% of their profits to tree-planting charities – nice and simple! It is worth noting that this is far in excess of the 50% donation percentage offered by most other charities. It is important to note that the tree-planting projects that Ecosia supports will help to give paid work … Read the rest
Purple Fox Malware Evolves With Worm Capabilities
The Windows malware called Purple Fox Evolves with worm capabilities. Purple Fox in the past the malware targeted Windows machines through a various attack methods like phishing and exploits before the software was evolved.
Guardicore Labs revealed that Purple Fox can now breach windows machines through SMB Brute-Force attacks. The Purple Fox malware would compromise various IIS7.5 servers to push rootkit’s which would then allow Purple Fox to hide itself within the Windows machine.
Once the payload is deployed, an MSI installed launches.
… Read the rest“The installer pretends to be a Windows Update package along with Chinese text which roughly translates to ‘Windows Update’ and random letters,” which Guardicore Labs explained. “These letters are randomly generated between each different MSI installer to create a different hash and make it a bit difficult to tie between different versions of the same MSI.”
“This is a ‘cheap’ and simple way of evading various detection
Has your computer been hijacked with cryptojacking?
There are so many ways that hackers can use your computer to make themselves money and cryptojacking is one of them. Worst part about it is if you don’t have proper security in place you wont even know that your infected.
What is Cryptojacking?
Well the term cryptojacking refers to the unauthorized use of someone’s computer for mining cryptocurrency, for example bitcoin. Cryptojacking is a big deal because the hackers are stealing your computing power and making your systems slower. All the computing power they are using up will have a tangible effect in your power consumption and could cost you double in your power bill.
How does Cryptojacking work?
There are a few methods that you can be infected with Cryptojacking.
- Hackers can send you an email and trick you into clicking the link that loads the malicious software on your computer.
- Hackers can compromise a website or an
Importance of Cyber Security in the Workplace
Organizations need to elevate their security posture at the workplace and put in place a cyber security policy to better protect their data and their client’s data. Most company’s these days have a database containing confidential information such as:
- Private financial data of company assets.
- Personal details of customers, executives, employees, vendors and partners of the firm.
- Unfinished or ongoing projects, new software developments and patents of primal importance that are exclusive to the company.
- Confidential information about existing or potential clients of the company.
Cyber Security is absolutely a requirement these days and should no longer be over looked. All company’s should at least follow simple cyber security practices and employees should be aware of cyber security threats by providing them cyber security awareness training.
It is best to have a workplace security policy in place because your aren’t just protecting your employees’ but also the personal credentials … Read the rest
Loading ...