Businesses are instituting widespread remote work policies and procedures to facilitate social distancing and “flatten the curve.” Enterprises simultaneously need to be mindful of increased data privacy and security risks. The risks can range from pandemic-related phishing emails to increased pressure on network architecture to well-intentioned employee shortcuts. Hackers will try to take advantage of … Continue Reading
As this recent article illustrates, many ransomware operators are now collecting information from victims before encrypting their data, and then threatening to release what they’ve collected – or actually releasing some of it – to increase the chance they’ll get paid. There have been many cases already where at least a portion of data has … Continue Reading
According to Crowdstrike’s most recent Global Threat Report, in 2019 they observed that malware-free attacks – attacks where malicious files are not written to disk – outpaced malware attacks by 51% to 49%. In Malware-free attacks, the attackers leverage Tactics, Techniques and Procedures (TTPs) that are less likely to be detected by traditional anti-malware solutions. … Continue Reading
Until recently, hackers have had limited success stealing Two-Factor Authentication (2FA) PIN and token information. Unfortunately, a tool has been released that will now make it much easier for practically any bad actor to bypass many implementations of 2FA: https://www.zdnet.com/article/new-tool-automates-phishing-attacks-that-bypass-2fa/ This does not mean we should stop using Two-Factor Authentication (2FA). We should still use … Continue Reading