Expert(s):
Cybersecurity Specialistfeature_status*/ ?>
ESET

Comments Dotted : 278
January 22, 2021

Cyber Expert On Malware Found On Laptops Provided By Government For Home-schooling
Gamarue.1 is an old virus from quite a few years ago.

It is particularly worrying that some laptops being prepared to hand out to students contain a virus, as one would have thought a proper scan would have highlighted this concern at an earlier stage. However, it is not uncommon to have remnants of computer viruses on second hand machines – which therefore further emphasizes the importance of a thorough scan for malicious software before the initial use.

 

Any good anti malware product would have detected this worm, highlighting how vital it is

.....Read More

It is particularly worrying that some laptops being prepared to hand out to students contain a virus, as one would have thought a proper scan would have highlighted this concern at an earlier stage. However, it is not uncommon to have remnants of computer viruses on second hand machines – which therefore further emphasizes the importance of a thorough scan for malicious software before the initial use.

 

Any good anti malware product would have detected this worm, highlighting how vital it is to have good internet security on all laptops. Gamarue.1 is an old virus from quite a few years ago, but it still has the potential to be dangerous by disabling some functions or hijacking certain permissions to harvest personal information on the device, including passwords. If left untouched, it could also copy itself onto USBs or other connected devices.

  Read Less
January 21, 2021

Major Security Flaws Found In Signal And other Video Chat Apps
Signal is open source which makes it easier to patch and keeps costs down.

Google’s Project Zero research team do a magnanimous job in keeping possible threats from hitting our phones. Vulnerabilities that can occur without even requesting that the victim touch their device have the capability of causing havoc around the world, so it is vital that teams such as this continue to test and patch any zero-day threats they uncover. These threats are usually patched very quickly. Plus, Signal is open source which makes it easier to patch and keeps costs down.

 

In recent

.....Read More

Google’s Project Zero research team do a magnanimous job in keeping possible threats from hitting our phones. Vulnerabilities that can occur without even requesting that the victim touch their device have the capability of causing havoc around the world, so it is vital that teams such as this continue to test and patch any zero-day threats they uncover. These threats are usually patched very quickly. Plus, Signal is open source which makes it easier to patch and keeps costs down.

 

In recent years we have seen problems arise from similar zero-click threats such as the infamous Pegasus spyware, but luckily for us this spyware and the threats uncovered by the Project Zero team have all since been patched, so make sure you always keep all your apps’ and your device’s operating system up to date.

  Read Less
January 20, 2021

Experts Reaction On New Chrome Update To Boost Password Security
Passwords are in desperate need of an overhaul.

Password security remains a huge challenge for organisations around the world and a massive threat to individuals too. One of the biggest challenges facing new users with a password manager is the thought of it taking them too long or being difficult to set up. One trap people still fall into is using the same or a variation of the same password across their online accounts which brings all sorts of problem. Passwords are in desperate need of an overhaul therefore this new move by Google may be

.....Read More

Password security remains a huge challenge for organisations around the world and a massive threat to individuals too. One of the biggest challenges facing new users with a password manager is the thought of it taking them too long or being difficult to set up. One trap people still fall into is using the same or a variation of the same password across their online accounts which brings all sorts of problem. Passwords are in desperate need of an overhaul therefore this new move by Google may be the first step in making things easier for people in using unique, strong passwords.

  Read Less
January 19, 2021

Experts Insight On Hackers Exploiting The Windows Finger Feature
Recruiters may want to request CVs are attached as PDFs as they are not required to be edited.

Phishing emails can often be quite easy to spot, but when CVs are attached to emails and sent to HR departments seemingly innocently, the chance of an exploit is heightened. Locating malware in macros in Word documents is nothing new, but this malware is particularly damaging as it can be deployed by just enabling the editing function.

 

Recruiters may want to request CVs are attached as PDFs as they are not required to be edited. Furthermore, it would be a good idea for administrators to block

.....Read More

Phishing emails can often be quite easy to spot, but when CVs are attached to emails and sent to HR departments seemingly innocently, the chance of an exploit is heightened. Locating malware in macros in Word documents is nothing new, but this malware is particularly damaging as it can be deployed by just enabling the editing function.

 

Recruiters may want to request CVs are attached as PDFs as they are not required to be edited. Furthermore, it would be a good idea for administrators to block the rarely used command.

  Read Less
January 19, 2021

AnyVan Confirms Breach – Experts Reation
The ICO may state that if ‘a risk is unlikely’ to occur then it shouldn’t need to report it.

Although such data stolen may sound trivial, a cryptographic hash of a password could still be reverse engineered back to its original state. Therefore, if a password has been used before, by you or anyone else for that matter, it could be reversed back into the password it was before it was encrypted. This, alongside a name and email, could be all it takes for threat actors to get into other accounts if people reuse their passwords across their online accounts. The ICO may state that if ‘a

.....Read More

Although such data stolen may sound trivial, a cryptographic hash of a password could still be reverse engineered back to its original state. Therefore, if a password has been used before, by you or anyone else for that matter, it could be reversed back into the password it was before it was encrypted. This, alongside a name and email, could be all it takes for threat actors to get into other accounts if people reuse their passwords across their online accounts. The ICO may state that if ‘a risk is unlikely’ to occur then it shouldn’t need to report it but this sort of wording makes it all the more of a danger to those who have been breached and companies must do what they can to better protect their customers’ data.

  Read Less
January 19, 2021

Scottish Environment Agency Continues To Suffer Following Christmas Eve Ransomware Attack
Claiming responsibility can also add weight to further attacks when potential victims research the possible outcome.

Nowadays, threat actors specialising in ransomware tend not to stop at the first set of ransom demands. It can be far more lucrative if these criminals also release some of the stolen data on the dark web – and far more damaging to the organisation targeted. 

 

Claiming responsibility can also add weight to further attacks when potential victims research the possible outcome if they are, unfortunately, attacked. Although it is nearly impossible to locate suspects in cyber offences, such a

.....Read More

Nowadays, threat actors specialising in ransomware tend not to stop at the first set of ransom demands. It can be far more lucrative if these criminals also release some of the stolen data on the dark web – and far more damaging to the organisation targeted. 

 

Claiming responsibility can also add weight to further attacks when potential victims research the possible outcome if they are, unfortunately, attacked. Although it is nearly impossible to locate suspects in cyber offences, such a release of data should be treated as a credible threat, which far too often leaves organisations stuck between a rock and a hard place. 

 

We are now seeing a rise in this doubly impactful use of ransomware that can be highly lucrative for criminal gangs. Therefore, companies and individuals must be on even higher alert to phishing attempts, which are still the most likely attack vector.

  Read Less
January 15, 2021

Expert Reaction On Microsoft Remained Most-spoofed Brand At End Of 2020
Phishing emails are often inevitable.

Unfortunately, threat actors continue to hide behind and exploit well-known brand names because it is so highly effective. However, companies that are highly targeted, such as Microsoft and DHL, can offer some reassurance to their customers by adhering to a few basic rules. 

 

While reminding their customers that phishing emails are often inevitable, these organisations must attempt to reduce the number of links in their own, legitimate messages, as this will mean that phishing emails look less

.....Read More

Unfortunately, threat actors continue to hide behind and exploit well-known brand names because it is so highly effective. However, companies that are highly targeted, such as Microsoft and DHL, can offer some reassurance to their customers by adhering to a few basic rules. 

 

While reminding their customers that phishing emails are often inevitable, these organisations must attempt to reduce the number of links in their own, legitimate messages, as this will mean that phishing emails look less authentic.  

 

If links have to be sent within any communications – such as redelivery links – then companies must reduce the amount of personal data required and, at the same time, remind their customers that they will never ask for anything else, especially payment.

  Read Less
January 13, 2021

Experts Commentary On DarkMarket Being Taken Down By Europol
are starting to see them make use of other anonymous networks such as Signal and Telegram, taking advantage of functions like disappearing messages.

With the growth of anonymized networks, it is inevitable that we will continue to see demand for the dark web and other unidentifiable platforms for the sale of illicit drugs and other contraband. However, the golden age of dark web markets is slowly coming to an end as law enforcement tactics improve and agencies around the world work together.

 

Even if the anonymity cloak on the dark web isn’t yet fully off, the criminal fraternity is are often one step ahead – and we are starting to see

.....Read More

With the growth of anonymized networks, it is inevitable that we will continue to see demand for the dark web and other unidentifiable platforms for the sale of illicit drugs and other contraband. However, the golden age of dark web markets is slowly coming to an end as law enforcement tactics improve and agencies around the world work together.

 

Even if the anonymity cloak on the dark web isn’t yet fully off, the criminal fraternity is are often one step ahead – and we are starting to see them make use of other anonymous networks such as Signal and Telegram, taking advantage of functions like disappearing messages.

 

The inherent link to cryptocurrencies makes the dark web a perfect breeding ground for nefarious trading, but there are no securities in place when transactions go wrong. This only helps criminals who can hide in the shadows without the risk of capture.

  Read Less
January 13, 2021

Far Right Platform Parler Under Cyberattack
This attack does not seem so far to be too sophisticated.

This is yet another reminder that cybercriminals target current and newsworthy platforms for bigger exposure.

 

This attack does not seem so far to be too sophisticated, although it does highlight how threat actors will attempt whatever they can to achieve a relevant goal. This now stolen data could be manipulated in extreme circumstances, but this would be unlikely.

 

However, what makes this slightly more perturbing is the way the breach was able to carve out deleted posts on top of live posts

.....Read More

This is yet another reminder that cybercriminals target current and newsworthy platforms for bigger exposure.

 

This attack does not seem so far to be too sophisticated, although it does highlight how threat actors will attempt whatever they can to achieve a relevant goal. This now stolen data could be manipulated in extreme circumstances, but this would be unlikely.

 

However, what makes this slightly more perturbing is the way the breach was able to carve out deleted posts on top of live posts

  Read Less
January 13, 2021

SaferVPN Hit By Major Security Vulnerability
It is disappointing to learn that this was not updated within the 90 day disclosure time.

With VPN usage more important than ever due to mass remote working, it is vital these vulnerabilities are patched at the earliest opportunity, so it is disappointing to learn that this was not updated within the 90 day disclosure time. However, this also highlights the time and expertise being spent on targeting all aspects of information security. With millions now at home, VPN usage has increased dramatically, which has put a dent in threat actors’ attack vectors. The sophistication of

.....Read More

With VPN usage more important than ever due to mass remote working, it is vital these vulnerabilities are patched at the earliest opportunity, so it is disappointing to learn that this was not updated within the 90 day disclosure time. However, this also highlights the time and expertise being spent on targeting all aspects of information security. With millions now at home, VPN usage has increased dramatically, which has put a dent in threat actors’ attack vectors. The sophistication of these actors should never be underestimated and it is everyone’s responsibility to patch security vulnerabilities as soon as possible.

  Read Less