<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Awesome New Password Protection Feature Added to Chrome

At ThreatSTOP we are unapologetic security geeks, we also happen to be security minimalists. In fact, we think anyone passionate about The Cybers aims to maximize protection with the fewest tools. Why? Because tools break, they have vulnerabilities, they cost money, they require care and feeding, etc. etc.. Is it crazy to think you can secure a network really well with only ThreatSTOP, a firewall, a DNS server, and good password hygiene? Heck no, that's not crazy, what is crazy is that a huge percentage of businesses (skewing to SMB of course) don't even check those minimums off the security must-have list, while lots of companies conversely have become collectors, with a SOC that looks like a virtual RSA tradeshow. So while we daydream about a future where enterprises don't have either zero or 70 different security products that aren't playing nice together, check out our favorite new tool (hah!) for managing passwords:

Google has announced a ton of new password protection features this week after releasing Chrome 88. The new browser version provides users with an easy shortcut to identify weak or compromised passwords and quickly change them. The new key icon will appear under your profile avatar, and clicking it will begin Google’s check for weak passwords. If found, the browser will immediately alert you and offer a one-click password change. Chrome 88 will also let users manage and update multiple passwords in the same place. This feature is currently available for desktop and iOS versions, and will be available for the Android Chrome app soon. Google has already seen a 37% reduction in compromised credentials in 2020 based on the Chrome Safety Check features and other improvements made last year. Today, Chrome’s safety check is used 14 million times every week.

Read More

Share this:

BOTNETS 101: INFAMOUS BOTNETS OF THE 21ST CENTURY

A botnet is a distributed network consisting of many compromised internet-connected devices, which are controlled by a centralized botmaster, and are utilized to perform synchronized tasks. Each infected machine is called a bot, and together their power is used to carry out various attacks. Botnets are usually created via malware infections, which gain persistence on the machines and “recruit” them to the botnet. Some of these malware variants can even self-propagate through networks, infecting many devices via one network entry point. The bandwidth amount “taken” from each bot is relatively small, so that the victim will not realize that their device is being exploited, but when thousands or even millions of machines are simultaneously instructed to perform a joint, targeted attack, the damage can be immense.

Although we are used to thinking of botnets as a collection of computers, these networks can be comprised of various types of devices – personal computers, laptops, mobile devices, smart watches, security cameras, and smart house appliances.

Our Security Research Team has created a timeline of the  most famous, dangerous and costly botnets of the century. Download the timeline here, or check it out at the bottom of this post.
Read More

Share this:

FBI WARNS: HACKERS WREAKING HAVOC THROUGH HOME SECURITY DEVICES

In a public service announcement last week, the FBI warned residents with camera and voice-capable smart devices that hackers are targeting them with swatting attacks that stem from stolen email credentials. Swatting is an attack in which ill-meaning attackers make a fake emergency call to the police, calling law enforcement and S.W.A.T teams into action on a fake premise. The hoax call usually mentions an immediate life threat so that law enforcement will scramble to arrive ASAP and in full force. This type of attack causes damage on both sides of the dangerous prank – police, who are taken away from other critical tasks, and homeowners whose hacked devices were used for the call, who are left confused and shaken or worse. Some health-related and even violent consequences of these situations have also been reported.

Read More

Share this:

LAZARUS GROUP almost stole COVID-19 VACCINE RESEARCH

While vaccines are slowly being distributed around the world, COVID-19 is still on the loose, and the in many ways – the world is still at a halt. Researchers at Kaspersky have recently discovered attacks against COVID-19-related entities, probably attempting to get their hands on vaccine research. The perpetrators behind this sneaky and specialized attack are none other than the mysterious Lazarus Group, a cybercrime group with strong links to North Korea, and known for some large cyberattacks over the last decade, such as the WannaCry attacks, Sony breach, and more. While tracking the group’s activity over a variety of industries, the Kaspersky researchers spotted two COVID-related attacks – one on a pharmaceutical company, and the other on a government ministry involved in COVID-19 response.

Read More

Share this:

Solarwinds, Fireeye, and You

The latest headliner in cybersecurity news is the recently disclosed compromise of FireEye, The US Government, and many others that was brought about by a backdoor discovered in a widely installed set of network tools from Solarwinds.

What we know so far reveals a sophisticated, long term, and well-funded campaign that was likely backed by a nation's resources rather than some run-of-the-mill cyber criminal enterprise.

Read More

Share this:

The IT/OT Challenge - Understanding Convergence Risks

As we have discussed in previous articles on our blog, smart technologies are advancing at a precedential speed. New technologies and IoT devices allow operational technology infrastructures to connect to the information technology (IT) realm, receiving data and controls from Internet-connected devices. While this creates amazing opportunities and technological advancement, such as simplified process control, real-time visibility, and decreased unplanned downtime, connecting OT devices to the Internet makes them vulnerable to an additional world of threats and attack types. Companies and facilities must strictly protect their industrial control system (ICS) and SCADA networks, since a breach can cause damage to an electrical grid, an oil rig, or even to emergency services systems during a crisis.

Read More

Share this:

WHEN RANSOMWARE HITS CLOSE TO HOME

Last Friday’s family dinner started like any other. My grandmother stealthily running around the kitchen adding some finishing touches to her amazing dishes, while her children and grandchildren gradually arrive. Meeting once a week (or two) for a Friday dinner is customary for traditional Israeli families (and let’s face it, Israel is so small that no matter where you live – it’s still no more than a few-hour drive from your family). As we started moving delicious-smelling food from the kitchen to the dining room, my family asked me excitedly (and a bit worriedly) – “Did you hear about the Shirbit cyber attack? They got attacked with a ransom malware, have you heard of those?”.

Read More

Share this:

Are You Prepared For 5G?

5G is here, and it is definitely changing 21st century technology. The fifth generation of wireless connectivity marks a new era for devices of all kinds, serving as critical infrastructure to promote the digitization, automation and connectivity of machines, robots, smart appliances, transport solutions and more. In addition to advanced infrastructure technologies - smartphones, computers and Internet-of-Things devices are extremely prevalent in every home - and they’re getting smarter. With the increased demand for connectivity and 5G-enabled IoT devices, vendors are rushing their products to be the first on the market, trying to beat out the competition on the way. According to Statista, there will be a whopping 74 Billion connected devices by 2025. Even last month’s Black Friday deals on next generation smartphones and smart devices may very well have equipped another couple million Americans with 5G-compatible devices. But despite the excitement and hype around smart technologies, this race-to-market is creating a gaping hole where strong security and advanced technology must meet. Vendors are sacrificing security testing, allowing potential vulnerabilities to remain hidden in the backend of devices.

Read More

Share this:

Watch out for Phishing this (online) Holiday Season

Winter holidays are a glowing delight, filled with cozy warm drinks, great food, decorations, family traditions, and of course – presents. Families know the feeling of December creeping in, and the burst of joy filled with urgency that comes with it. People rush to shopping malls by the handfuls, making a day (or days) of purchasing gifts for their friends and loved ones. But the Covid-19 pandemic has reshaped the holiday shopping experience, migrating holiday shoppers from mall trip extravaganzas to multi-platform online shopping. Probably the last thing buyers are thinking about when deliberating between a blue bike or a green scooter is the plethora of cyber attackers just waiting for them to make one mistaken make one wrong click, and fall victim to a phishing scam that can drain all the money (and holiday joy) from your stocking.

Read More

Share this:

Pop Stars Hacked during Spotify Wrapped 2020

For 320 million Spotify users around the world, December kicked off with some fun statistics in Wrapped, the streaming service’s yearly review: Most streamed artist, most played song, top podcasts... But it’s 2020, "the Year to Forget", and no parade can go on for long without some rain. During Spotify’s Wrapped 2020, the most popular streaming service in the world suffered a pretty wild security breach that targeted both popular musicians and their music labels.

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter