May 17th

Apple Blocks Over 1 Million Untrustworthy Apps in 2022

There are many different avenues bad actors can use to find their way into your world.  Unpatched systems, easy to crack passwords, limited to no protection on a network boundary.  But what if you willingly downloaded an app to your device that has a virus ?  What if you willingly bought an app that executed a script that, as soon as it was launched, it's designed to erase all your data?  What if you willingly downloaded a free app that, once opened, ransomware takes over your phone and you either you pay or all your data gets leaked?  Most people don't look twice at an app they download, or research the developer.  We're very trusting and that is the key that allows these bad actors to use apps as a means to be malicious.

 

In 2022, Apple reported to have blocked 1.7 million applications to release an app in the Apple App Store due to not meeting security, privacy or content standards.  It is great to see a company like Apple taking the measures they do to prevent these malicious users from gaining a foothold on your system.  This doesn't mean you can put full trust into those who are vetting these apps, people are still the weakest part of any infrastructure.  Apple developers can still miss a malicious app, so you should still implement the trust-but-verify concept.  Attackers find ways into our area, always be mindful and informed, always protect yourself.   

 

https://www.securityweek.com/apple-blocked-1-7-million-applications-from-app-store-in-2022/

May 19th

Hacker Group Attacks School System

The Minneapolis Public School system fell victim to a ransomware attack that saw the leak of information including highly sensitive security information, school blueprints, alarm schematics, the placement of surveillance cameras, and more.  The attack was first discovered on Feb 17, 2023, and lasted multiple days.  It wasn't said which attack vector was used to gain access to the system, but on Feb 25th, 2023, an internal email was sent around to staff members concerning the sharing of passwords.  While not a definitive conclusion, it would lead one to believe that the method of attack was social engineering.  

 

This is just one of hundreds and thousands of cases that highlight the need for security awareness and training.  We've seen so many infrastructures fall victim to ransomware: hospitals, schools, casinos, tech companies, and more.  Reeducating staff and team members on the importance of recognizing when a bad actor could be in play.  Knowing your password really isn't complex and even an 8 character password could be cracked in hours, or maybe even minutes.  Education is a key to being able to protect yourself.  Get educated, get informed, protect yourself.

 

https://www.cbsnews.com/minnesota/news/cybersecurity-experts-confirm-security-blueprints-stolen-mps-ransomware-attack/

May 16th

Cyber Security Still Looking for Talent

There have been massive layoffs in the first 5 months of 2023 including major companies such as Microsoft, IBM, Dell, McDonalds, Walmart, Disney, and dozens more.   But according to  the 2023 Cybersecurity Skills Gap Global Report, 83% of boards boast and promote the hiring of more iT security staff.  

 

Cybersecurity is a field that is not going away anytime soon, if at all.  Countries like Russia and China will continue to be an Advanced Persistent Threat (APT), Internet of Things (IoT) devices such as robot vacuums, smart thermostats, and Amazon/Google devices will continue to be easy areas of attack for bad actors, and human beings will still be employed making them the weakest part of any infrastructure.  

 

With top organizations like ISC2 offering free cybersecurity certifications, Certified in Cybersecurity (CC), it's opening the doors for millions to get their foot in the door in the field of cybersecurity.   Cybersecurity work is impactful, challenging , and leads to more and more opportunities.  

 

"https://www.dice.com/career-advice/how-cybersecurity-training-gives-job-seekers-the-advantage"

May 15th, 2022

Phishing-as-a-Service Threat

Phishing is a type of a social engineering attack in which attackers use, what look to be, legitimate emails to gather a user's login information.  Many tools are available for attackers to create emails that look as real as any other email you might receive from a vendor.  According to DataProt, "90% of of security breaches in companies are a result of phishing attacks."  Now that we're seeing Phishing-as-a-Service hit the market, it's more imperative than ever to make sure you, your team, and your property is as protected as possible.  

 

There are several type of phishing attacks:

  • Spear Phishing
    • Targeting a specific person or group
  • Vishing
    • Using the phone to phish for information
  • Whaling
    • Targeting the executives in a company, i.e. CEO, COO, CFO
  • Smishing
    • Attackers use text messages to send phishing campaigns.
  • Social Media Phishing
    • Utilizing social media platforms such as Facebook, Instagram, and LinkedIn to launch phishing attacks.

 

  A key way to protect against phishing attacks is security awareness and training.  Humans are the weakest element in any infrastructure.  People want to help, and this makes them very susceptible to social engineering attacks like phishing.  With education and training, you can help protect yourself.

 

"New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages"

All rights reserved. Safe and Sound Cyber

© 2023

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details and accept the service to view the translations.

Privacy Settings

Website Translator

Privacy Settings

This tool helps you to select and deactivate various tags / trackers / analytic tools used on this website.

Select all services
Website Translator
More
Save Settings