In potentially one of the worst cyberattacks in history, credit monitoring and reporting service Equifax was breached. The result was millions of consumer records being stolen from May to July, including personal, financial and credit card information.
Over the past several days, the big story in the US has been Category 4 Hurricane Harvey and the flooding and destruction it is leaving in its wake. As with most disasters, Harvey has stirred up the desire in many people to find a way to help with the relief efforts. Unfortunately, this also opens the doors to scammers who want to exploit the generosity of these people.
This week’s attack, called Petya and NotPetya in the media, is not necessarily a new form of ransomware; however, the way it evolved has experts questioning whether it is different enough from the original to be considered something other than a variant.
Earlier today, a phishing campaign spread across global inboxes. These emails were given legitimacy by appearing to be from someone the recipient recognized. There were a couple clues that could help users identify it as a non-legitimate request.
Popular payroll company ADP is warning of a sophisticated phishing attack using emails that impersonate ADP business. The attack email in question warns of a Past Due invoice. These emails appear as if an ADP.com account was used as the sender. Mytech has most commonly seen “billing.address.updates@ADP.com"; but other addresses including “Francisca.Hopkins@adp.com” are also common.
SUPERVALU announced on Thursday (7/14/2014) that it experienced a criminal intrusion into its payment card transaction network. The intrusion may have resulted in the theft of account numbers, expiration date, and cardholder’s names. The intrusion was identified by an internal team and quickly contained. Third-party data experts are assisting in determining the scope of the incident.
Illegitimate spam messages are not just annoying, they often contain threats to your network security. One particularly dangerous form of these threats is what has become known as "phishing" attack. This involves tricking people into clicking a hyperlink in their email that takes them to what appears to be a legitimate website. Once the user arrives at the fake site they are usually prompted to enter personal information, and then that personal information can be used by the attacker in a variety of bad ways.
Google has recently discovered a problem with a Certificate Authority (CA) in India that has been improperly issuing SSL certificates. The risk from this practice is that a browser might believe a malicious website is a legitimate site.
This is an RCE vulnerability in OpenSSL and all versions are technically vulnerable. However this is more of a concern with SSL VPN protocols than with HTTPS. There’s another separate man-in-the-middle (MITM) vulnerability too, and it’s probably worth updating… but really shouldn’t be as bad as both ends of the connection would have to be vulnerable for an exploit to work, and only version 1.0.1 is actually vulnerable on the server side.
Security researchers have released details about a vulnerability in Internet Explorer 8 that could allow bad actors to take control of a computer. At the time of this writing, Microsoft has not released any news of a security update to resolve this vulnerability. While there are some mitigation steps that can be taken to prevent an exploit, Mytech believes that most of our clients are not at elevated risk from an attack.