Threat actors continue to be active and take advantage of our business to commit fraud. SUMA in collaboration with its cybersecurity partners presents the latest security topics to create awareness and educate members to avoid the pitfalls.
Trying to securely make the most of today’s technology can be overwhelming for almost all of us, but it can be especially challenging for family members not as used to or as familiar with technology. Therefore, we wanted to share some key steps to help secure family members who may be struggling with technology and might misunderstand the risks that come with using it.
From “SANS” Chris Dale (12/02/2020)
The traditional holiday season is a busy time for many people as they prepare for celebrations and shop for gifts. But it's also a busy time for scammers as they devise ways to cheat and steal, sometimes through phishing campaigns that try to trick people into divulging personal information.
From “Tech Republic” Lance Whitney (11/13/2020)
Deep Dive: Fighting Back Against The Fraud Plaguing P2P Payment Apps
Payment app users also have to take security into their own hands. The first step is often fixing poor password hygiene. A recent study from data analytics firm FICO found that only 37 percent of bank customers use separate passwords for different accounts, for example, while 22 percent use two to five passwords across all their online profiles. This represents a massive security risk as a data breach that compromises a single account could give fraudsters access to any other account using the same password.
From “Pymnts.com” (10/20/2020)
Instagram Bug Allows Account Takeover Attacks
A critical Instagram bug could allow attackers to convert a mobile device into a spying tool through an Instagram account takeover, according to Check Point researchers. If an Instagram user saved a malicious image and then opened an Instagram app, the bug would be activated, granting the attacker full access to the app and critical features of the device. The Instagram bug originated from a third-party library used in uploading pictures on the Instagram app.
From “CPO Magazine” Alicia Hope (10/12/2020)
Cybersecure My Business Related Links
Here are helpful links from the National Cyber Security Alliance's (NCSA's) sponsors, partners and friends to help you keep your business secure.
From “National Cyber Security Alliance” (10/01/2020)
The FTC Chairman Is Not Writing To You
If you saw an email from FTC Chairman Joseph Simons, it wasn’t. From him, that is. Scammers pretending to be him are emailing, though. They’re trying to trick you into turning over personal information, like your birth date and home address, which could help them scam you. So: if you get an email from the Chairman of the Federal Trade Commission about getting money because of an inheritance or relief funds related to the impact of the COVID-19 pandemic — or anything else — do not respond. Do not give out your personal information. But do hit “delete.”
From “Federal Trade Commission” Karen Hobbs (10/01/2020)
Treasury Department Warns Against Paying Hackers Involved In Ransomware Attacks
The Treasury Department on Thursday issued two adversaries highlighting the dangers of ransomware cyberattacks, and warning against paying ransoms demanded by hackers. “Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business,” OFAC wrote in its advisory. “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
From “The Hill” Maggie Miller (10/01/2020)
Microsoft Digital Defense Report
This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets.
From “Tech Republic” R. Dallon Adams (9/30/2020)
CISA Releases Telework Essentials Toolkit
The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role.
From “CISA” (9/30/2020)
5 More Things To Know About Ransomware
Ransomware attacks are getting more expensive, which is one reason why you should have an incident response plan. Tom Merritt provides more information about this cybersecurity threat.
From “Tech Republic” Tom Merritt (9/28/2020)