The COVID-19 pandemic led to a massive rise in the use of video conferencing platforms like Zoom. However, this surge in popularity also drew the attention of cybercriminals, who aimed to exploit the platform’s expanding user base for their malicious activities.
Abnormal Security has released its latest blog, looking at the methods used to obtain stolen Zoom accounts, the platforms where they are traded, and the motivations behind this illicit market. While cybercriminals use a variety of methods to obtain stolen Zoom accounts, phishing remains the predominant tactic.
Posted in Commentary with tags HYAS on April 16, 2024 by itnerd
ZainTECH, the integrated digital solutions provider of Zain Group, and HYAS Infosec, the adversary infrastructure platform provider that offers unparalleled visibility, protection, and security against all kinds of malware and attacks, have entered into a strategic partnership to bring HYAS’ award-winning and industry leading Protect solution to various countries across the Middle East.
ZainTECH already provides modern infrastructure solutions within its extensive portfolio of digital transformational solutions. This agreement comes at an opportune time given the criticality of Protective DNS solutions worldwide and the current cyber security initiatives across the entire Middle East region.
Together, ZainTECH and HYAS will deliver cyber resiliency across the Middle East, expanding zero-trust models past the network perimeter. Many Gulf organizations are forging their cybersecurity journeys, and the implementation of mature, cyber resiliency and zero-trust models are expected to grow rapidly in the coming years. ZainTECH’s clients will benefit immediately from the partnership with HYAS and the implementation of these capabilities, ensuring not just superior protection today but a long-term partnership capable of new levels of protection and resiliency across the entire business spectrum.
As part of a zero-trust strategy, HYAS Protect safeguards organizations regardless of how attackers change their techniques, tactics, vectors, and entry points, and has been independently proven by AV-TEST to be the most effective Protective DNS solution available today. HYAS Protect integrates seamlessly with various security components including EDR solutions such as Microsoft Defender for Endpoint (MDE) and others, and can be deployed within minutes. HYAS is closely aligned with Microsoft as a member of the Microsoft Intelligent Security Association and is backed by M12, Microsoft’s venture capital fund, as well as S3 Ventures, and other venture capital firms.
Posted in Commentary with tags HYAS on April 15, 2024 by itnerd
HYAS has just published the HYAS Threat Intel Report for April 15, 2024, a deep examination of the Amadey malware family which has been increasingly active, targeting SMBs and enterprises.
David Brunsdon, Threat Intelligence Security Engineer with HYAS, said: “The threat posed by the Amadey malware family looms large, targeting individuals, businesses, and organizations across sectors with sophisticated tactics aimed at stealing sensitive information, compromising systems, and wreaking havoc.
“We look at the intricacies of the Amadey malware family, exploring its modular architecture, propagation methods, malicious techniques, notable campaigns, and the entities it targets. By dissecting the inner workings of this pervasive threat and providing actionable insights, we hope to better equip cybersecurity professionals, organizations, and individuals with the knowledge needed to bolster their defenses and mitigate the risks posed by Amadey and similar malware variants.”
Amadey is a malware family recognized as a Remote Access Trojan (RAT) generally used in reconnaissance operations for keylogging, credential theft and data exfiltration. Past campaigns using this malware family have been known to target non-Russian-speaking countries.
Posted in Commentary with tags HP on April 15, 2024 by itnerd
With Earth Day on April 22 just around the corner, the theme Planet vs. Plastics sparks an important conversation about how plastics extend beyond an imminent environmental issue; it presents a threat to human health that is as alarming as climate change.
As Canada’s most sustainable technology company, HP Canada has been at the forefront of driving a circular economy to reduce its environmental impact, with a key focus area on plastics. As both a supplier and user of recovered materials, listed below are just some of the ways the company is working towards achieving its goal of using 30% postconsumer recycled content plastic across HP’s personal systems and print product portfolio by 2025.
In 2022, HP incorporated a massive 32,200 tonnes of post-consumer recycled content plastic in its consumer products (15% of all plastic it uses)
Through the HP Planet Partners Program, HP has recycled more than 1 billion HP Ink and Toner cartridges to date. Through the process, HP ensures that the returned bottles and cartridges are properly recycled to be used for new materials.
For over 18 years, HP Canada has partnered with Montreal’s Lavergne Group to develop an innovative process to make new HP cartridges from recycled plastic bottles and clothing hangers. Through this program, HP has kept 830 million HP cartridges, 101 million apparel hangers, and 4.7 billion post-consumer plastic bottles out of landfills by upcycling materials for continued use.
Acquired Choose Packaging, a start-up that has created the world’s first commercially available zero-plastic paper bottle. Building on HP’s 3D printing-enables Molded Fiber solutions, this continues HP’s efforts to disrupt the $10B sustainable packaging industry and expand our Sustainable Impact agenda.
You can check out this link for more information on how the company is contributing towards building a sustainable future.
Posted in Products with tags Apple on April 15, 2024 by itnerd
There’s a bit of a story behind this Mac mini that I’ve been using for about two weeks now. Which is that I was planning on replacing a rather large PC that I had been using for the online cycling platform Zwift for some time with something a lot smaller and more efficient. But I was planning to hold out for the M3 Mac mini models that are sure to appear seeing as the M2 models have been out for over a year (Exactly 454 days as of the day that this review was posted). But what forced my hand was the fact that my 16″ MacBook Pro started to have keyboard issues. Again. Since I can’t afford to be without a computer as I have a business to run, this forced my hand into buying this Mac mini. Since I knew that it was possible that this could be replaced at any time by something faster, I went the route of buying it from the Apple Refurbished Store. That saved me $260 CDN and as I described here and it’s still eligible for AppleCare which I did buy as well. So once I had it in my hands, I transferred my data and applications to it from my MacBook Pro, took the MacBook Pro in for repair at The Apple Store and carried on running my business. Then when I got the MacBook Pro back (And for the record The Apple Store replaced a top case which includes the keyboard and battery along with a trackpad and got it back to me ten calendar days later), I moved my data back the MacBook Pro and factory reset the Mac mini so that I could repurpose it as my Zwift computer.
With the backstory out of the way, let’s start this review by describing which Mac mini I got:
M2 Pro processor with a 10-Core CPU (6 performance cores and 4 efficiency cores) and a 16-Core GPU
16 GB RAM
512 GB Storage
16-core Neural Engine
Four Thunderbolt 4 ports
Two USB-A ports
HDMI 2.1 port
Gigabit Ethernet
Headphone jack
WiFi 6E
Bluetooth 5.3
This is one of the higher end models as the Mac mini starts at $799 CDN. But for that price you get an M2 processor with 8GB of RAM and 256 GB of storage. To be frank, Apple’s base models are pretty useless because 8GB of RAM isn’t nearly enough for most people, and 256 GB of storage is slower than their higher tiers of storage on top of not being enough storage for most people. Which is why I skipped the base model (And you should too). Plus I wanted a more powerful processor for Zwift. Which is why I went to the M2 Pro and not the M2. I should also note that Apple has another version of this M2 Pro model that comes with 2 extra CPU cores and 3 extra GPU cores for $379 CDN more. But I didn’t see that on the refurbished store. Which is why I went with this one instead. Here’s a look at the Mac mini:
It’s a pretty small and light computer as the general design of the computer hasn’t changed since they introduced them in 2005. You could easily pop it into a backpack and take it with you if you wanted to and have space left over. It’s also a bit of a fingerprint magnet as you can see. That’s a side effect of the recycled aluminum that they use for the chassis. Though as you will see, the back end of the computer is just as much of a fingerprint magnet:
Here you see the gigabit ethernet jack, 4 Thunderbolt ports, the HDMI port, the two USB-A ports, and the oddly placed headphone jack which in my opinion should be on the front as it’s not all that accessible. Though you could also make an argument that it’s fine on the back because you’ll need to plug in a quality set of speakers into it as the built in speaker isn’t all that good to be frank. It has a decent sized vent, though in the two weeks that I’ve been using it, I’ve never felt any significant amounts air hot air coming out of it, nor have I heard the fans spin up. It’s been silent. I guess that also means that I clearly don’t push the computer hard enough. Speaking of pushing, this Mac mini moves very easily on your desk. As it slides about when you try to plug literally anything into it if you don’t hold it steady. It could use some rubber feet on the bottom to stop that from happening because if you plug a lot of stuff into this Mac, that will be something that will annoy you very quickly.
Now, another one of the reasons why I was sitting on the sidelines for the M3 models of the Mac mini is that on paper, the M2 processors really don’t have that much of a performance gain over the M1 processors. Though as you will also see, that’s an overly simplistic view of what the M2 is capable of. Let me illustrate that with some Geekbench tests. I’ll start with using my M1 MacBook Pro with these specs as a point of comparison:
M1 Pro with 10-core CPU (8 performance cores and 2 efficiency cores), 16-core GPU, 16-core Neural Engine
1TB storage
32GB of RAM
As you can see they have the same amount of CPU and GPU cores, along with the same number of cores for the neural engine. Thus this is as fair of a comparison that you could possibly get. Let’s start with what the scores are for the M1 Pro CPU cores in my MacBook Pro:
And now, let’s look at the M2 Pro In my Mac mini:
The single core score is a bit higher. But the multi-core score is basically the same. Thus there’s no difference right? Well, not so fast. At first glance these scores would suggest that Apple didn’t spend a whole lot of time to make the CPU faster. But keep in mind that the M1 Pro has 8 performance cores and 2 efficiency cores. And the M2 Pro has 6 performance cores and 4 efficiency cores. That suggests to me that Apple made this M2 Pro more efficient by swapping two performance cores for two efficiency cores, and then tweaking all the cores to allow the CPU to put out the same level of compute power as the M1 Pro. Or to use a car analogy, Apple basically went from using a V6 engine that puts out 300 HP to a turbocharged 4 cylinder engine that consumes less gas and puts out 300 HP. Apple likely did this to save on power consumption for portable computer use without sacrificing speed. It also explains why the Mac mini did not “feel” any faster than my MacBook Pro when I used it to run my business.
Now let’s look at the Metal score. That’s important as Zwift uses Apple’s Metal graphics API to render graphics on the screen. Again, let’s start with the M1 Pro GPU in my MacBook Pro:
Now over to the M2 Pro in the Mac mini:
Now there’s a bit more of a difference. Clearly Apple invested some time to make the graphics a bit faster in the M2 Pro.
So if you take the GPU and CPU scores into account, and also take into account that there was no M1 Pro version of the Mac mini, that would suggest that this would be an upgrade path for someone with an M1 Mac mini who wants a faster Mac mini. Or this would be the computer to pick if you are coming to the Mac mini from a PC for example, and you wanted a small desktop computer that has healthy amounts of compute power. While at the same time not spending Mac Studio kind of money.
But the real question is, how does this run Zwift as that was the point of the whole exercise? Well, let me get something out of the way. Zwift on the Mac platform limits the level of detail of the graphics that the game displays for reasons that I don’t understand to what they term as “high” graphics detail which is their second highest tier of graphics quality (“Ultra” is the highest that you can go on the PC side of the fence which is visually sharper than “high”, but you have to look for the differences between the two. And you need some serious hardware to run Zwift at that level. As in an RTX 3090 for example). But they do let you run it at up to 4K resolution. So what I did was some frame rate tests at 4K and my results are as follows:
The maximum frame rate that I recorded was 121 FPS
The average frame rates were between 87 and 101 FPS based on recording the average frame rate over 10 different one hour rides.
In terms of what “high” graphics quality looks like on Zwift at 4K, here’s a couple of quick video clips where I set a couple of PR’s in a couple of sprint segments while I was doing a training session:
The graphic quality is good and there’s nothing to complain about here. But you have to wonder what you would get if you could unlock the “ultra” setting on a Mac. I say that because I was monitoring CPU and GPU performance and there was headroom to spare on both fronts. Which means that Zwift can look better than it does now if they chose to take advantage of the hardware on offer to the application. As for how that compares to the PC that I was replacing? Well, first of all, you can find the specs for the PC in question here, but average frame rates tended be between 59 – 66 FPS. And I’ve never recorded anything past 67 FPS as a maximum frame rate. All of that was on the “ultra” setting at 4K. If I throttled it back to “high” I likely would have gotten better frame rates. But I think you see the point here. Which is this tiny computer has enough power to run whatever you need, in my case Zwift, without breaking a sweat. And it can do it better than some PCs.
One final observation is that WiFi on this computer is faster than the WiFi that’s part of the M1 Pro chip. How Much faster? How about 150 Mbps upstream and downstream in testing on my WiFi network? That’s not a trivial amount. And keep in mind that I have WiFi 6 here in my condo. That means that you get a bit of an upgrade in terms of WiFi performance that you may actually notice depending on what WiFi hardware you own and what you’re doing. For example you won’t notice this streaming Netflix. But I tripped over this speed difference by doing a Time Machine backup and noticing that the backups went somewhat faster versus a Time Machine backup on my MacBook Pro with the M1 Pro. I attribute this speed increase in part to the fact that the M2 Pro’s WiFi support can do up to 2400 Mbps which is twice what the M1 Pro can do. And clearly that speed increase isn’t just a WiFi 6E thing.
Gripes? The only gripes that I have are the usual ones that I have about Apple computers. They are not cheap (Though to be fair, you could make an argument that the Mac mini has the performance of a 14″ or 16″ M2 Pro MacBook Pro at a lower price point). You can’t upgrade them after the purchase which forces you to perhaps buy more computer than you need in order to increase the longevity of said computer. And the base models suck performance wise which means nobody should ever buy them. Other than that, there’s really nothing negative that I have to say.
Let’s get down the price. This specific Mac mini variant is $1699 CDN. Though I paid $1439 via the Apple Refurbished Store, which is how I would suggest that you acquire one of these computers if you have a use case for it. I say that because I fully expect it to be replaced with an M3 model or even an M4 model at any time over the next few months. One thing to keep in mind is that the Mac mini doesn’t come with a keyboard or mouse, and you’ll need to source a monitor as well. So you’ll have to factor that into the purchase price if you don’t have a spare monitor, keyboard and mouse lying around. Having said all of that, this is a good way to get a desktop Mac and it’s worth a look if this Mac fits your needs. Just skip the base model.
A post from TV streaming company Roku has warned users that 576,000 accounts were hacked in a credential stuffing attack. And apparently there was another incident that compromised 15,000 accounts in early March:
Earlier this year, Roku’s security monitoring systems detected an increase in unusual account activity. After a thorough investigation, we determined that unauthorized actors had accessed about 15,000 Roku user accounts using login credentials (i.e. usernames and passwords) stolen from another source unrelated to Roku through a method known as “credential stuffing.”
And:
After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.
Now none of that is good. But at least Roku is doing two things. First they are enabling two factor authentication which should mitigate this attack. And second is that they let affected users know and reset their passwords. The post has additional steps that you can take. So I would suggest that you have a look at that so that you can protect yourself further. My advice would be to change your Roku password to something complex and unique as having unique passwords for all your online services is the best way to protect yourself from a credential stuffing attack.
UPDATE: Experts with both Approov and Horizon3.ai offer their perspective on this:
“While Roku’s efforts to implement two-factor authentication (2FA) and reset passwords for compromised accounts are commendable initial steps, they are woefully inadequate in the context of modern cybersecurity demands. The reliance on traditional security measures like 2FA and merely managing credentials exposes a fundamental misunderstanding of the current threat landscape, especially concerning API security.
“Today’s digital environment, where APIs serve as crucial gateways to vast amounts of sensitive user data, requires a much more robust defense strategy than what Roku has proposed. APIs, particularly those interfaced with mobile devices, are often the target of sophisticated bot attacks that cannot be thwarted by simple credential management or basic authentication protocols.
“A truly effective security posture demands the integration of advanced measures such as app attestation and token-based access controls. App attestation ensures that only legitimate, untampered versions of an application can interact with critical backend services, effectively neutralizing many potential threats at the source. Similarly, token-based access to APIs can provide a more secure and controlled method of managing interactions between devices and backend services, ensuring that each request is authenticated, authorized, traceable and short-lived.
“Roku’s response, while a step in the right direction, falls short of leveraging these advanced protective measures. It is imperative for Roku to enhance their security architecture beyond conventional methods to safeguard against the increasingly sophisticated and varied attack vectors of today’s cyber threats. Failure to do so could not only jeopardize user security but could also erode trust in Roku’s commitment to genuinely protecting its users.”
Stephen Gates, Principal Security SME, Horizon3.ai:
“As highlighted in our 2023 Year in Review, Proactive Cybersecurity Unleashed, credentials are still the number one issue we observe as the root cause of a data or account breach. Today’s attackers don’t typically use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network or user account; they simply log in with legitimate user credentials they stole through phishing campaigns or some other breach where credentials were compromised. From something as simple as a stolen credential, attackers can easily achieve domain compromise, host compromise, sensitive data exposure, critical infrastructure compromise, or ransomware exposure.”
Nuspire, a leading managed security services provider (MSSP), today announced the addition of Chris Roberts as the Chief Strategy Executive & Evangelist. With a distinguished 30+ year career in cybersecurity, Chris Roberts has proven his invaluable capacity to connect with and engage technical teams, executives and clients across diverse industries.
Roberts’ role at Nuspire will encompass thought leadership, technical expertise to help guide the development of our services platform and strategic guidance to support the company’s continued growth. His expertise in transportation, supply chain and other critical sectors will bolster Nuspire’s commitment to delivering cutting-edge technical knowledge and industry insights, particularly as the industry navigates the complexities of artificial intelligence, adversarial and threat monitoring, and incident response.
Chris Roberts is set to be a prominent figure in Nuspire’s educational and thought leadership initiatives, including podcasts, fireside chats and global conferences. He is also co-hosting Nuspire’s upcoming LinkedIn Live series, “SOC It to Me,” a biweekly show where he decodes the latest cyber threat developments, provides his insights and has a few laughs along the way.
Posted in Commentary with tags dBrand on April 12, 2024 by itnerd
dBrand has really dropped themselves in it this time as they’ve sparked a racism row on Twitter. The TL:DR goes something like this. A person of South Asian heritage bought a dBrand skin and had a complaint about it on Twitter. dBrand then made a very racist comment that you can see below:
Now dBrand’s Twitter account has been very edgy. But this without question crosses the line. This response is racist. Now I would have posted the original dBrand Tweet, but it looks like the company has deleted it. But not before this happened:
More on the deletion of the Tweet in a moment. dBrand must have come to the conclusion that they really screwed up given that the guy on the receiving end of their rather racist Tweet then brought it to the attention of the Indian government, and the Twitterverse pretty much called out dBrand on this, the company then posted this:
Well that escalated quickly.
1. Yes – we made fun of a guy's name. It was a huge fumble.
2. We apologized to him directly and offered him $10,000 as a gesture of goodwill.
3. We've been poking fun at customers on social media for over a decade now. We're not going to stop, but…
I for one would love to know if dBrand really offered this guy $10,000.
As for the Tweet being deleted, it was likely done because tech YouTuber MKBHD said that it caused “irreparable harm” in a Tweet of his own:
Fair enough. We left the offending tweet up because we didn't want to seem like we were sweeping this situation under the rug. We recognize that our original tweet went too far and created a platform for hateful discourse. Given that we've already buried the hatchet with Bhuwan,…
I’ll get right to the point. I like dBrand stuff. And when they sued Casetify over having their designs stolen for them, I fully supported them. But I will not be buying dBrand stuff going forward, nor will I recommend to anyone that they buy dBrand stuff going forward. In fact, I do have a dBrand skin on order, and I am reaching out to the company to cancel the order. Oh yeah, if you’re some sort of creator who has works with dBrand, you might want to look at what MKBHD has done and send a message by refusing to work with them to highlight that their behaviour is not acceptable. Ever.
I am looking at you Linus Tech Tips. But there are others who take cash from dBrand.
It will be interesting to see how dBrand tries to dig themselves out of this mess. Because I can say with 100% certainty that this incident is far from over.
Posted in Commentary with tags Baseus on April 12, 2024 by itnerd
I’m in the process of changing my desk setup. For years I’ve been running my 16″ MacBook Pro using the built in keyboard and monitor along with a 1080p external display. If you want to see what that looks like, you can have a look here. But I wanted to change things up by using a full sized keyboard for a better typing experience. Also I wanted to have a bit more desk space. Thus I decided to run my Mac in clamshell mode, meaning that it is closed rather than opened. So the first step in making that happen is to get a new USB-C hub on my desk. I chose was the Baseus Metal Gleam Series II, which for the record is a very unwieldily name for this product, for this purpose.
Now the dock is made of metal and has a high quality braided cable on it. Thus if I had to rate the build quality, I would give it a 10/10. It also has a slot to tuck away the USB-C cable if you travel and take this hub with you. While not important for my use case, that’s a nice touch.
On one side of the hub, you get (from left and right):
A USB-C port with 100W power delivery,
A HDMI port capable of doing 4K 120Hz
A HDMI port capable of doing 4K 60Hz
Two USB-A 2.0 Ports capable of doing 480 Mbps each
On the other side you get:
A USB-C 3.2 port capable of doing 10Gbps
A USB-A 3.2 port capable of doing 10Gbps
Micro and Mini SD card slot capable of doing 104 MB/s
There’s also gigabit ethernet on the side. I didn’t use that, but seeing as not many notebooks come with ethernet anymore, that’s handy.
Here’s the USB-C hub on my desk connected to my MacBook Pro. In short, I can connect one cable and have my monitor, keyboard and mouse connected along with charging my MacBook Pro. You might notice the circle on the right that’s lit up. That’s a lock computer button. On the Mac if you click it twice, it will lock the screen. If you have a Windows computer, it will do the same thing if you click it once. I can see the use case for this as a quick way to lock your computer should you need to. Having said that, I was able to reproduce an issue where by using this button, it keep my MacBook Pro awake. As in no screen saver, no power saving mode, and the display stays on. A reboot will fix that. But clearly whatever Baseus did to include this functionality doesn’t work perfectly on macOS.
So I used this hub for a few days and I have the following observations:
A key feature of this hub in my mind is the fact that the USB-C and USB-A ports on the front do 10 Gbps which is unusual for a USB-C hub. That means that I can transfer large files quickly. For example, I used an external SSD with a bunch of video files on it and I was able to do the transfer in 25 seconds from either of these ports. The previous hub I was using topped out at 5 Gbps a second so it took just over double the time to transfer the same files.
You can run two monitors from this hub. But at 4K 60Hz. Your other option is to run a single monitor at 4K 120 Hz. That again is unique as I haven’t seen a hub do that before. That’s handy for a dual monitor setup, or a single monitor gaming setup.
It was warm to the touch, but not hot. I am guessing that’s due to the metal construction and hopefully that means that it will have a long and useful life as a result.
The hub supports 100W of power delivery via USB-C. But it “only” delivers 85W to my MacBook Pro which is fine as it will still charge to full. It will just take slightly longer. And it may have a positive impact on battery health as a result because it’s not pushing a large amount of current into the battery.
To sum it up, this USB-C hub delivers the goods. And I don’t really have any gripes about it that come to mind. I paid $120 CAD on Amazon for it. And I recognize that this is likely more than you want to pay for a USB-C hub. But based on my usage, I think it’s worth the price. You should have a look at it if you’re in the market for a USB-C hub that you can depend on.
Posted in Commentary with tags Hacked on April 12, 2024 by itnerd
On Wednesday, New Mexico Highlands University (NMHU) said it is canceling all classes through this weekend while it continues to address a ransomware attack which started impacting classes on April 3.
Initially, NMHU reported that its campus police switchboard and police poles were not functioning, but by April 5, it was confirmed to be a ransomware attack affecting campus phones, internet and VPN connectivity and employee payroll.
“Cybersecurity is not just a technological issue; it’s a matter of public safety and national security,” said Gov. Michelle Lujan Grisham last week after issuing an executive order mandating comprehensive action to enhance cybersecurity measures across state agencies.
New Mexico is also one of the few states to pass bills that provide funding for cybersecurity training and ransomware response tools.
Meanwhile, this week East Central University in Ada, Oklahoma has issued an advisory stating that it is investigating a ransomware attack that impacted a “variety” of campus computers allowing hackers to access a significant amount of student information including Social Security numbers.
In addition, on April 3rd the University of Alabama filed a notice of data breach after discovering unauthorized access to an employee’s email account that resulted in the threat actor being able to access consumers’ sensitive information, such as Social Security numbers.
Emsisoft threat analyst Brett Callow said his team had tracked 14 attacks on U.S. colleges and universities so far this year and tracked at least 72 U.S.-based post-secondary schools impacted by ransomware in 2023.
“Another university hit by a cyberattack. This time, New Mexico Highlands University (NMHU) has taken the hit, with the cyberattack beginning on April 3, leading to a complete shutdown of essential services including the campus police switchboard, internet, VPN connectivity, and even affecting employee payroll. This again highlights the continuing vulnerability of educational institutions to cyber threats, a narrative that is becoming far too common.
“The impact of such incidents stretches well beyond immediate operational disruptions, affecting the trust and sense of security among students, faculty, and staff. This threat is real and needs to rise to the top of the budget to address the need for robust cybersecurity measures within the educational sector.
“This isn’t an isolated incident. As Emsisoft threat analyst Brett Callow pointed out, this year alone, 14 attacks on U.S. colleges and universities have been tracked, following at least 72 similar incidents in 2023. This has become a systemic issue that requires immediate attention and action.
“It is crucial for educational institutions to implement comprehensive cybersecurity frameworks and establish robust incident response strategies. Investment in advanced security tools and technologies, alongside regular audits, and updates to security policies, can significantly reduce vulnerabilities. The recent moves by New Mexico to fund cybersecurity training and ransomware response tools are steps in the right direction, but as these incidents show, there is a pressing need for widespread and proactive measures across the board.”
Education along with healthcare are extremely vulnerable to getting pwned. They more often than not don’t have the resources to properly defend themselves against cyberattacks. That seriously needs to change as at present, they’re easy targets for threat actors.
New Research Discovers 6 Tactics Cybercriminals Utilize in the Black Market to Obtain Zoom User Data
Posted in Commentary with tags Abnormal Security on April 16, 2024 by itnerdThe COVID-19 pandemic led to a massive rise in the use of video conferencing platforms like Zoom. However, this surge in popularity also drew the attention of cybercriminals, who aimed to exploit the platform’s expanding user base for their malicious activities.
Abnormal Security has released its latest blog, looking at the methods used to obtain stolen Zoom accounts, the platforms where they are traded, and the motivations behind this illicit market. While cybercriminals use a variety of methods to obtain stolen Zoom accounts, phishing remains the predominant tactic.
You can read the blog post here.
Leave a comment »