For Small and Medium-sized businesses (SMB) Managed IT Services used to be deployed on location, for in-office environments. Recent world events, such as the pandemic, propelled the demand for a remote workforce and hybrid environments, and we support our clients with employees who use devices to do business from home. We want everyone to benefit …
Cybersecurity
By now everyone is aware of scam emails, and what phishing is. It is very prevalent. It takes over our inboxes on an everyday basis, posing security threats to our sensitive data. It can lead to identity and money theft, systems, and network vulnerability, data loss, and damage to your reputation. It can happen to …
The new reality of COVID pandemic-enforced changes is now a major contributor to an increase in the remote workforce. The major changes in business operations are something that companies large and small have in common around the globe. At the height of the pandemic, an estimated 69% of workers had to change their in-office hours …
Oh, the infamous phishing! It seems everywhere you look there is a cybersecurity article about it. That’s because is still the most efficient way for cybercriminals to deploy cyberattacks. We are not an exception, here are a few more articles we have on Phishing: How to spot a phishing email [5 easy tips] Phishing Scam: …
On September 30, 2022, Microsoft released guidance regarding Zero-Day Vulnerability CVE exploits discovered in Microsoft Exchange Server in August of 2022. This guidance appeared in various industry alerts – including the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), where the alert has been provided to assist organizations in guarding against the persistent malicious actions …
I received a call the other day from an unknown number on my cell phone. I did not pick it up, as I tend to do with unknown callers, and let it go to voicemail. After hearing the voicemail left, I was slightly amused. A very nice, young, American-sounding female was letting me know that …
With cybersecurity on the rise, Multi-factor Authentication is a go-to for an additional security measure for your devices and data points. Question: What is Multi-factor Authentication … and Which Method is Best? Answer: Multi-factor authentication is a method of securing data and applications after a user presents two or more credentials to verify the user’s …
Maintaining a strong cybersecurity posture is more important than ever. With so many businesses investing in digital transformation technologies, the ramifications of a cyber attack would be devastating. Combine this with the fact that many organizations have standardized the work-from-home model and you’ve got a recipe for serious disruption. But it’s not all doom and …
The 5 Benefits of Cyber Awareness Training for Your Business
The Internet of Things (IoT) devices are outnumbering the population of our planet. It is estimated that the planet has over 20 billion devices. The cybercrime results in business-related economic losses in the astounding amount of approximately $8 trillion – EIGHT TRILLION! Beyond its financial cost, the cybercrime disrupts critical and strategic infrastructure of the …
Common Goals and Objectives of an Information Security Risk Assessment
A new vulnerability has been discovered for the Microsoft Office Suite named “Follina”. It is triggered by opening malicious MS Office documents. Follina is a zero-day discovery. It does not appear that there are any exploits just yet, but due to the nature of this exploit, attackers will start to utilize it. “Zero-day” is …
Watch out for Follina – a new zero-day Microsoft Office Suite vulnerability
As we go into the long Memorial Day weekend, many users will be checking their phones for new emails, or taking advantage of holiday shopping deals and making online purchases. Cybercriminals are aware of this and will use tactics to try and get you to open a malicious email. While you may think you are receiving …
This week, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) released its Garden State Cyber Threat Highlights, providing insights into the threats and malicious activity directly targeting New Jersey networks. These threat warnings included ones related to Russia/Ukraine and Cuba. The NJCCIC is the State of New Jersey’s center for cybersecurity information sharing, threat …
Phishing takes advantage of human error, and some phishing emails use sophisticated human engineering tactics to fool the recipient into sharing private information or infecting a network with malware. One phishing email can be responsible for a company becoming a victim of ransom demands in exchange for data or access to your business network. It …
Last week, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) released an advisory stating that it did not see any specific or imminent cyber threat to New Jersey related to the Russia/Ukraine crisis. However, it went on to say that it is likely that Russia’s aggressive cyber activity will increase and spread. Therefore, it …
How New Jersey Small Businesses Can Protect Against Russia/Ukraine and other Cyber Threats
Public networks expose your business to security threats. Switching to a virtual private network (VPN) can greatly help in reducing those threats. Many companies rely on public networks for communication and data sharing. It allows them to cut costs and allocate their funds elsewhere. However, reliance on public networks also raises several security issues. …
How To Choose a VPN To Improve Protection Against Cyberattacks
Tax season is here and attackers have been aggressively targeting popular tax software to harvest credentials. The software provider Intuit has issued a few security notices of a significant increase in fake emails pretending to be sent by Intuit’s notification system. Intuit has now joined the ranks of household names such as American Express, …
As you know, for an organization to enjoy continued success and growth, it needs a management that can effectively oversee key areas of daily business operations such as administration, finances, and marketing. But what about technology? Constantly changing and increasingly complicated, it makes sense to outsource technology to our team of skilled professionals. You need …
The number and severity of ransomware attacks targeting manufacturing, legal, health care, and other sectors in the United States and across the globe have surged in 2021 compared to all other years. Victims of ransomware paid cybercriminals paid more money in the first half of 2021 than in all of 2020 – a staggering $590 …
A recent CSO publication highlights various possible ransomware costs that might be unexpected. CSO (“Chief Security Officer”) is an organization that provides critical information to enterprises related to defending against criminal attacks. It addresses topics such as risk management, network defense, fraud, and data loss prevention. The following discusses some of the key points presented …
The Money Pit for SMBs: what you need to know about rising costs of ransomware
The number and percentage of employees working remotely has been growing significantly over the past several years – accelerating and proliferating due to the impact of the COVID pandemic. Industry studies indicate the trend towards increased remote workers will continue due to benefits to both employers and employees. Do your remote workers connect securely? Get …
Business Cybersecurity: Selecting and Hardening Remote Connections (VPNs)
It has come to powersolution’s attention that FAKE notice for Microsoft Windows 11 installer is being distributed online. How this fraudulent Windows 11 installer malware works. A legitimate-looking alert message gives the end-user an illusion of interacting with an official Windows 11 installation tool. Instead, it is malware designed to infect unsuspecting users’ systems. …
A new version of the LockBit ransomware offering recently appeared and is experiencing rapid growth. This growth is occurring to a great extent due to the July 2021 disappearance of REvil (“Ransomware Evil”), a private ransomware-as-a-service (RaaS) known for its major attacks on JBS and Kaseya, impacting the operations of over 1,500 companies. LockBit is …
The Internal Revenue Service (IRS) and state tax agencies are warning of a phishing scam targeting tax professionals and members of the public in the midst of a tax season. The scammers impersonate the IRS in an attempt to collect SSN numbers, e-file identification numbers (EFINs), driver’s license images, and other credentials. These phishing emails …
powersolution, through its membership with the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), has received information related to a new phishing/email threat. powersolution, along with the NJCCIC, recommends users who receive this and similar extortion threats ignore the email as they have not proven to be a credible threat. Never click on any links …
Users are advised to exercise caution with links and attachments received from unknown contacts or file-sharing platforms (such as Box and DropBox) Researchers from anti-malware software vendor, Malwarebytes Labs have identified a new phishing attack that uses fake COVID-19 surveys in Microsoft Word documents to deliver ransomware. To evade detection, the attackers have uploaded the …
Researchers from Proofpoint, a well-known email security vendor that provides anti-spam, anti-malware, and phishing protection services, observed a spear-phishing campaign, codenamed “employer21,” targeting teachers. The campaign delivers emails teachers purported to be from parents or guardians attempting to deliver a student’s assignment after issues submitting the assignment the “usual way.” Typically a ZIP attachment accompanies …
The New Jersey Cybersecurity and Communications Cell (NJCCIC) warns of a new threat that can potentially affect millions of people. As a result of the COVID-19 ongoing pandemic, threat actors are trying to cash in by targeting individuals looking for financial relief. These malicious actors are using fraudulent emails, websites, and robocalls to target the …
This month, October 2020, is Cybersecurity Awareness month, co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA). Its theme, “Do Your Part. #BeCyberSmart.” is designed to empower individuals and organizations to own their role in protecting cyberspace. A key message of this theme is “If You Connect IT, Protect …
10 Tips for National Cybersecurity Awareness Month (October 2020)
To accommodate working from home and, now with schools starting, remote learning, both parents and students will use various devices that require an internet connection. These devices will likely use a home wireless (Wi-Fi) network; however, the Wi-Fi router may not be set up securely. If a Wi-Fi network is left unsecured, a threat actor …
Email is a commonly used method of communication in both academic institutions and the corporate world. It is important to be vigilant about what is clicked on, downloaded, and transmitted, especially with the increase in social engineering tactics and spoofed domains. Threat actors may send phishing emails that appear to be from a trusted classmate, …
The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has issued an alert after increased reports of a new round of emails containing Emotet infected attachments. Emails containing the Emtot infected attachments slowed during the summer, the threat actors behind the Emotet trojan continue to increase their activity, with a large uptick occurring starting in …
As the novel coronavirus (COVID-19) continues to spread, many businesses are assessing how they can prioritize their employee safety and still maintain regular business operations. One solution many businesses are turning to is recommending employees to work from home to avoid potential illnesses. To help ease the burden on businesses, Microsoft, Google, LogMeIn, Cisco Webex, …
Returning to your establishment doesn’t necessarily mean you will be abandoning all of your Work From Home (WFH) set-ups. In fact, for most of you, your workforce will likely consist of remote workers for some time to come. In addition, workstations in your establishment may have been sitting idle while everyone worked remotely. Your technology …
Reopening the Workplace After COVID-19: Technology Considerations
Data security is important, but one main facet of data security is accessibility. Safe data is of no use to anyone if it becomes inaccessible. So as you make plans to defend against events that could threaten data security; plan to defend against events that would limit the use of that data to conduct your …
There are numerous ways data can be put at risk. A number of different events will have an impact on customers and pose a threat to your brand, as well as your ability to provide services. 1. External Bad Actors – Clearly, this is the risk that gets the most headlines. Cyberattacks from hackers, …
Multiple phishing campaigns have been identified targeting Microsoft Office 365 (O365) users in an attempt to steal login credentials. In one of the campaigns, the phishing email mimics an automated official notification from the Outlook team on behalf of the recipient’s organization. The email urges recipients to upgrade Outlook services within 24 hours to avoid …
Multiple Active Phishing Campaigns Targeting O365 Credentials
Twitter stated that the company detected what they believed to be “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” Twitter CEO Jack Dorsey tweeted several hours later that it was a “tough day for us at Twitter.” Twitter acknowledged that some users’ features …
A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches. The databases have been collected …
Has your info and password been hacked? – Latest breach had compromised billions of records
Every tax professional in the US is a potential target for well-funded and technologically sophisticated cybercriminals who aim to steal your clients’ data. Often their goal is to steal data to steal your EFINs or CAF numbers and impersonate their victims and to file fraudulent tax returns. Cybercriminals use several avenues, including email, fax and …
Did you know? Tax preparers must develop a written Information Security plan
Through powersolution’s membership of the Cyber Health Working Group (CHWG)*, a new phishing campaign has been detected and reported on. This phishing campaign is designed around COVID-19 themed emails that contain a link to a phishing page that attempts to collect credentials for multiple banks. The attackers then use the information collected to extort funds …
Did you know that 60% of businesses that suffer a cyber attack go out of business within six months? The vast majority of damage is due to the inability of the company to respond because they have not developed a cyber prevention and response strategy. If your e-commerce system, website, email, or customer data was …
How Employees Slip Up When you look around at your digital landscape, you can probably point to any number of ways that a cyber attack might occur — but can you identify your single greatest threat? Employees, the greatest asset to most high-performing organizations, also represent one of the biggest threats. However, there are ways …
In a recent US-CERT/CISA alert on Dridex malware and its various iterations, information is confirmed that this malware has the capability to impact confidentiality of customer data and availability of data and systems for business processes. According to industry reporting, the original version of Dridex first appeared in 2012, and by 2015 had become one …
Our partner’s (Datto) Global State of the Channel Ransomware Report is comprised of statistics pulled from a survey of 1,400+ managed service providers (MSPs), its partners, and clients, around the world. The report provides unique visibility into the state of ransomware from the perspective of the IT Channel and their SMB clients who are dealing …
Key findings of 2019 state of ransomware report a growing threat
Did you know that in the U.S. 70% of employees lack a basic understanding of cybersecurity best practices? Vulnerabilities in your organization can lead to a major fallout in the case of a cyberattack. Cyberattack simulation and invocation and test of incident response protocols help businesses and regulators practice effective coordination in the event of …
Local governments are increasingly being targeted by cyber threats. These attacks typically come in the form on ransomware, holding the municipalities’ data hostage until either the ransom is paid or data is restored from a backup. Examples of ransomware attacks in 2019: June 20, 2019: Riviera Beach, Florida, discloses ransomware attack and payment. May 7, 2019: City …
According to released information from Barracuda Networks, Microsoft Office 365 account takeover attacks are one of the most prevalent email attacks for the Office 365 platform. Barracuda states that approximately 29% of Organizations on Office 365 have had at least one account compromised by a bad actor. Account Takeover An Office 365 account takeover attack …
In a past month, Microsoft has released patches for over 70 vulnerabilities in its products. The company has been under the fire from users and system administrators for quite some time. The pressure was following the stream of vulnerabilities, including two of a zero-day type flaws. The zero-day vulnerabilities are still being actively exploited in …
Vulnerabilities Fallout: Not all fixed by Recent Microsoft Patch Releases
We have received numerous reports and examples today of an advanced phishing email being used to harvest Office365 credentials. The email is sent through a compromised account of an individual that is familiar, such as a colleague, business partner, vendor, etc. The attacker gets your email address from the compromised mailbox and then sends you …
Advanced Phishing Threat: malicious emails posing as Adobe Acrobat or Microsoft Office365 message
Protecting your organization, large or small, from cyber attacks rests to a great extent on the IT security infrastructure and processes that are in place and managed by in-house and/or outsourced IT professionals. It is interesting to note that more than half of all cyber attacks are directed at small and mid-sized businesses. According to …
Cybercrime is a big and nasty business. According to Cybersecurity Ventures, small business (organizations with fewer than 250 employees) becomes a prevalent and profitable target: 58% of them were cyberattack victims in the recent year, and the astounding amount of $6 trillion is expected to be the cost of cybercrime the by the year 2021. …
58% of cyber attack victims were small businesses – you could be next
Today, one of the largest data breach data sets was released containing roughly 773 million unique records of email addresses and passwords. Microsoft Regional Director and MVP Troy Hunt obtained the original data set, titled ‘Collection #1’ from a hacker forum. The original data set contained 2,692,818,238 rows of email addresses and passwords. That’s right, …
773 million records of email addresses were breached – Have you been pwned?
A new phishing attack is using fake non-delivery notification in an attempt to steal users’ Microsoft Office 365 credentials. These credentials will then be used to send messages from the users account, further spreading malicious emails and software. In this case, the attack begins when a user receives a fake non-delivery notification email from ‘Microsoft.’ …
Each year, SplashData., Inc, a leader in password management, analyses leaked passwords to find the top commonly used passwords. In 2018, SplashData, Inc. had five million passwords to work from, most of them from hacks in the US and Europe. According to the statistics, almost 10% of people have used at least one common password …
10% of you are compromised by at least one of the passwords from the Top 100 List of 2018
The United Staes Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security (DHS) have issued a new alert for a ransomware known as SamSam (MSIL/Samas.A.) – just days after two mastermind suspects were charged by US Department of Justice. The alert, issued on December 3rd, 2018, warns about hackers armed with SamSam targeting …
If not familiar, Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. A computer can become infected with Ransomware in a number of ways; thorough an email, an infected link, or even an infected ad on a webpage. Ransomware has been around …
While ransomware attacks have slowed down with cybercriminals shifting their focus to cryptojacking (mining virtual currencies), cyberextortion is still widespread. Here are a few examples of recent cyber extortion attacks: Systems of Onslow Water and Seer Authority (ONWASA) in Jacksonville, NC, serves a population of more than 100,000 people. Earlier this month its computer systems …
On October 3, 2018, the U.S. Department of Homeland Security (DHS) issued a major warning to IT service providers, IT managed services providers (MSPs), and cloud services providers (CSPs) and their customers. The warning came from the National Cybersecurity and Communications Integration Center (NCCIC), which is part of the Office of Cybersecurity & Communications within …
Businesses Should Act on DHS Hacker Warning and Recommended Protective Measures