CyberWatch Blog Header.jpg

CyberWatch

Wireless Vulnerability: KRACK WPA2

Posted by Mike Lehmberg on Oct 20, 2017 8:34:14 AM

Recently a vulnerability was discovered in the authentication process of WPA2 wireless connections. This vulnerability is primarily affecting Linux and Android devices but has the potential to affect Windows-based operating systems. At this time, Linux has provided patches but it is unknown when they will be available for distribution.

Read More

Topics: Vulnerability, Wireless

Stored Passwords Affected with macOS High Sierra

Posted by Mike Lehmberg on Sep 29, 2017 9:14:58 AM

Recently a vulnerability was discovered in MacOS High Sierra, and earlier versions, affecting the Mac Keychain. This vulnerability allows for rogue applications to steal the plain text passwords stored within it and require no master password. As of the time of this alert, there has been no patch distributed by Apple. It is highly encouraged that installation of applications with MacOS be taken with precaution to prevent any potential for this vulnerability to be exploited. 

Read More

Topics: Security, Vulnerability, macOS

Inside the Hacker Group That is Targeting Global Industries

Posted by Mike Lehmberg on Sep 21, 2017 9:59:22 AM

Recently Iranian linked hackers have been targeting companies within the U.S., Middle East, and Asia. The hackers, dubbed “APT33”, primary targets have been oil and commercial/military aviation industries. It is believed that not only are they attempting to steal information, but they are also attempting to give Iran an edge against regional rivals. This is done by affecting oil operations and looking into military aviation capabilities of countries like Saudi Arabia.

Read More

Topics: Network Security, Hackers, Computer Hacker

Is Google Chrome Leaving You Vulnerable?

Posted by Mike Lehmberg on Sep 13, 2017 2:59:44 PM

Google has recently released a patch to address multiple vulnerabilities within its browser, Google Chrome. These vulnerabilities could allow an attacker to take control of the affected system. If Google Chrome is implemented on your network, it is highly encouraged that those systems be updated to the latest version. The version that was released to patch these vulnerabilities is 61.0.3163.79.  

Visit the Google Chrome Help section on how to get the latest version.  

Read More

Topics: Vulnerability, Google Chrome, Web Browser

9 Ways You Can Protect Your Network

Posted by Mike Lehmberg on Aug 2, 2017 1:48:13 PM

Cyber security has been a growing topic over the course of the last several years. There have been many high-profile events that disrupted business operations, caused financial loss and damaged company reputations. Many tend to believe that most attackers are more interested in large companies, but that couldn’t be further from the truth. In many cases, small businesses are the easiest target. There are a few different layers of security that you can utilize to better protect your network. Each layer itself is minor, but when stacked up together, they provide a strong barrier of protection that can help you to safeguard your business. With your most vulnerable asset being the user, let us help you identify what can be done to help your business. 

Read More

Topics: Cyber Security

Could Your Browser Extension Leave You Vulnerable?

Posted by Mike Lehmberg on Jul 19, 2017 9:48:11 AM

Cisco has released an alert regarding a vulnerability in its Cisco WebEx browser extension for Google Chrome and Mozilla Firefox. This vulnerability allows for an unauthenticated remote attacker to execute arbitrary code with privileges of the affected browser on the system. The following releases are listed as vulnerable:

Read More

Topics: Vulnerability, Cisco, WebEx

New Fileless Ransomware Has the Ability to Go Undetected

Posted by Mike Lehmberg on Jun 29, 2017 11:36:07 AM

A fileless ransomware, SOREBRECT, that has recently been discovered, injects malicious code into a legitimate system process on the target system and will then remove itself in order to evade antivirus detection. SOREBRECT has targeted enterprise systems in varying industries. Upon infection, files on the system are encrypted and the attackers are capable of running remote commands on the affected system. SOREBRECT also has the capability to scan the network for computers and open shares, and will encrypt files at those locations. Although initially only affected systems in the middle east, it has since spread throughout the globe. In order to mitigate any potential infection, it is strongly encouraged that you restrict users write permissions on shared drives, keep systems up to date and have security mechanisms in place.

Read More

Topics: Ransomware, Critical

[UPDATE] The Latest Ransomware Attack That is Mimicking WannaCry

Posted by Mike Lehmberg on Jun 28, 2017 8:09:36 AM

[Update 6/29]

Indicators are now showing that, even though NotPetya disguises itself as ransomware, it actually works to lock the files permanently. Essentially, this is a cyber warfare tool that is being used to wipe the drive of the affected system and there is no way to recover the files. It appears that this began in the Ukraine and was potentially created and dispersed by Russia.  We will continue to update as information becomes available.

Read More

Topics: Ransomware, Critical

The Latest Ransomware Attack That is Mimicking WannaCry

Posted by Mike Lehmberg on Jun 27, 2017 6:36:07 PM

Today, another global ransomware attack has struck several nations and is using the same exploit utilized by WannaCry: EternalBlue. Currently, there have been several thousand infections which is comparable to WannaCry’s spread in its first several hours. If infected, the machine will display a black screen with red lettering demanding $300 worth of bitcoins. Currently there is no data on whether paying the ransom result in the decryption of your critical files.

Read More

Topics: Ransomware, Critical

How You Could Be Vulnerable to Recent North Korean Cyber Attacks

Posted by Mike Lehmberg on Jun 22, 2017 3:17:42 PM

The United States Computer Emergency Readiness Team (US-CERT), in joint efforts with the Department of Homeland Security (DHS), has recently been alerted to recent malicious actions of the North Korean Government. The intended targets of their activity is focused towards the media, aerospace, financial and critical infrastructure sectors of the United States.

Read More

Topics: Vulnerability