Blog

2022 Cybersecurity review by CISA

CISA, the Cybersecurity and Infrastructure Security American Agency, recently published a report on all the various activities to drive down the risk in cybersecurity.

The report is divided into four main sections, reflecting the four goals outlined in the 2023-2025 CISA Strategic Plan. They cover Cyber Defense, Risk Reduction and Resilience, Operational Collaboration and Agency Unification.

From the strengthening of critical infrastructure to the defence and resilience of cyberspace, from weaving relations with government institutions to facilitating collaboration and activities, CISA is investing in improving the American cybersecurity level from internal and external threads.

Download the full report

Blog

The Importance of Monitoring Your Data Usage with GlassWire

Why monitoring your data usage is crucial

Data Usage with GlassWire

From a security standpoint, monitoring your data usage is not only important but crucial. When it comes to spotting malicious apps that can compromise your security and steal your personal information, the first red flag you should notice is the anomaly consumption of data from certain applications. GlassWire is a powerful tool that can help you keep track of your data usage and identify any suspicious activity on your network. To do that, GlassWire leverages two main features, the “Anomaly Detector” and the “GlassWire Score”. The two features compare your current data usage for each application with the average consumption, gathering, and aggregating data from its users. The result is a benchmark to verify your data consumption. When an application is using more data than expected, an alert will notify the user.

How GlassWire helps you monitor data usage

GlassWire allows you to identify when an app uses more data than it should, or if it is sending data at a time when it’s not supposed to. This can be a sign that the app is running in the background or that it’s sending data to a third party without your knowledge. With GlassWire, you can see a detailed breakdown of how much data each app is using and how often it’s connecting to the internet. In addition, an advanced system of custom alerts helps keep everything on track. This makes it easy to identify apps that are using more data than they should and to take action to stop them.

Spotting malicious apps

Another benefit of monitoring your data usage is that it can help spot apps that are behaving maliciously. Malicious apps can often be identified by their high data usage, as they may be sending sensitive information to a third-party without your knowledge. With GlassWire, you can see exactly what data is being sent and where it’s going, making it easy to identify bad-behaviour apps and remove them from your device.

In addition to monitoring your data usage, GlassWire also provides a host of other features that can help you keep your network and data safe. For example, the software includes a firewall that can block incoming and outgoing connections to and from your device, helping to protect your personal information from hackers and other cybercriminals. GlassWire also provides alerts when a new app or device connects to your network, making it easy to spot and remove any unwanted connections.

Another important feature of GlassWire is its ability to track network activity in real-time. This feature allows you to see exactly what is happening on your network at any given time, and to identify any suspicious activity. If you notice that a particular app or device is using more data than it should, or if you spot a connection to an unknown server, you can take action to stop it.

Overall, monitoring your data usage with GlassWire is an essential step in keeping your network and personal information safe. With its powerful features and intuitive interface, GlassWire makes it easy to identify and remove malicious apps and to keep your network and data secure. Whether you’re a home user or a business, GlassWire is a powerful tool that can help you stay safe online.

The importance of GlassWire for data usage monitoring and security

In conclusion, GlassWire is a powerful tool that can help you keep track of your data usage and identify any suspicious activity on your network. With its detailed breakdown of data usage, real-time network activity tracking, and powerful security features, GlassWire makes it easy to identify and remove malicious apps and to keep your network and data safe. It’s essential for anyone who wants to protect their personal information and keep their device secure.

Blog

How to protect your network

How to protect your network

Your network’s safety depends on endpoint security, such as a firewall. When a connection or file tries to enter or exit the network, your endpoint security app can scan for malicious activity and prevent it from inflicting damage.
Firewalls aren’t created the same and their functions vary depending on your needs. Some work alongside comprehensive features such as internet privacy tools.
Throughout this guide, you’ll learn about network protection and what firewalls can do, with extra tips on how you can take action to protect your network.

Types Of Firewalls

Firewalls vary and offer different levels of protection. Some exist as hardware or cloud-based firewalls, while others install as a piece of software.
A packet-filtering firewall offers a basic level of protection by scanning incoming data packets and denying malicious ones. Proxy firewalls offer deeper protection at the application level, but do slow down your devices. Stateful inspection firewalls check data against a known database offering an even higher level of security that might slow down your system’s performance.
Generally seen as the best kind of network protection, there are next-gen firewalls — these combine traditional firewall features with other network protection features like antivirus and anomaly detection for full-coverage protection.
But what does this mean for your endpoint security? Next, we’ll explore how a firewall and network protection app, including other security tools, can protect your devices and networks.

Protect Your Network and Keep it Safe

Endpoint security includes firewalls, network monitoring, and privacy tools. Here’s how a platform such as GlassWire can protect you and your data.

Internet Security

You can actively monitor the applications and processes that are communicating over your internet connection, to check for suspicious activity. Receive a notification if your devices connect to a known threat so you can intervene immediately.

Manage All Endpoints

For true network protection, try to stay aware of all endpoints — the smartphones, tablets, and computers — that use your network. Monitor all of them at once to keep track of usage and spot any unauthorized network connections.

Monitor Bandwidth Usage

Keep a close eye on every app and traffic source that’s taking up bandwidth. If there’s something you don’t recognize, you can check items that seem suspicious and learn more about it to determine if it’s safe or needs immediate attention.

Protect Internet Privacy

Do you know what hosts your device is communicating with on the internet? With internet privacy tools you can keep a constant track of what servers websites and apps are connecting to, including the countries of origin. If something doesn’t seem right, you can use a firewall to block it.

Check Wifi Connections

When you begin to experience a slow internet connection, you can check to see how many devices are using your network. Are there any you don’t recognize? See when devices join or leave it to spot any unwanted connections.

Extra Tips To Protect Your Network

Endpoint security does an exceptional job at protecting your networks and devices from harm. However, there are always actions you can take to stay safe, too.

Change Default Name On Your Wifi

Hackers could easily bypass the default admin username and passwords that came with your router, as they usually look something like ‘admin’ and ‘password’. Change them to something more complex and keep the credentials safe from prying eyes.

Use Strong Passwords

After you’ve changed your router details, it’s time to revisit your online accounts’ passwords. When’s the last time you changed them? And do you use the same password on multiple sites? Using a password manager could help you generate tough-to-crack passwords and encrypt them, too.

Use Two-Factor Authentication

Adding another kind of authentication on top of your account passwords makes unwanted access almost impossible. You can use a code generator or fingerprint scanner on many websites and apps for extra protection.

Keep Devices Up To Date

Devices and their apps have regular updates that developers create to keep them secure and working as they should. Neglecting updates could leave vulnerabilities for hackers to exploit, which is bad news for your data. Regularly check for device and software updates. Better yet, switch on automatic updates so you never forget.

Network Protection With GlassWire

Smartphones, tablets, and computers all have vulnerabilities.
You can start protecting your sensitive information by creating stronger passwords and updating your devices. For true protection, you can enable network protection with tools such as a firewall, internet privacy tools, and a visual network monitor so you’ll know when something suspicious is attempting to infiltrate your network.
Protect your devices with a comprehensive endpoint security app like GlassWire.

Blog

Automatic HTTPS by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

To browse the web, we all know that we should use https (which uses an encrypted session) rather than http (which does not use encryption), even though it’s not a panacea. See my Cybersecurity News article What does https really mean? https://mailchi.mp/glasswire/glasswire-monthly-newsletter-glasswire-is-about-to-reveal-your-ports.

Many sites are set up to automatically switch from http to https. Try browsing to http://google.com and it will switch to https://google.com. But some sites support both http and https and don’t automatically switch. In June 2021 Microsoft introduced an experimental feature called Automatically switch to more secure connections with Automatic HTTPS in Microsoft Edge v92 and announced it in the Windows Blog at https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/. Even in Edge v106 (current as of this writing), the feature is still buried where you have to be pretty deliberate to enable it.

In the address bar in Edge, type edge://flags/#edge-automatic-https and hit Enter. Set the entry Automatic HTTPS to Enabled and restart Edge.

In the address bar in Edge, type edge://settings/privacy and hit Enter. Scroll down to the Security section and toggle on the option Automatically switch to more secure connections with Automatic HTTPS (1 in the screenshot below). You then have two options; Switch to HTTPS only on websites likely to support HTTPS (2 in the screenshot below) and Always switch from HTTP to HTTPS (connection errors might occur more often) (3 in the screenshot below).

I am not sure if the first option works all that well (don’t forget this was enabled through an “experimental” option). I don’t like the wishy-washy nature of the word “likely”. It does not work with  http://www.example.com even though the site supports https://www.example.com . Even odder perhaps, http://example.com does switch automatically to https://example.com. The second option: Always switch from HTTP to HTTPS (connection errors might occur more often) seems more aggressive, switching both http://example.com and http://www.example.com to their https equivalents.

Given the warning that “connection errors might occur more often”, I thought the second option might prevent me from browsing to http sites, but with it set, I browsed to http://neverssl.com and was able to connect with no problem.

Even though my experience with the experimental feature seems less than a complete solution, I don’t see any major downside to using it. According to the blog, even if a webpage is prevented from loading, you will get a message that provides the option to continue to the site.

Blog

How to stay safe when purchasing online during Christmas time

stay safe while shopping online during xmas

The holiday season is a time for online shopping. It’s convenient, often cheaper, and we can avoid crowds at the mall. But it’s also a time when scammers are out in force, trying to take advantage of unsuspecting shoppers.
That’s why it’s important to be aware of the dangers of online scams and protect yourself.
At GlassWire we really care about security, that’s why in this blog post we’ll give you some tips on how to stay safe when shopping online during the holidays.
Make sure you read this blog post before your next online checkout, during this holiday season!

The importance of online safety when shopping online during the holidays

The holiday season is a time when many people are shopping online and scammers are well aware of that.

The most common type of scam during the holidays is phishing. This is when scammers send emails or create websites that look like they are from a legitimate company, but are actually designed to steal your personal information. They may try to get you to click on a link that will download malware onto your computer, or they may ask you to enter your personal information into a fake website. Be very careful about clicking on links or opening attachments from unknown sources, even if they look like they are from a trusted company. Keep track of all your purchases and store all their tracking numbers. Be suspicious of “missed delivery” emails and when in doubt, check yourself with the tracking number, typed directly into the official courier website.

A very appealing type of scam that is common during the holidays is “free trial” offers. These offers often seem too good to be true, and that’s because they usually are. The scammer will sign you up for a free trial of a product or service, but then start charging you for it after the trial period is over. They may also sign you up for other products or services without your knowledge. Be sure to read the fine print before signing up for any free trial offers, and be sure to cancel any subscriptions that you don’t want before the trial period is over.

Another example of a common scam is the sale of something that has no value. This could be the case with fake gift cards. These card codes could be already redeemed or just be not valid. Purchase only from trustworthy and official websites.

Last but not least, don’t let your goodwill lower your attention. Bogus charity schemes are most likely during the holiday season. Scammers set up fake charities and solicit donations from unsuspecting people who think they are helping others in need. Be sure to do your research before making any donations to charities, and only give to reputable charities that you know well.

How To Protect Yourself From Online Scams

Fortunately, there are some things you can do to protect yourself from being scammed when shopping online during the holidays:

First, only shop on secure websites. Type the name directly into the browser URL bar and avoid following links from suspicious platforms. This will help protect your personal information from being stolen by hackers.

Second, be cautious of emails and attachments from unknown sources—even if they look like they’re from a trusted company—as these may contain malware designed to steal your personal information or infect your computer with viruses. Always check the sender’s address and immediately delete any email coming from addresses that you don’t recognize.

Third, don’t click on links from unknown sources as these could lead you to fake websites created by scammers designed to steal your personal information or infect your computer with viruses. And finally, make sure your computer has up-to-date security software installed which can help protect against malware and other threats.

Unfortunately, it may also be the case when despite paying attention, you do find yourself the victim of an online scam.
It’s not time to give up yet, as there are a few things you can do.

How to report an online scam

If you think you have been the victim of an online scam, there are a few people you can contact. First, you should reach out to the company or website where the scam took place. They may be able to help you get your money back or take other steps to help you. You can also file a complaint with the Federal Trade Commission (FTC). The FTC takes reports of scams and works to stop them. To make a report, go to their website and click on “File a Complaint Online.” Finally, you can also contact your local law enforcement agency.

When you make a report, be sure to include as much information as possible about the scam and what happened. This will help the person or organization you are contacting investigate and take action against the scammer.

Conclusions

It is important to be aware of the dangers of online scams when shopping online during the holidays. This is indeed among the most appealing periods of the year, for scammers, to prey on their victims. 

Buy only from trustworthy marketplaces, read reviews before making any purchase and, if you still fear the risk, go back to local stores. A good talk, a piece of advice, and recommendations are always included in the price of the present.

Blog

Re-authentication after inactivity

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

In September (https://www.glasswire.com/blog/2022/09/16/how-to-disable-automatic-sign-in-to-windows) I showed how to disable automatic sign-in to Windows and make sure all user accounts have a password. In October (https://www.glasswire.com/blog/2022/10/17/re-authentication-when-resumingby-chris-taylor/) I showed how to ensure re-authentication is required after waking from sleep mode or after a screen saver is dismissed.

Choosing what should blank the screen

One drawback to using a screensaver is that it doesn’t cut the video signal (even if the screensaver is set to Blank) and this prevents the monitor from going into a low-power state.

On the other hand, power settings in Windows provide the capability of turning off the monitor after a period of inactivity and this feature does cut the signal to the monitor. A modern monitor can then go into a low-power mode.

Go to Settings | System | Power & sleep and select a time for Screen – turn off after.

You can also set the time for individual power plans. Click the Additional power settings link and then Change plan settings.

Unfortunately, the Windows setting to turn off your monitor doesn’t have an option to require re-authentication when the monitor turns back on after you start using the computer again. However, you can combine the two options to get the best of both worlds.

Set your screen saver to On resume, display log-on screen and choose the Wait period you want. Then, in Power & sleep in Settings set the Screen – turn off after to the same time period. The screen saver will ensure re-authentication is required when you resume and the Power & sleep option allows your monitor to go into low-power mode.

While it is possible to use only power options to have Windows prompt for re-authentication when you resume using your computer, it requires modifications to the registry. While not particularly difficult, I don’t think there is a major downside to use the combination of power settings and screensaver as detailed above.

Dynamic lock

You can configure windows to lock your computer if the Bluetooth signal for a paired phone falls below a certain threshold. In Settings| Accounts | Sign-in options under Dynamic lock select Allow Windows to automatically lock your device when you’re away.

Microsoft says Dynamic lock works with “devices that are paired with your PC” but a phone is the “only currently supported configuration”.

I don’t view Dynamic lock as a main means of protection. It only locks your computer after the Bluetooth signal strength drops below a certain level for 30 seconds and it is interrupted by any keyboard or mouse activity. While it might help you if you accidentally walk away from your computer without locking it, a quick-thinking attacker watching you walk out of the room can easily defeat Dynamic lock simply by moving the mouse or pressing a key.

Blog

GlassWire Roadmap 2023

We recently launched GlassWire 3.0 which came with a number of new features: GlassWire Score, Anomaly Detection and the Management Console… but there is a lot more to come!
We would like to share with you some of the features we are working on:

GLASSWIRE V3 Windows (APP)

New and Simplified Network Traffic Tab
Based on feedback received from our users, we are merging the “Graph” and “Usage” Tab into a new simpler Network Traffic Tab. Stay tuned!

New Tab: Hardware Resources
Ever wished your Windows Task Manager gave you a comprehensive history of your PC’s resource utilization metrics? You will soon be able to have one with Glasswire! Next to the Network Traffic Tab, you will soon see a new Hardware Resources tab with a simple to use interface to view historical resource consumption (CPU, Memory, Disk) of all past and present processes and applications running locally on your PC.

New View in Network Traffic tab: Geo Map
We are introducing a new view in Network Traffic which will visually and more intuitively show you on a world map where your traffic is going/coming from.

Goodbye Things, welcome Network Scanner
The current Things tab is having a makeover. We are renaming it Network Scanner and significantly improving device recognition with the addition of device type, brand and model, so you can better understand what actually is on your network! And by the way, we will soon be moving Network Scanner under the free plan (it’s currently available only to paying subscribers).

GLASSWIRE V3 Management Dashboard (WEB)

Improved endpoint management.
We will be enriching the data which is available on the management console (location, username, Organization) in order to allow our heavy-duty users to manage hundreds or thousands of endpoints.

Consolidated reporting across your endpoints.
You will soon be able to aggregate historical data traffic reporting (and eventually hardware resource utilization) across your endpoint, seeing totals for your organization (or home) and/or outliers amongst your user base.

New alerts management to allow you to configure email alerting if any anomaly is detected in any of your endpoints.

Blog

GlassWire partners with Domotz

Austin, November 17, 2022
Securemix LLC. and Domotz Inc. announced today that the companies have entered into a strategic partnership that will enhance the commercial capabilities of GlassWire. 

The commercial distribution agreement will allow Domotz to resell the GlassWire software providing even greater strength to GlassWire’s growth efforts. 

The partnership brings together the expertise of two players active in the network monitoring space. 

GlassWire is an application that provides complete visibility and control over digital traffic generated or received by an end-user endpoint on a computer network. With over 30 million downloads since inception and hundreds of thousands of daily users, the software is currently one of the most popular and well-recognized traffic monitoring solutions for windows PC and android. The company is expanding its offering from the Prosumer market to the IT professional and Enterprise space. 

Domotz, established in 2015, is a fast-growing US-based company that operates in the IT Asset Management, Network Visibility, and Telemetry space, helping thousands of IT Professionals, System Admins, and MSPs manage their network infrastructure in over 110 countries worldwide.

In the future, the two companies plan to exploit more partnership opportunities.

Blog

GlassWire 3.0 is finally live

We have launched a new version of Glasswire and are excited to share many new features with you!

Gain even more visibility into your network traffic with our latest features! 

We have been working hard over the past months to improve our software and we are proud to announce the introduction of some new and exciting features. We believe they will radically improve your understanding of all the network traffic generated from your PCs.

  • GW Score – To further enhance GlassWire as an endpoint security solution, we have introduced the GW Score, which will allow you to gain better insights into the safety of the applications running on your PC. Thanks to the GW Score, based on an algorithm that analyzes the applications’ popularity, you will understand if any applications running on your machine are “one of a kind” and therefore potentially dangerous. If you do use customized software, you can mark it as “safe”.

    The GW Score ranges from 0 to 100%. If an application looks suspicious (typically runs on less than 1% of users’ machines), you can immediately block it, thanks to GlassWire’s firewall.
  • Anomaly Detection – Did you ever wonder if the amount of traffic generated by your computer can be considered normal? To help you understand it, we have developed a new feature called “Traffic Anomaly Detection”. By analyzing the volume and frequency of your data streams, GlassWire can identify anomalies in your network traffic and suspicious applications.

You will find these new features on the Security Tab of your GlassWire App.

Create your GlassWire account

By creating an account you will gain access to your personal GlassWire Management Console.
The Management Console is a dashboard that you can access from anywhere, allowing you to view and manage all endpoints associated with your account. Within the Management console you can access and make changes to your account information, manage billing details, upgrade your plan and add all the endpoints you need!

Click on the button below to download the new GlassWire.

Blog

Re-authentication when resuming
by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

In September (https://www.glasswire.com/blog/2022/09/16/how-to-disable-automatic-sign-in-to-windows) I showed how to disable automatic sign-in to Windows and make sure all user accounts have passwords. There are other areas where you might want to consider ensuring authentication is required to maximize security and help ensure your information, privacy, and identity are protected.

Sleep

If you have your computer sleep after a period of time, it is a good practice to require authentication when the computer wakes up.

Go to Settings | Accounts | Sign-in options. In the section Require sign-in set If you’ve been away, when should Windows require you to sign in again to When PC wakes from sleep. In Windows 11, the section is titled Additional settings.

Screen savers

Screen savers get their name from old-style monitors that were highly susceptible to “burn in” if left with the same contents on the screen for a long period of time, resulting in a ghost image permanently etched in. While modern monitors are not (as) susceptible, some people still use screen savers. If you sometimes step away from your computer while a screen saver is active, a good practice is to have re-authentication required when you start using the computer again.

Microsoft has still not migrated the configuration of screen savers to the 10-year-old Settings app! Go to Settings | Personalization | Lock screen, and click the link to Screen saver settings to open the Control Panel applet for Screen Saver Settings.

Put a checkmark in the box On resume, display log-on screen.

Immediately lock the computer

If you are going to step away from your computer, it is a good practice to lock the computer. The simplest way is to press

 (Windows key+L) to lock the computer. You will have to re-authenticate to access the computer again.

When Windows turns off the display

There is one other area of concern—when Windows is set to turn off the display after a period of inactivity. It is surprisingly difficult to add the requirement to re-authenticate when you bring the display back to life. I will cover that next month.

Blog

Cyber Attack News 2022

Cyber attack news 2022

For 12 years in a row, the US holds the first spot for the highest cost of a data breach, which currently stands at $9.44 million, twice the global average.

From major corporations to small businesses, no one is safe from the reach of cybercriminals, with healthcare getting hit the hardest. And with the COVID-19 pandemic, geopolitical unrest, and economic instability only exacerbating the problem, 2022 has had its fair share of cyber attacks. Here are just a few of the major cyber attacks news today 2022:

Lapsus$ Group’s Extortion Spree

The Lapsus$ Group has been on a tear lately, successfully extorting millions of dollars from some of the world’s largest companies by stealing their data and then threatening to release it publicly unless they’re paid off. The group has hit companies in a wide range of industries, including healthcare, technology, manufacturing, and retail.

Some affected companies include Samsung, Nvidia, and Ubisoft. In many cases, the group has been able to successfully steal sensitive data, such as customer records and financial information, largely through phishing attacks, without being detected. In March, the group breached and leaked source code associated with Cortana, and the British police managed to arrest about seven people that may be associated with the group.

Chilean Court System Hit With Ransomware Attack

The Chile Consumer Protection Agency was hit by a ransomware attack starting on August 25th, 2022. In September, thousands of emails were hacked from the Chilean military and published on the internet. The judicial system attributed the spread of the attack to a phishing email containing the Cryptolocker Trojan.

The attack affected Windows 7 computers and breached about 1% of the court’s computers. According to Angela Vivanco, the Supreme Court spokeswoman, no data was stolen, and the attack was minor. Using the Windows 7 computers played a huge part in the attack, given that Microsoft no longer offers any updates and support for the system.

Ronin Crypto Network Hack

In April, Ronin, an NFT and crypto company, experienced a data breach that set the company back a whopping $540 million. The cyber attack was so bad that Binance had to come to the rescue and save the company. The hackers breached the platforms and stole the funds on March 23rd. The majority of the funds were owned by customers who won most of it from playing the Axie Infinity game.

Binance injected about $150 million into the company to ensure that customers got back what they lost from the breach. The company took almost a whole week to notice the hack, at which point the value of the coins had escalated to about $615 million. This is the second largest cryptocurrency heist ever recorded.

Crypto.com $30 Million Hack

In January 2022, the popular cryptocurrency exchange, Crypto.com was hacked to the tune of $30 million. The funds were stolen from customer wallets belonging to some 430 users. Initially, Crypto.com downplayed the hack by calling it an incident but then announced that the hackers got away with 443.93 BTC, which would convert to $18 million, and 4,836.26 ETH, which was equivalent to $15 million.

The breach also included other currencies that amounted to $66,200. Crypto-com detected the hack when hackers started making transactions without using the 2FA and immediately suspended withdrawals and forced their customers to log in again in order to set up the 2FA authentication. According to the company, customers were reimbursed fully.

Shields Health Care Group data breach

In March of 2022, hackers breached the Shields Health Care Group and exposed data belonging to some 2 million people in the US. This Massachusetts medical service provider deals in ambulatory surgical services, radiation oncology, and MRI/CT imaging.

The hackers had access between March 7th to March 21st, a long enough time to access sensitive patient data such as full names, social security numbers, billing information, medical record number, insurance information, and much more. This is very valuable information, and hackers can use it for a plethora of things, including extortion, phishing, scamming, and social engineering.

Given that Shields Health Care Group partners with numerous hospitals, the consequences of the breach are said to have impacted about 56 health facilities, some of which may include Winchester Hospital, Central Maine Medical Center, and Tufts Medical Center.

Block Cash App Breach

Block, a Fintech company, confirmed a breach that affected a massive 8 million people. The breach involved one of the employees who downloaded some reports from the Cash App. The employee had initial access while working for the company but breached the information after termination without permission. According to Block, the information did not include personal information such as passwords, payment card information, or social security numbers.

GM Motors Data Breach

In May, GM Motors experienced a major hack that exposed sensitive information belonging to car owners. This included phone numbers, addresses, names, car maintenance history, and mileage.

The company revealed the breach on May 16th and explained that the breach affected an undisclosed number of online users in April. Additionally, further investigation revealed that the hackers also stole customer reward points that were later redeemed for gift cards.

Plex Streaming Site Hack

Plex is one of the largest streaming apps on the internet, with about 30 million registered customers. This app allows users to stream live television and movies and allows users to access their own videos, photos, and audio on the platform.

Both streaming and personal media were affected, but the company did not disclose how many of those users were affected. However, they did admit that the majority of accounts were affected and went ahead to ask users to reset their passwords.

Red Cross Data Breach

The Red Cross and Red Crescent Movement experienced a breach in January. Hackers attacked servers with the personal information of over half a million people. The hackers accessed information that reconnected people separated by violence, war, or migration. To curb the damage, Red Cross took their servers offline.

Hackers Post ‘Child Nudity’ on UCP Candidate Facebook pages

In August, hackers took over the social media accounts of United Conservative Party leadership candidate Leela Aheer and posted graphic images. The images consisted of child nudity and sexual exploitation and were only up for a few minutes before being taken down.

It’s unclear how the hackers got access to her accounts, but Leela Aher said she would not be backing down from her campaigns. The UCP released a statement saying they do not condone the actions of the hackers and will be working with Leela Aheer to ensure her safety.

Cyber Attack News 2022: A Look at Major Attacks So Far

These are some of the major cyber-attacks that have occurred this year. As you can see, no one is safe from hackers, not even large companies with sophisticated security systems. It is important to always be vigilant and take steps to protect yourself online. As a business, make sure you have a robust security system in place and that your employees are trained on cybersecurity best practices.

And finally, if you are a consumer, make sure you are using strong passwords and unique email addresses for different accounts. Cybersecurity is a team effort, and we all need to do our part to stay safe online.

Blog

How to Prepare for a Cyber Attack

how to prepare foa a cyber attack

According to research, cyberattacks cost US businesses about 6.9 billion in 2021 alone, and even more alarming is the fact that only about 50% of businesses are financially prepared for a cyber attack. This leaves a huge gap in terms of preparedness, and unfortunately, many businesses only realize the importance of cyber security when it’s too late.

The thing is, an ounce of prevention is worth a whole load of cure when it comes to cybersecurity. So, what can you do to prepare for a cyber attack? Here is everything you need to know about how to prepare:

Assess Your Exposure: Not Everyone Faces the Same Risks

You can’t properly prepare for a cyber attack without first knowing where your vulnerabilities lie. Depending on the type of business you have and the industry you work in, you’ll be more vulnerable to some types of attacks than others.

For example, if you store sensitive customer data, like credit card numbers or personal health information, you’re a prime target for hackers who want to sell that information on the black market. But even if you don’t store sensitive data, you can still be a target. Hackers may attack your business simply to disrupt your operations or to steal your intellectual property.

Train Your Employees: They’re Your First Line of Defense

One of the most important things you can do to prepare for a cyber attack is to train your employees in cybersecurity best practices. They need to know how to spot red flags, like phishing emails and suspicious links, and they need to know what to do if they think they’ve been targeted.

You should also have a plan in place for what to do in the event of a cyber attack. This plan should include steps for how to contain the damage, like isolating affected computers from the rest of your network and how to report the incident to the proper authorities.

Invest in Cybersecurity: It’s Worth the Money

You can’t afford to skimp on cybersecurity. Investing in the latest security technology and software is important in preparing for a cyber attack. But don’t stop there – you also need to ensure your systems are always updated with the latest security patches. And you should consider hiring a team of cybersecurity experts to help you monitor your systems and respond to threats.

Use Proper Encryption: It Could Save Your Business

If you’re storing sensitive data, proper encryption is a must. Even if you’re not required by law to encrypt your data, it’s still a good idea. That’s because encrypted data is much harder for hackers to access and use.

Encryption is the process of transforming readable data into an unreadable format. This is done using a key, which is like a password that allows you to decode the information. There are two types of encryption:

Symmetric: Both sender and receiver use the same key to encode and decode messages.

Asymmetric: Each person has their own key, which they use to encode messages. The other person has a different key, which they use to decode the message.

You should always use encryption when sending or receiving sensitive information, such as credit card details or passwords. This way, even if the data is intercepted, the cybercriminal will not be able to read it.

Use Two-Factor Authentication and VPNs: Extra Layers of Protection

Two-factor authentication (2FA) is an extra layer of security that requires you to enter a code, in addition to your username and password, when logging into an account.

The code is usually sent to your phone via text message or generated by an app. This makes it much harder for cybercriminals to gain access to your accounts, even if they have your username and password, as they would also need your phone.

VPNs or Virtual Private Networks also play an integral role in data breach protection because they encrypt all the data sent between your device and the internet, making it much harder for anyone to intercept and read it. This is especially important when using public Wi-Fi, as it’s very easy for cybercriminals to set up fake hotspots and intercept the data sent by unsuspecting users.

Implement Strong Access Controls: Limit Who Has Access

Restricting access to systems and data is one of the most effective ways to prevent cyber attacks. By implementing strong access controls, you can make it much harder for cybercriminals to gain access to your systems. There are two types of access control methods:

Discretionary Access Control (DAC)

DAC is a security mechanism that determines who can access which resources and how they can use them. When using DAC, the system administrator assigns permissions to users, groups, or devices.

Mandatory Access Control (MAC)

MAC is a security model that uses labels to control access to resources. With MAC, the operating system ensures that users only have access to the resources they’re allowed to access, based on their security level.

Know Your Data: Where is it and Who Has Access to It?

To protect your data, you first need to know what type of data you have and where it resides. This seems like a no-brainer, but many organizations don’t clearly understand what data they have and where it’s stored.

Conduct an inventory of all the systems in your organization and map out where sensitive data is stored. Once you know what data you have, you can start to put in place the appropriate security measures to protect it.

Implement Strong Security Measures: Keep Your Systems Up-to-Date

Cybercriminals are constantly finding new ways to exploit vulnerabilities, so it’s important that you close any gaps in your system’s defenses. There are a few technical security measures you can put in place to make it more difficult for cybercriminals to penetrate your systems. Here are some key things to do:

Use a firewall: This will help block unauthorized access to your network.

Install antivirus software: This will detect and remove any malicious software that manages to get through your firewall.

Keep your software up to date: Regular updates will patch any vulnerabilities in your software that cybercriminals could exploit.

Use strong passwords: Long, complex passwords are harder to crack than short, simple ones. Use a combination of letters, numbers, and symbols to make them as strong as possible.

Encrypt your data: This will make it much more difficult for cyber criminals to read your data if they manage to get their hands on it.

How to Prepare for a Cyber Attack: A Comprehensive Guide

By taking these steps, you can significantly reduce the chances of falling victim to a cyber attack. However, it’s important to remember that no system is 100% secure, and there’s always a risk that something could go wrong. That’s why it’s also important to have a plan in place for how to deal with a breach if one does occur.