Category: In The News

Zoom Rolls Out End-to-End Encryption

By Amine Mekkaoui,

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption (E2EE). This is after receiving backlash over false marketing around its encryption policies. Zoom has faced various controversies including several lawsuits alleging that the company falsely told users that it offers full encryption. The company is also under fire for announcing that the E2EE is for paid users only. The topic of encryption is critical for Zoom as it ramps up its security and privacy measures. Zoom’s latest E2EE will use public-key cryptography, meaning that the keys for each Zoom meeting are generated by participants’ machines (as opposed to Zoom’s servers). 

On a different note, if your organization needs assistance with your IT and cyber security, feel free to check the services we offer at Croyten.

Scammers Send Malicious Links Via Google Drive

By Amine Mekkaoui,

Hundreds of thousands of Google Drive users are receiving malicious links from cybercriminals. This is after scammers are found to be leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. Attackers are abusing Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc. Because they are sent via Google Drive, the notifications come from Google’s no-reply email address, making them appear more legitimate. Other iterations of the attack are sent via email. Google is currently working on new security measures for detecting Google Drive spam.

Croyten specializes in building protection against these kinds of attacks. We help your organization stay protected by building proper infrastructures and providing security guidelines. Learn more about our services by visiting our website.

Cybersecurity Skills Shortage Is ‘Bad,’ Says Survey

By Amine Mekkaoui,

According to the survey published by Trustwave titled “How to Minimize the Impact of the Cybersecurity Skills Shortage,” more than half of cybersecurity professionals in a recent survey — 57 percent — reported that the cybersecurity skills shortage is either “bad” or “very bad” at their companies. Created a critical shortage of manpower in the cyber-defense sector are increasing exposure, ferocious growth in cybercrime numbers and a lack of qualified cybersecurity professionals to combat rising threats. In addition to this is the stressful nature of the job which stretches cyber professionals to their limits. All of this is making it challenging for companies to keep up. The prescription, according to the Trustwave report, is a “three-pronged approach of people, process and technology.”

Croyten follows the three-pronged approach. We help organizations build their infrastructure, streamline their data and security process, and then provide high-quality and experienced talents to help run the organization. To see more of our services, visit our website.

Cybercriminals Prey On Job Candidates Through Phishing

By Amine Mekkaoui,

Cybercriminals prey on job candidates through phishing

Cybercriminals cashed in on the surge of COVID-19 earlier this year, with email lures purporting to be from healthcare professionals offering more information about the pandemic. They sent spear phishing emails pretending to be about economic incentives, as governments offered financial aid to those affected by the pandemic. “As jobs started to be recreated in the industry we saw lures targeting candidates for jobs,” said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs.

The rise of web-based threats, the continuance of low-volume, high-risk, targeted ransomware attacks can be prevented through proper and strong security systems. Croyten helps the organization make this happen. Our services can be found in this link.

Surge in IoT Devices Lures More Cyberattacks

By Amine Mekkaoui,

Surge in IoT Devices lures more cyberattacks

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks. IoT devices are now responsible for 32.72 percent of all infections observed in mobile and Wi-Fi networks, and this will continue to grow “dramatically” as connected devices continue to populate in homes and enterprise settings alike, according to Nokia’s Threat Intelligence Report 2020. 

There are more and more devices for cybercriminals to scan and IoT devices are even a target for ransomware. This is no surprise since IoT devices have long been under scrutiny for their lack of security measures.

Croyten’s services focus on trimming down vulnerabilities, such as the ones mentioned above, to a tolerable level. We do this through extensive vulnerability and risk assessments. To know more about our services, visit our website.

Ransomware Attacks Vaastamo; Hackers Blackmailing Patients

By Amine Mekkaoui,

Cybercriminals have already reportedly posted the details of 300 Vastaamo patients – and are threatening to release the data of others unless a ransom is paid. According to Vastaamo, the names and contact information of those 300 patient records have been published. Beyond names and contact data, it’s unclear how much other data was compromised in the breach. On top of this, the sensitive nature of the data makes this breach – and subsequent ransom threats – particularly insidious. 

Other data leaks have recently occurred that exposed sensitive user data. Last week, researchers found an unprotected Google Cloud storage bucket owned by pharma giant Pfizer that exposed data including phone-call transcripts and personally-identifiable information (PII). 

Attacks like this could have been prevented with strong and firm security foundations. Croyten helps its clients plan, protect, and prevent. To know more about our services, visit our website.

With Google’s promotion of their Chrome 86 versions, 35 security fixes are also being rolled out among Windows, Mac, Android and iOS users. The fixes include a critical bug and a feature that checks if users have any compromised passwords.

There is one flaw that remains, however.  Included in the newest browser version is a critical flaw (CVE-2020-15967) existing in Chrome’s payments component.  This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code.

Google won’t disclose further details about the bugs as “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” according to their Tuesday post.

Ransomware Attack Slows Down COVID 19 Clinical Trials

By Amine Mekkaoui,

Ransomware Attack Slows Down COVID 19 Clinical Trials by Croyten

eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines, has been hit by a ransomware attack. According to initial investigation, the attackers could be financially motivated or backed by a nation-state looking to gain competitive advantage. Researchers were forced to switch to pen and paper for tracking patient data while the attack went on for almost two weeks. Thanks to data backups, the impact of the attack was limited and the company is now in recovery mode.

It’s known that attacks on organizations leading the medical fight against the coronavirus pandemic have been continuing. Hence, it is crucial to stay safe now more than ever from cyberattacks especially that a huge portion of the world is starting to operate online. 

On a side note, our company Croyten helps in cybersecurity. To know more about us, just click this link:

IRS COVID-19 Relief Payment Gets Prone to Phishing

By Amine Mekkaoui,

IRS-COVID-19-Relief-Payment-Gets-Prone-to-Phishing by Croyten

A credential-phishing email campaign is making the rounds, using the lure of coronavirus tax relief to scam people into giving up their personal information. The data-harvesting cybercriminals are looking to take advantage of the Internal Revenue Service (IRS) deadlines that are approaching for consumers who haven’t received an Economic Impact Payment. Using a SharePoint form, users are asked for email credentials, Social Security numbers, driver’s license numbers and tax ID numbers.

To avoid falling victim, users should remain vigilant, and be wary of entering any personal information – including Social Security numbers and the like – after clicking on a link in an email. If your organization is prone to phishing and other similar attacks, better have your system and employees ready. You may tap an IT Solutions company to help you out, such as Croyten. The company assists organizations in creating IT systems that cannot be penetrated by cyber attackers

Beware of Facebook Grant Scams

By Amine Mekkaoui,

Offering $100 million in cash grants to businesses affected by the coronavirus pandemic, Facebook has been scrammed by scammers through phishing. Knowing that this is such big news, cybercriminals presented the news as if Facebook was handing out money to all users of the social network affected by COVID-19. They created a website similar to the news outlet, CNBC, and asks its victims to fill out and submit a form which gives them access to the users Facebook account — enough to trick their friends into sending money. The real CNBC site does indeed have an article about Facebook grants, but for businesses — the real beneficiaries of the program. 

On a different note, if your organization needs assistance with your IT and cyber security, feel free to check the services we offer at Croyten.