Category: In The News


Americold Gets Attacked By Ransomware

By Amine Mekkaoui,

Company food-supply giant Americold admits to being attacked by Ransomware recently which caused them to take down their operations in their company including talks for COVID-19 distribution contracts. According to the Securities and Exchange Commission (SEC), the ransomware attack has affected the company’s phone systems, email, inventory management and order fulfillment. Nozomi co-founder Andrea Carcano says that the attack highlights the concern that attackers are now targeting larger and more critical organizations. Americold has immediately resolved the issue.

Attacks like this could be prevented by a firmly secured security infrastructure. If big companies are not exempted from attacks, so are you. Croyten can help you secure your organization. Visit our website to learn more about our services.

Facebook Patches Bug That Spy on Android Users

By Amine Mekkaoui,

A vulnerability that could connect video and audio calls without the knowledge of the person receiving them has been patched by Facebook, the company reports. The vulnerability was a significant flaw in the Android version of Facebook Messenger which is the opposite of the normal scenario where audio from the person making the call would not be transmitted until the person on the other end accepts the call. The bug automatically transmits audio while the callee is being rang. This would have allowed cyber attackers to spy on users and potentially identify their surroundings without them knowing if left unchecked. The company fixed the flaw on November 19.

On other news, Croyten is offering a vulnerability assessment which can help you identify and immediately attend to your organization’s security weaknesses. To know more, visit our website.

Zoom Rolls Out End-to-End Encryption

By Amine Mekkaoui,

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption (E2EE). This is after receiving backlash over false marketing around its encryption policies. Zoom has faced various controversies including several lawsuits alleging that the company falsely told users that it offers full encryption. The company is also under fire for announcing that the E2EE is for paid users only. The topic of encryption is critical for Zoom as it ramps up its security and privacy measures. Zoom’s latest E2EE will use public-key cryptography, meaning that the keys for each Zoom meeting are generated by participants’ machines (as opposed to Zoom’s servers). 

On a different note, if your organization needs assistance with your IT and cyber security, feel free to check the services we offer at Croyten.

Scammers Send Malicious Links Via Google Drive

By Amine Mekkaoui,

Hundreds of thousands of Google Drive users are receiving malicious links from cybercriminals. This is after scammers are found to be leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. Attackers are abusing Google Drive’s legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc. Because they are sent via Google Drive, the notifications come from Google’s no-reply email address, making them appear more legitimate. Other iterations of the attack are sent via email. Google is currently working on new security measures for detecting Google Drive spam.

Croyten specializes in building protection against these kinds of attacks. We help your organization stay protected by building proper infrastructures and providing security guidelines. Learn more about our services by visiting our website.

Cybersecurity Skills Shortage Is ‘Bad,’ Says Survey

By Amine Mekkaoui,

According to the survey published by Trustwave titled “How to Minimize the Impact of the Cybersecurity Skills Shortage,” more than half of cybersecurity professionals in a recent survey — 57 percent — reported that the cybersecurity skills shortage is either “bad” or “very bad” at their companies. Created a critical shortage of manpower in the cyber-defense sector are increasing exposure, ferocious growth in cybercrime numbers and a lack of qualified cybersecurity professionals to combat rising threats. In addition to this is the stressful nature of the job which stretches cyber professionals to their limits. All of this is making it challenging for companies to keep up. The prescription, according to the Trustwave report, is a “three-pronged approach of people, process and technology.”

Croyten follows the three-pronged approach. We help organizations build their infrastructure, streamline their data and security process, and then provide high-quality and experienced talents to help run the organization. To see more of our services, visit our website.

Cybercriminals Prey On Job Candidates Through Phishing

By Amine Mekkaoui,

Cybercriminals prey on job candidates through phishing

Cybercriminals cashed in on the surge of COVID-19 earlier this year, with email lures purporting to be from healthcare professionals offering more information about the pandemic. They sent spear phishing emails pretending to be about economic incentives, as governments offered financial aid to those affected by the pandemic. “As jobs started to be recreated in the industry we saw lures targeting candidates for jobs,” said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs.

The rise of web-based threats, the continuance of low-volume, high-risk, targeted ransomware attacks can be prevented through proper and strong security systems. Croyten helps the organization make this happen. Our services can be found in this link.

Surge in IoT Devices Lures More Cyberattacks

By Amine Mekkaoui,

Surge in IoT Devices lures more cyberattacks

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks. IoT devices are now responsible for 32.72 percent of all infections observed in mobile and Wi-Fi networks, and this will continue to grow “dramatically” as connected devices continue to populate in homes and enterprise settings alike, according to Nokia’s Threat Intelligence Report 2020. 

There are more and more devices for cybercriminals to scan and IoT devices are even a target for ransomware. This is no surprise since IoT devices have long been under scrutiny for their lack of security measures.

Croyten’s services focus on trimming down vulnerabilities, such as the ones mentioned above, to a tolerable level. We do this through extensive vulnerability and risk assessments. To know more about our services, visit our website.

Ransomware Attacks Vaastamo; Hackers Blackmailing Patients

By Amine Mekkaoui,

Cybercriminals have already reportedly posted the details of 300 Vastaamo patients – and are threatening to release the data of others unless a ransom is paid. According to Vastaamo, the names and contact information of those 300 patient records have been published. Beyond names and contact data, it’s unclear how much other data was compromised in the breach. On top of this, the sensitive nature of the data makes this breach – and subsequent ransom threats – particularly insidious. 

Other data leaks have recently occurred that exposed sensitive user data. Last week, researchers found an unprotected Google Cloud storage bucket owned by pharma giant Pfizer that exposed data including phone-call transcripts and personally-identifiable information (PII). 

Attacks like this could have been prevented with strong and firm security foundations. Croyten helps its clients plan, protect, and prevent. To know more about our services, visit our website.

With Google’s promotion of their Chrome 86 versions, 35 security fixes are also being rolled out among Windows, Mac, Android and iOS users. The fixes include a critical bug and a feature that checks if users have any compromised passwords.

There is one flaw that remains, however.  Included in the newest browser version is a critical flaw (CVE-2020-15967) existing in Chrome’s payments component.  This can cause an array of malicious impacts, from causing a program to crash, to potentially leading to execution of arbitrary code.

Google won’t disclose further details about the bugs as “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” according to their Tuesday post.

Ransomware Attack Slows Down COVID 19 Clinical Trials

By Amine Mekkaoui,

Ransomware Attack Slows Down COVID 19 Clinical Trials by Croyten

eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines, has been hit by a ransomware attack. According to initial investigation, the attackers could be financially motivated or backed by a nation-state looking to gain competitive advantage. Researchers were forced to switch to pen and paper for tracking patient data while the attack went on for almost two weeks. Thanks to data backups, the impact of the attack was limited and the company is now in recovery mode.

It’s known that attacks on organizations leading the medical fight against the coronavirus pandemic have been continuing. Hence, it is crucial to stay safe now more than ever from cyberattacks especially that a huge portion of the world is starting to operate online. 

On a side note, our company Croyten helps in cybersecurity. To know more about us, just click this link: https://croyten.com/