Email continues to be the largest attack vector, according to a recent study from Mimecast. Most organizations realize this but lack additional controls and fail to properly educate their users on how to identify attack methods such as phishing, malicious attachments and Business Email Compromise. The axiom is “People, Process, Technology” – use them properly to minimize email-based threats.
Intel is back in the news with another vulnerability related to their CPU architecture. Two separate academic teams disclosed two new and distinctive exploits that bypass Intel’s Software Guard eXtension, which is the most sensitive region of the company’s processors because it protects encryption keys. The new SGX attacks are known as SGAxe and CrossTalk. Both break into the fortified CPU region using separate side-channel attack. Keep your eyes open for patches that are on their way.
Have you ever wondered what your data is worth on the dark web? While criminals are willing to pay for personal data, the COST to those who’s information has been compromised is larger, by an order of magnitude.
- Online banking logins cost an average of $35
- Full credit card details including associated data cost $12-20
- A full range of documents and account details allowing identity theft can be obtained for $1,500
An alarming trend that is being observed – ransomware attackers are not just encrypting systems and waiting for payment. They are moving laterally across the organization, using gathered credentials to steal unencrypted files before deploying the ransomware attack. They also find additional ways to “persist” on the network undiscovered even after the ransomware attack has concluded. Be aware, be informed.