News wrap on trending cyber-attacks; SAP, DoubleAgent, banking Trojan, WhatsApp

March 23, 2017

Cyber crime is only likely to increase, despite the best efforts of government agencies and cyber security experts. Its growth is being driven by the expanding number of services available online and the increasing sophistication of cyber criminals who are engaged in a cat-and-mouse game with security experts. With the right level of preparation and specialist external assistance, it is possible to control damages, and recover from a cyber breach and its consequences.

A serious vulnerability in the SAP client GUI could expose millions of end-users of the popular enterprise resource planning (ERP) software to ransomware attacks – and worse.

That is the warning of Vahagn Vardanyan, a senior security researcher at ERP software security specialists ERPScan, demonstrating the flaw for the first time.

Read More

A new proof-of-concept exploit known as DoubleAgent can not only hijack third-party Windows antivirus software, but use said software to deliver further attacks. While there is no evidence that the exploit has made its way into the wild yet, most antivirus programs are still completely vulnerable to it.

Read More

A foul-mouthed Android banking trojan that once appeared was neutralized after its distributors were rounded up in a police raid has shown new signs of life, suggesting the operation was larger than originally thought, researchers at Check Point Software Technologies claim.

Read More

WhatsApp Web & Telegram Web – two of the world’s most popular messaging services with over 1 Billion and 100 Million monthly users respectively. By simply sending a photo, an attacker could gain control over user’s accounts, access message history, all photos that were ever shared, and also send messages on behalf of the user. The vulnerability allows an attacker to send the victim malicious code, hidden within a photo and as soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account.

Read More

Social Media Is a Popular Target

How to Prevent a Social Media Hack

Many companies had to learn this the hard way. While social media hacks can be very crafty, many times you can avoid trouble if you follow these these teps.

1. Educate All Employees

This is the most important point to follow. While you should pay special attention to instructing those who have direct access to your company’s social media accounts, all employees should go through basic social media safety training.

Considering that people check their social media accounts a staggering 17 times a day and more than 60 percent of enterprises allow employee use of personal devices to access corporate data, cybersecurity has quickly become everyone’s concern. Training sessions should specifically focus on fostering good password hygiene, recognizing spam and phishing attempts, sharing personal information and establishing privacy settings.

2. Limit Access

I have read articles that advise not giving social media staff access information at all and instead letting them use third-party tools such as Hootsuite or Sprout Social. That is usually not feasible; someone on the social media team will likely need to know account information to fulfill certain job responsibilities such as advertising or adding other tools.

However, not all employees on the social media team necessarily needs to know the login information to your accounts. By using third-party management tools, more junior employees or occasional users who do not necessarily require full access credentials can publish and monitor the accounts without having control over settings. Only trusted, reputable apps should be allowed to connect to the account.

3. Make Good Password Hygiene Easier

Every company should have a social media security policy in place, and it should have guidelines for proper password use. Make this document easy to find and digest. Since people learn better through visuals, it’s a good idea to highlight key points with images or infographics.

For the employees who have the keys to the castle (typically the company’s social media managers), create a checklist that gets emailed to them every three months as a reminder to:

  • Change the passwords on social media accounts and third-party management tools per company guidelines (e.g., minimum number of characters, upper- and lowercase letters, letters and numbers included, etc.).
  • Avoid reusing the same password.
  • Verify that the information connected to the account (e.g., email, phone number, etc.) is up to date.
  • Remove admins who no longer need access.
  • Eliminate apps that no longer need access.

For accounts that are administered via employees’ personal accounts, prompt them to change passwords there as well. Two-factor authentication (One-Time Password) should be enabled on sites that offer this option. If an employee who had access to these accounts leaves the company, the password should be changed immediately.

Intrusions happen, threats emerge and your security operation needs to be at its peak efficiency. Anglo African solutions can quickly intercept threats and thus help in avoiding data breaches. For more information about cyber security kindly contact Anglo African on 2331636 or by e-mail at contact@infosystems.mu

Pin It

Comments (0)
» Blog, Uncategorized » News wrap on trending cyber-attacks;...
On March 23, 2017
By

Leave a Reply

Your email address will not be published.

« »