Entries by Eric Hess

Scamming Tax Refunds and COVID-19 Relief: The Weaponization of Trash and Recycling

Scamming Tax Refunds and COVID-19 Relief: The Weaponization of Trash and Recycling
In a recent study, researchers have discovered an upward surge in threat activity designed to capture a wide range of payments and appropriations between taxpayers and the government, targeting tax refunds to COVID-19 appropriations. Some of these efforts trace back to accountants involved in tax preparation services that dispose of customer hard copy paperwork insecurely via...

Ransomware’s New Double Threat

Ransomware’s New Double Threat
The common ransomware attack pattern has traditionally involved threat actors holding access to data hostage in return for a ransomware payment. There is now an uptrend in a second layer of extortion…increasingly hackers are extracting large quantities of sensitive information (such as customer, financial and employee information) and threatening publication unless ransom demands are paid. To prove that they intend to execute on the threat, a small portion is leaked on the dark...

Secure Your Teleworkers To Counter New Threats

remote working security risks
With more organizations adapting to working from home due to Coronavirus or COVID-19, there is a tremendous surge in online activities from home devices…and increased remote working security risks. Organizations need to focus on securing their remote workforce from such vulnerabilities.  With “Stay At Home” orders or their equivalents impacting huge worldwide populations, organizations have adapted by asking their staff to work from home or telecommuting and are embracing conference calling, video conferencing for e-meetings, etc. like never...

FBI Issues Telework Security Warning & Zoom’s Security Problems Worsen

My recent blog post: Is Secure Video Conferencing Achievable? How To Improve Security for Your Video Conferencing App covered the basics of video conference application security and touched on Zoom’s security and privacy issues.  Well, it seems the doubts are becoming much more widespread, a recent report by Citizen Lab finds issues not only with Zoom’s encryption (aside...

Two New Critical Windows Vulnerabilities That Permit System Take Over – No Patch Available Yet

Two New Critical Windows Vulnerabilities That Permit System Take Over – No Patch Available Yet
A two zero-day critical vulnerabilities in the Windows OS enables hackers to take over systems, Microsoft said in a security alert yesterday.  The zero-day vulnerability is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows. Microsoft says there are two remote code execution (RCE) vulnerabilities...