Search
  • Avantia Threat Update

GOOGLE MOVES AWAY FROM A DIET OF 'COOKIES' TO TRACK USERS



THIS PAST WEEK:

Google Moves Away From Diet of 'Cookies' to Track Users; The perils of cheap smartphone and laptop chargers; Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers; North Korean attacks on crypto exchanges reportedly netted US$316m in two years; This cutting-edge cloud-computing service is helping researchers track COVID's spread; Ransomware romps through UK; US Cellular has CRM disaster that goes from bad to worse; Big takedowns of ransomware gangs match the big surge in ransomware but don't fix the problem, and major data breaches in UNITED STATES; UNITED KINGDOM; AUSTRIA and HONG KONG.

Dark Web Top Threats This Week

Top Source Hits: ID Theft Forum Top Compromise Type: Domain Top Industry: Sales & Retail Top Employee Count: 501+

Google weans itself off 'Cookies' to track users.

Google is weaning itself off user-tracking "cookies" which allow the web giant to deliver personalized ads but which also have raised the hackles of privacy defenders. Last month, Google unveiled the results of tests showing an alternative to the longstanding tracking practice, claiming it could improve online privacy while still enabling advertisers to serve up relevant messages."This approach effectively hides individuals 'in the crowd' and uses on-device processing to keep a person’s web history private on the browser," Google product manager Chetna Bindra explained in unveiling the system called Federated Learning of Cohorts (FLoC). "Results indicate that when it comes to generating interest-based audiences, FLoC can provide an effective replacement signal for third-party cookies." Google plans to begin testing the FLoC approach with advertisers later this year with its Chrome browser. "Advertising is essential to keeping the web open for everyone, but the web ecosystem is at risk if privacy practices do not keep up with changing expectations," Bindra added. Google has plenty of incentive for the change. The US internet giant has been hammered by critics over user privacy, and is keenly aware of trends for legislation protecting people's data rights. Growing fear of cookie-tracking has prompted support for internet rights legislation such as GDPR in Europe and has the internet giant devising a way to effectively target ads without knowing too much about any individual person. Some kinds of cookies -- which are text files stored when a user visits a website -- are a convenience for logins and browsing at frequently visited sites. Anyone who has pulled up a registration page online only to have their name and address automatically entered where required has cookies to thank. But other kinds of cookies are seen by some as nefarious. "Third-party cookies are a privacy nightmare," Electronic Frontier Foundation staff technologist Bennet Cyphers told AFP. "You don't need to know what everyone has ever done just to serve them an ad." He reasoned that advertising based on context can be effective; an example being someone looking at recipes at a cooking website being shown ads for cookware or grocery stores. Safari and Firefox browsers have already done away with third-party cookies, but they are still used at the world's most popular browser - Chrome. Chrome accounted for 63 percent of the global browser market last year, according to StatCounter. "It's both a competitive and legal liability for Google to keep using third-party cookies, but they want their ad business to keep humming," Cyphers said. Cyphers and others have worries about Google using a secret formula to lump internet users into groups and give them "cohort" badges of sorts that will be used to target marketing messages without knowing exactly who they are. "There is a chance that it just makes a lot of privacy problems worse," Cyphers said, suggesting the new system could create "cohort" badges of people who may be targeted with little transparency.. "There is a machine learning black box that is going to take in every bit of everything you have even done in your browser and spit out a label that says you are this kind of person," Cyphers said. "Advertisers are going to decode what those labels mean." He expected advertisers to eventually deduce which labels include certain ages, genders or races, and which are people prone to extreme political views. A Marketers for an Open Web business coalition is campaigning against Google's cohort move, questioning its effectiveness and arguing it will force more advertisers into its "walled garden." "Google’s proposals are bad for independent media owners, bad for independent advertising technology and bad for marketers," coalition director James Rosewell said in a release.


The perils of cheap smartphone and laptop chargers

A charger that doesn't work is the least of your concerns. Fire and electrocution are also high possibilities. The UK is still under lockdown, so what better way to spend time indoors than to go onto eBay and buy some cheap chargers and see how bad -- or even dangerous -- they are. They're pretty bad. Over the past few months, we've bought five iPhone chargers and another five which were a random assortment of MacBook chargers and generic phone chargers. Prices ranged from a few dollars to about ten dollars. All of the iPhone chargers listed themselves as "genuine," but unsurprisingly, all turned out not to be genuine. Of the ten we received (We'd ordered over 20, but the rest have yet to arrive and are beyond their target delivery window), three were dead on arrival. One iPhone charger and a laptop charger did nothing on being plugged in (although one held a scary surprise), and another iPhone charger died within minutes of being plugged in. There was another laptop charger that wasn't all that happy with being plugged into a UK mains outlet because the pins on the plug were non-compliant.Already we were getting that feeling that these aren't the great deals we initially believed them to be. OK, so what was scary about that iPhone charger that was dead on arrival? Well, I noticed during safety testing that the ground on the USB connector was referenced to mains voltage, which means that it could have given someone an electric shock if it was held incorrectly. Nasty. Of the ones that worked, we plugged them in and put them under a standard load to see how they operated. Rather worryingly, they all got hot, and went out of that comfortably toasty zone into the worryingly warm zone (which I take to be 48°C/118°F). If airflow is decent then the risk of fire is low, but the risk increases if they become covered by fabrics or other combustibles. We examined the voltage and current outputs of all the remaining chargers, and all the iPhone chargers were not able to sustain the maximum stated outputs. The laptop chargers also exhibited very "noisy" outputs, in line with what I'd expect from poor transformers. We also sent the working charger to a friend to carry out high-voltage tests on them (to test what will happen if there is a spike in the incoming power -- well-made chargers can easily and safely cope with 1,000-volt spikes), and here is where the fake iPhone chargers performed really badly, due to their small size and poor construction, and they all allowed mains voltage spikes to enter the low-voltage side of the charger, risking life and the device connected to it. In all, the "best" of this bunch from an electrical standpoint were the generic phone chargers. We also subjected the remaining chargers to mild abuse, and the covers on three either broke or unclipped, exposing dangerous live terminals. Again, the generic chargers performed quite well, while the MacBook chargers all seemed quite fragile, and the iPhone chargers weren't too bad, if we overlooked everything else wrong with them. The bottom line, the cheap generic chargers are the winners, but that's not saying much given how low the bar is. They're on par with chargers you get with cheap devices, and while we are doubtful that they fully conform to UK safety regulations (We are not qualified to judge that), we’d probably still use them. Fake iPhone and MacBook chargers are just terrible, ranging from dead but dangerous to fragile and overheating to the point of concern. The bottom line is unchanged: Nothing beats a genuine charger made by the manufacturer.


Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers

In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims. Reports, including from several mainstream media publications, have speculated about the role of Microsoft services in the SolarWinds attack and other operations conducted by the same threat group. The Wall Street Journal reported on February 2 that even SolarWinds’ new CEO, Sudhakar Ramakrishna, said one of the several theories was that the attackers may have compromised his company’s Office 365 accounts and then used that as an initial point of entry. However, in a blog post published on the SolarWinds website on February 3, Ramakrishna said that while the attackers did leverage Microsoft services as part of the attack, the investigation so far leads them to believe that “the most likely attack vectors came through a compromise of credentials and/or access through a third-party application via an at the time zero-day vulnerability.” He clarified, “While we’ve confirmed suspicious activity related to our Office 365 environment, our investigation has not identified a specific vulnerability in Office 365 that would have allowed the threat actor to enter our environment through Office 365. “We’ve confirmed that a SolarWinds email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles. By compromising credentials of SolarWinds employees, the threat actors were able to gain access to and exploit our Orion development environment,” Ramakrishna added. In a blog post, Microsoft, which dubbed the attack “Solorigate,” also said there was no indication that SolarWinds was attacked via Office 365. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed recently that many of the organizations targeted by the SolarWinds hackers were breached through attack vectors that did not involve the SolarWinds supply chain attack, leaving many to speculate that Microsoft services may have been abused. Microsoft said that while data hosted in Microsoft email and other services was targeted by the hackers “post compromise,” it had found no evidence that its services were used as an initial entry point into the systems of organizations, claiming that the attackers apparently gained privileged credentials “in some other way.” “From the beginning, we have said that we believe this is a sophisticated actor that has many tools in its toolkit, so it is not a surprise that a sophisticated actor would also use other methods to gain access to targets. In our investigations and through collaboration with our industry peers, we have confirmed several additional compromise techniques leveraged by the actor, including password spraying, spear phishing, use of webshell, through a web server, and delegated credentials,” Microsoft said. After the SolarWinds supply chain attack came to light, Microsoft said it had notified some customers about suspicious activity related to their Azure and Microsoft 365 accounts. The list of organizations alerted by Microsoft includes cybersecurity firms CrowdStrike, which said the attackers attempted to read emails but failed, and Malwarebytes, which admitted that the hackers did gain access to “a limited subset of internal company emails.”

North Korean attacks on crypto exchanges reportedly netted US$316m in two years

North Korean attacks on crypto exchanges reportedly netted an estimated US$316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei. The outlet says it saw that figure in a draft of a United Nations report destined for the desk of the Security Council's North Korea Sanctions Committee. That Committee’s web page lists numerous reports that mention North Korea’s interest in acquiring cryptocurrency by illegitimate means. The August 2020 interim report by the Panel of Experts that monitors North Korea states: “One Member State reported that [North Korean] attacks against virtual currency exchange houses have produced more illicit proceeds than attacks against financial institutions.” And a 2019 document suggests the rogue nation’s hacking activities, including attacks on cryptocurrency exchanges, netted $2b in the preceding five years. Evidence of successful attacks on cryptocurrency exchanges is not hard to find. US$316m in two years from crypto alone would represent a very decent haul. And seeing as Bitcoin has appreciated by 169 percent in six months at the time of writing, North Korea has its hands on an asset that has appreciated faster than almost any other. The UN is uncertain just how North Korea spends its cryptocurrency or turns it into fiat currency. But with the likes of Pay Pal taking cryptocurrency well and truly into the mainstream, North Korea may find it easier to put its purloined cloud cash to work. And much of North Korea’s work is truly evil as per the the 2013 report into North Korea’s human rights abuses penned by the United Nations General Assembly, makes for sobering reading. Those abuses are the major reason North Korea faces sanctions on its interactions with the global financial system. It appears, however, that the frontier of financial innovation may be offering the nation a way to work around the world’s efforts to rein in its regime.


This cutting-edge cloud-computing service is helping researchers track COVID's spread

As computational science and data science are becoming closer than ever, a deal with Microsoft could see Verily and Broad Institute's open-source cloud platform hit new users. Cloud computing is powering a transformaion in healthcare research. There's a saying in the scientific community: all biology is computational biology. In other words, when you're dealing with whole genomes, or datasets compiled from thousands of records containing thousands more biomarkers, you need serious computational power – and techniques – to get the most out of the data. Now, cloud platforms built for biomedical research are providing the power that these projects need. Three years ago, Verily, the life sciences arm of Google's parent company Alphabet, along with MIT and Harvard's biomedical and genomic research center the Broad Institute, set up Terra, an open-source cloud research platform for storing and analysing biomedical data. The platform's creation, says Anthony Philippakis, chief data officer at the Broad Institute, was driven by two trends within the wider biomedical space: an explosion in the volume and types of data available – from genomics data to medical imaging and electronic health records – alongside a greater need for data sharing within biomedical science."No one organisation, whether it be a medical centre, or a university, or a company, has enough data in order to go after profound questions like the genetic basis of the disease," he says. "For a long time, although we've embraced the idea of data sharing, especially in genomics, and in many other fields, the way we've operationalized, it is a bit silly – which is to say that, in order to share data, we have to copy it: we put copies on servers and tell researchers to download it to their local environment," he explains. That's challenging, because it's both very expensive, in that you end up storing a copy of every data set at every research institution, and it's also quite insecure, because when you start downloading data, it becomes difficult to track and audit who's touched it and for what purpose. Their open-source platform aims to fix that and now has over 15,500 users. These include the Accelerating Medicines Partnership in Parkinson's Disease, which is researching new biomarkers to help with diagnosing the disease, developing new treatments, or helping refine prognosis, and the National Institutes of Health's All of Us project, using longitudinal datasets from one million people to better prevent and manage disease. Verily's own Project Baseline, started in 2017 to track human health over time, is another of Terra's users. Terra contains a number of both publicly available and access-controlled datasets from nearly two million study participants, which scientists can store and analyse alongside their own data. The platform allows scientists to build workflows in Workflow Description Language (WDL) – commonly used in genomics research to create workflows that can scale along with dataset size – as well as analyse and visualise the results. Some elements of interrogating data, such as segmenting out particular cohorts from larger datasets, can be done via a point-and click interface in that dataset's workbench. To further interrogate the data, the cohorts can be loaded into a separate workspace, where a biomedical scientist can perform analysis using Jupyter notebooks pre-populated with basic characterization analysis. Technically minded scientists can then code in languages like R and Python, or use tools like Hail, to do further analysis on their cohorts. For scientists that are less hands-on, workspaces can be shared with others – such as a lab's data scientists – to code the analysis instead. "I can do whatever amount of the hands-on technical bits I want, while collaborating with others who have the complementary skills to me, because science is a team sport," says David Glazer, CTO of Terra at Verily. "There's a spectrum of biomedical chops and a spectrum of technical data-science chops. The team will have people at all ranges and combinations of those skills. Terra lets them work together collaboratively in the cloud, to pull what they're good at with the tools and data that they need to find the insights that they're working on," he says. The bulk of Terra's users are drawn from academic researchers at universities and in biomedical science institutions, often following the Broad Institute's example and working on genomics analysis. However, the diversity of data is starting to increase – customers trying to correlate health outcomes with environmental and lifestyle factors, as well as incorporating medical imaging and time series data from devices like ECGs. Unsurprisingly in the current environment, epidemiological research has also taken off, with Terra used to track the geographical spread of different COVID variants. "Supporting infectious disease research, now more than ever, is a key area of focus within Terra. Right now, we're starting to see a lot more interest worldwide in performing pathogen sequencing in order to be able to identify new strains and track their spread through society", Broad Institute's Philippakis says. "We're starting to see now many other public health and state laboratories starting to use Terra to process COVID sequencing data. And as we go forward, being able to enable the construction of a pathogen weather map, if you will – being able to track the spread of pathogens across time and space – is a branch of research that we're very committed to." Dr Danny Park, group leader for viral computational genomics at the Broad Institute, and his colleagues, have been using Terra for COVID-19 research, and released a COVID-19 workspace in Terra early last year. Among the work that Park and his fellow researchers have used Terra for was an analysis of thousands of patient samples to investigate the origins and spread of COVID-19 in Massachusetts, particularly around local 'super-spreader' events in Boston. Terra, said Park, is really good for analysing very large datasets and keeping all of the results organised. "Terra's advantage is that it lets you get a little bit more under the hood, so if you are the kind of group that likes to modify your pipelines, your code, your analysis – what you're actually running – a little bit more, and you have a bit more direct access to that." Park says. Terra is also increasingly seeing a shift in the type of organisation using the platform: non-profits are now being joined by commercial organisations, such as pharmaceutical companies, who are using it to interrogate and cross-correlate their own datasets. Terra's adoption by commercial companies is likely to grow, thanks to a recent agreement with Microsoft, which has become the third partner in Terra alongside Verily and the Broad Institute. Terra was previously based entirely on Google Cloud Platform services; now users can also choose to run on Azure. With healthcare organisations traditionally Microsoft shops, having Redmond as a partner will potentially dramatically expand Terra's user base. Following the deal with Microsoft, Terra customers will also be able to use Microsoft's suite of machine-learning and AI tools, including Azure Synapse Analytics, Azure Machine Learning and Azure Cognitive Services, as part of their analyses. In the future, the three partners will work on developing services and strategy together, focusing on three areas: core cloud and data infrastructure, analytics and data science, and building "the commercial muscle that both organisations [Verily and Microsoft] bring to the table, because this started with academic science, but it's very quickly moving into translational science in wider commercial enterprises. Really gaining a critical mass of data and users is another very important thing that I expect the three organisations to focus on as we move forward," says Desney Tan, general manager of Microsoft's healthcare business. The Broad Institute's Park also noted that having Microsoft on board also brings additional geographical reach, with an African region that the organisation's partners in countries such as Nigeria, Senegal, and Sierra Leone will be able to use in pathogen analysis. "The geolocality of the data matters," he says.


THREAT FOCUS: United States – USCellular

https://www.techtimes.com/articles/256503/20210129/uscellular-data-breach-hackers-gained-access-users-personal-pin-code.htm

Exploit: Credential Compromise

US Cellular: Mobile Phone Company

Risk to Business: 1.379 = Extreme

USCellular, the fourth largest mobile network in the US, has suffered a data breach after a successful malware attack. Hackers used malicious code disguised as a routine software update to gain access to systems including its Customer Relationship Management (CRM) and client records. This is not USCellular’s first time at this rodeo – the company has had consistent information security problems.

Individual Risk: 1.321 = Extreme

USCellular advised customers that their account records including name, address, PIN code, and cellular telephone numbers(s) as well as information about the customer’s wireless services including service plan, usage and billing statements, personal information, PIN code, service plan, and billing statements might have been compromised. However, data such as social security numbers and credit card information remained inaccessible to the hackers. Clients should be wary of spear phishing, business email compromise and identity theft using this information.

Customers Impacted: 4.9 million

How it Could Affect Your Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.

Avantia Cyber Security & ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. Find out more by calling Avantia on +61 7 30109711 for a FREE demonstration.


THREAT FOCUS: United States – DSC Logistics

https://www.freightwaves.com/news/ransomware-attack-targets-major-us-logistics-firm-dsc

Exploit: Ransomware

DSC Logistics: Shipping and Freight Logistics

Risk to Business: 1.775 = Severe

DSC logistics received an unwelcome delivery of Egregor ransomware. The attack was announced on the gang’s ransomware site. The company noted that it was successfully able to continue operations without incident. DSC has called in outside experts to investigate, and declined to comment on whether any data was stolen.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware has been a plague on every industry, but freight and logistics companies have been hit especially hard in recent months.

Avantia Cyber Security & ID Agent to the Rescue: Everyone needs to understand the seriousness of today’s threats. Our Security Awareness Champion’s Guide makes understanding cyber threats easy and fun. Email Avantia Cyber Security at info@avantiacorp.com.au for a copy of the Ebook


THREAT FOCUS: United States – Nissan North America

https://www.industryweek.com/technology-and-iiot/article/21151660/data-leak-hits-nissan-north-america

Exploit: Misconfiguration

Nissan North America: Automotive Manufacturer

Risk to Business: 2.779 = Moderate

Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code is reported by a security researcher to pertain to Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems and Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale and market research tools and data, various marketing tools, the vehicle logistics portal and vehicle connected services.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Keeping data safe from hackers starts with keeping data secure by using strong identity and access management tools across the board and basic security protocols like multifactor authentication.

Avantia Cyber Security & ID Agent to the Rescue: Passly provides the toolkit that businesses need to keep cybercriminals locked out of data and systems including multifactor authentication and secure shared password vaults. Call Avantia on +61 7 30109711 for more information.

THREAT DOCUS: United Kingdom – UK Research and Innovation (UKRI)

https://www.bleepingcomputer.com/news/security/uk-research-and-innovation-ukri-suffers-ransomware-attack/

Exploit: Ransomware

UKRI: Scientific Research Agency

Risk to Business: 1.411 = Severe

The UK Research and Innovation (UKRI) agency is now researching a ransomware incident that encrypted data and impacted its proprietary services. The impacted services include a service offering information to subscribers and the platform for peer review of various parts of the agency. The agency has not yet disclosed if data was stolen or any other impact, and the incident is under investigation. UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research, and it’s generous budget may have made it an attractive target for ransomware.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a huge risk for every business, and it’s essential that everyone in your team is on board to spot and stop ransomware attacks.

Avantia Cyber Security & ID Agent to the Rescue: Go back to school to learn why ransomware has become such a prevalent threat in today’s landscape and how to stop it in our ebook Ransomware 101. Email Avantia at info@avantiacorp for your FREE Ebook.


THREAT FOCUS: UK- Mensa

https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/?sh=25d023bf43f5

Exploit: Password Compromise

Mensa: Intellectual Club

Risk to Business: 1.827 = Severe

Mensa UK experienced a hack on its website that has resulted in the theft of members’ personal data. The organization had reportedly failed to secure the data of its 18,000 members properly. The stored passwords of Mensa members who accessed the site were not hashed or encrypted in any way, with some sent and stored in plain text, making it a snap for hackers to gain entry. The hackers were able to access and use a Director’s password, to extract an indeterminate amount of information including personal details of members and private conversations conducted on the platform.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: 21,000

How it Could Affect Your Business: Password compromise is a constant menace for companies that don’t use contemporary safety protocols like multifactor authentication, let alone handling passwords in plain text files.

Avantia Cyber Security & ID Agent to the Rescue: Get affordable, state-of-the-art protection from password-based cyberattacks with secure identity and access management from Passly. Email Avantia at info@avantiacorp for your FREE Ebook


THREAT FOCUS: Austria – Palfinger

https://www.bleepingcomputer.com/news/security/leading-crane-maker-palfinger-hit-in-global-cyberattack/

Exploit: Ransomware

Palfinger: Crane Manufacturer

Risk to Business: 2.006 = Severe

Crane manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations. The company notes that its enterprise resource systems and many online or digital functions are unavailable to customers. No information is available on the kind of ransomware involved or an expected date for service restoration.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is almost always the result of a phishing attack, and it’s been a constant danger for healthcare organizations around the world as the global pandemic continues.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID makes training a breeze for both employees and trainers, helping reduce the chance of a ransomware attack succeeding. Call Avantia for a FREE Demo on +61 7 30109711\


THREAT FOCUS: Hong Kong – Dairy Farm

https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/

Exploit: Ransomware

Dairy Farm: Retail Conglomerate

Risk to Business: 1.616 = Severe

Enormous Pan-Asian retailer Dairy Farm is the latest victim of REvil ransomware. The attackers claim to have demanded a $30 million ransom. As proof, REvil has released images of the company’s Active Directory Users and Computers MMC. The attackers claim to still be in control of the company’s computer systems, including full control over Dairy Farm’s corporate email, which they state will be used for phishing attacks.

Individual Risk: No personal or business data was reported as confirmed to be stolen in this incident that is still under investigation.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice of most of today’s cybercriminals, and it can strike any business of any size from corner stores to retail giants.

Avantia Cyber Security & ID Agent to the Rescue: BullPhish ID is newly upgraded and updated with customizable campaign materials and white labeling capability to take your training experience to the next level. Email Avantia at info@avantiacorp for your FREE Ebook


Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach. 1 – 1.5 = Extreme Risk - 1.51 – 2.49 = Severe Risk - 2.5 – 3 = Moderate Risk




CLICK THIS LINK TO REVIEW OUR OUR CYBER SECURITY PARTNERS - THE BEST OF THE BEST

DISCLAIMER* Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action. *COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

0 comments

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.