Search
  • Avantia Threat Update

PROTECT YOUR PRIVACY - WHAT YOU NEED TO KNOW



This Past Week:

We present to you a comprehensive DIY Cybersecurity masterclass 101; BlackBaud’s breach woes cause complications worldwide; Double extortion ransomware comes calling; How neglecting basic security awareness training can cost a fortune and Major breaches in GERMANY; ISRAEL; UNITED KINGDOM; UNITED STATES; AUSTRALIA and CANADA.


Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 501+

________________________________________________________________________


CYBERSECURITY 101: PROTECT YOUR PRIVACY FROM HACKERS; SPIES, AND THE GOVERNMENT.

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy. "I have nothing to hide" was once the standard response to the occasional surveillance experience by way of cameras, border checks, or casual questioning by law enforcement. Privacy used to be considered generally balanced in many countries -- at least, in the West -- with a few changes to rules and regulations here and there often made only in the name of the common good. Things have changed, and not for the better. China's Great Firewall, the UK's Snooper's Charter, the US' mass surveillance and bulk data collection -- compliments of the National Security Agency (NSA) and Edward Snowden's whistleblowing -- Russia's insidious election meddling, and countless censorship and communication blackout schemes across the Middle East are all contributing to a global surveillance state in which privacy is a luxury of the few and not a right of the many. As surveillance becomes a common element of our daily lives, privacy is in danger of no longer being considered an intrinsic right. Everything from our web browsing to mobile devices and the Internet of Things (IoT) products installed in our homes have the potential to erode our privacy and personal security, and you cannot depend on vendors or ever-changing surveillance rules to keep them intact. Having "nothing to hide" doesn't cut it anymore. We must all do whatever we can to safeguard our personal privacy. Taking the steps outlined below can not only give you some sanctuary from spreading surveillance tactics but also help keep you safe from cyber attacker. Data is a vague concept and can encompass such a wide range of information that it is worth briefly breaking down different collections before examining how each area is relevant to your privacy and security. PERSONALLY IDENTIFIABLE INFORMATION: Known as PII, this can include your name, physical home address, email address, telephone numbers, date of birth, marital status, Social Security numbers (US)/National Insurance numbers (UK), /Tax File Number (Aust) and other information relating to your medical status, family members, employment, and education. Why does it matter? All this data, whether lost in different data breaches or stolen piecemeal through phishing campaigns, can provide attackers with enough information to conduct identity theft, take out loans using your name, and potentially compromise online accounts that rely on security questions being answered correctly. In the wrong hands, this information can also prove to be a gold mine for advertisers lacking a moral backbone. BROWSING HABITS AND WEBSITE VISITS: Internet activity is monitored by an Internet Service Provider (ISP) and can be hijacked. While there is little consumers can do about attacks at this level, the web pages you visit can also be tracked by cookies, which are small bits of text that are downloaded and stored by your browser. Browser plugins may also track your activity across multiple websites. Why does it matter? Cookies are used to personalize internet experiences and this can include tailored advertising. However, such tracking can go too far, as shown when the unique identifiers added to a cookie are then used across different services and on various marketing platforms. Such practices are often considered intrusive. Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly. MESSAGE AND EMAIL CONTENT: Our email accounts are often the pathway that can provide a link to all our other valuable accounts, as well as a record of our communication with friends, families, and colleagues. Why does it matter? If an email account acts as a singular hub for other services, a single compromise can snowball into the hijack of many accounts and services. ONLINE PURCHASES, FINANCIAL INFORMATION: When you conduct a transaction online, this information may include credentials for financial services such as PayPal, or credit card information including card numbers, expiry dates, and security codes. Why does it matter? Cybercriminals who steal financial services credentials through phishing and fraudulent websites, who eavesdrop on your transactions through Man-in-The-Middle (MiTM) attacks or who utilize card-skimming malware can steal these details when they are not secured. Once this information has been obtained, unauthorized transactions can be made, or this data may also be sold on to others in the Dark Web.

MEDICAL RECORDS AND DNA PROFILES: A relatively new entrant to the mix, hospitals now often make use of electronic records, and home DNA services store genetic information belonging to their users. Why does it matter? The loss of medical information, which is deeply personal, can be upsetting and result in disastrous consequences for everyone involved. When it comes to DNA, however, the choice is ours whether to release this information -- outside of law enforcement demands -- and it is often the use of ancestry services that release this data in the first place. Businesses that handle data belonging to their customers are being scrutinized more and more with the arrival of regulatory changes such as the EU's General Data Protection Regulation, designed to create a level playing field and stipulate adequate security measures to protect consumer privacy and data. Companies will often encrypt your information as part of the process, which is a way to encode information to make it unreadable by unauthorized parties. One way this is achieved is by using SSL and TLS certificates that support encryption on website domains. While usually a paid service, also of Let's Encryptfers free SSL/TLS certificates to webmasters who wish to improve their websites' security. (Unfortunately, this has also led to the adoption of SSL by fraudsters.) End-to-end encryption is also becoming more popular. This form of encryption prevents anyone except those communicating from accessing or reading the content of messages, including vendors themselves. Following Snowden's disclosure of the NSA's mass surveillance activities, end-to-end encryption has been widely adopted by many online communication services. Privacy advocates may cheer, but governments and law enforcement agencies have not rejoiced at the trend -- and a political battlefield has emerged between tech vendors and governments that are attempting to enforce the inclusion of deliberate backdoors into encrypted systems. It is up to us to make use of any privacy-enabling technology we have at hand. Below are some guides with simple steps to get you started. BROWSER BASICS & TOR: Searching the web is a daily activity for many of us, and as such, it is also a hotbed for tracking and potential cyberattacks. The most commonly-used browsers are Google Chrome, Apple Safari, Microsoft Edge, Opera, and Mozilla Firefox. However, you should consider using Tor if you want to truly keep your browsing private. The Tor Project is an open-source browser that is privacy-focused. The software creates tunnels rather than establishing direct connections to websites, which prevents users from being tracked through traffic analysis or IP addresses. Not to be confused with the Dark Web -- although required to access it and .onion domains in general -- Tor is legal and is often used by the privacy-conscious, including journalists, activists, and NGOs. The Tor browser can be slightly slower than traditional browsers, but it is still the best choice for secure browsing. Desktop and mobile versions of the Tor browser are also available:, desktop iOS Onion Browser, and Orbot: Tor for Android. If you are more comfortable using Chrome, Safari, Firefox, Microsoft Edge, or another browser, there are still ways to improve your security without implementing major changes to your surfing habits. Cookies: Clearing out your cookie caches and browser histories can prevent ad networks from collecting too much information about you. The easiest way to do so is to clear the cache (Firefox, Chrome, Opera, Safari, Edge). You can also set your preferences to prevent websites from storing cookies at all. In order to do so, check out these guides for Firefox, Chrome, Opera, Safari, and Edge. HTTP v. HTTPS: When you visit a website address, you will be met with either Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). The latter option uses a layer of encryption to enable secure communication between a browser and a server. The most important thing to remember is while HTTPS is best used by default in general browsing, when it comes to online purchases it is crucial to protecting your payment details from eavesdropping and theft. It is still possible for payment details to be stolen on the vendor's side, but to reduce the risk of theft as much as possible you should not hand over any important information to websites without HTTPS enabled. (It is estimated that shopping cart conversion rates increase by 13 percent with HTTPS enabled, which should encourage webmasters to use the protocol, too.) To find out whether HTTPS is enabled, look in the address bar for "https://." Many browsers also show a closed padlock. SEARCH ENGINES: Google's search engine, alongside other major options such as Yahoo! and Bing, make use of algorithms based on your data to provide "personalized" experiences. However, browsing histories and search queries can be used to create user profiles detailing our histories, clicks, interests, and more, and may become invasive over time. To prevent such data being logged, consider using an alternative that does not record your search history and blocks advertising trackers. These options include DuckDuckGo, Qwant, and Startpage. If you wish to stay with your current browser you can use software that bolts-on to your browser to enhance the privacy and security of your surfing activities. BROWSER PLUGINS: HTTPS Everywhere: Available for Firefox, Chrome, and Opera, HTTPS Everywhere: is a plugin created by the Tor Project and Electronic Frontier Foundation to expand HTTPS encryption to many websites, improving the security of your communication with them. NoScript Security Suite: Endorsed by Edward Snowden as a means to combat government surveillance, this plugin has been built for Firefox and other Mozilla-based browsers for the purposes of disabling active content including JavaScript, which may be used to track your online activity. Users can also choose which domains to trust and whitelist. Disconnect: Another worthy addition to the list, Disconnect provides a visual guide to websites that are tracking your activity. Invisible trackers which monitor you and may also expose you to malicious content can be blocked. Disconnect is available for Chrome, Firefox, Safari, and Opera. Facebook Container: In a time where Facebook has come under fire for its data collection and sharing practices time after time, Mozilla's Facebook Container application is a worthwhile plugin to download if you are worried about the social media network tracking your visits to other websites. The plugin isolates your Facebook profile and creates a form of browser-based container to prevent third-party advertiser and Facebook tracking outside of the network. Blur: Blur, available for Firefox and Chrome, is an all-around valuable plugin to protect your privacy and security. While the add-on can be used as a password manager and generator, ad blocking, and encryption, the true value is the use of "masked cards" in the premium version of the software. When data breaches occur, financial information is often the target. With this plugin, however, throwaway virtual cards are used with online vendors in replacement for the direct use of your credit card data, keeping it safe should a cyberattack occur. Privacy Badger: Last but certainly not least, the Electronic Frontier Foundation (EFF)'s Opera, Firefox, and Chrome-supporting plugin Privacy Badger is focused on preventing ad networks from tracking you. The software monitors third parties that attempt to track users through cookies and digital fingerprinting and will automatically block those which use multiple tracking techniques. The plugin also includes color-coded indicators of domain tracking scripts. PUBLIC WI-FI: A SECURITY RISK?: There is no denying that public Wi-Fi hotspots are convenient. However, you may be placing your privacy and security at risk if you choose to use one while on the move. The problem with them is simple: As you do not need authentication to access them, neither do cyber attackers -- and this gives them the opportunity to perform what is known as Man-in-The-Middle (MiTM) attacks in order to eavesdrop on your activities and potentially steal your information, as well as manipulate traffic in a way to send you to malicious websites. Hackers may be able to access the information you are sending through the Wi-Fi hotspot, including but not limited to emails, financial information, and account credentials. Hackers may also set up their own rogue honeypot Wi-Fi points that appear legitimate whilst only being interested in stealing the data of those who connect to it. It is best not to use a public, unsecured Wi-Fi connection at all if possible. An alternative and far more secure method is to use a mobile 4G/LTE connection through your own mobile device. If you need an internet connection for a device other than your smartphone, an easy way to accomplish this is to set up your mobile device as a mobile Wi-Fi hotspot itself. You can usually find this option in your main scroller menu, or under Wi-Fi settings. There are other precautions you can take to make a public Wi-Fi hotspot safer -- but it's never devoid of risk. When you connect to a new Wi-Fi hotspot on Microsoft Windows machines, make sure that you select "Public" when the option appears, as this will enable the operating system to turn off sharing; turn off the Wi-Fi connection when you do not need it, enable firewalls, and try to only visit websites with HTTPS enabled. In addition, do not use the Wi-Fi hotspot to access anything valuable, such as an online banking service. One of the most important layers of security to implement is the use of a virtual private network (VPN) if accessing a public Wi-Fi hotspot. A virtual private network lets you send and receive data while remaining anonymous and secure online. In this directory, CNET looks at a few of the very best commercial VPN service providers on the Internet. A virtual private network is a way to create a secure tunnel through the inherently insecure internet. Data packets are encrypted before they are sent to a destination server, which also results in IP addresses and your location becoming hidden. Many VPNs will also include a 'kill switch' that cuts off your internet access temporarily if connections drop in order to keep your online activity secure. VPNs have now entered the mainstream. Many users will only adopt these services to access geolocation-blocked content -- such as websites and apps banned in select countries -- for example, a user in the United States could make themselves appear to be located in the United Kingdom, and vice versa. However, VPNs have also surged in popularity in response to increased surveillance, making their use a popular option for activists or those in countries ruled by censorship. VPNs are not a silver bullet for security; far from it, but they can help mask your online presence. It is worth noting, however, that VPN usage is banned in some countries. FREE VS. PREMIUM VPNS: Premium, paid services are often more trustworthy. Free options are often slower and will offer limited bandwidth capacity. VPNs cost money to run and so providers will also require users of free services to agree to alternative means for them to turn a profit -- and this may include. Remember tracking and selling your data, when you are using a free service, whether it's a VPN or Facebook, you are the product and not the customer. WHICH VPN SHOULD I USE?: The most important element to consider when deciding on a VPN is trust. Using a VPN requires all your traffic to go through a third-party. If this third-party VPN is unsecured or uses this information for nefarious reasons, then the whole point of using a VPN for additional privacy is negated. Conflicts of interest, VPN providers being hosted in countries of which governments can demand their data, and sometimes less-than-transparent business practices can all make finding a trustworthy option a complex and convoluted journey. PASSWORDS & VAULTS: This kind of advice is repeated ad nauseam but it is worth saying again: using complex passwords is the first line of defense you have to secure your online accounts. Get rid of the sticky notes and get peace of mind. Choose a password manager to secure your digital life. Thankfully, many vendors now actively prevent you from using simple combinations that are easy to break, such as QWERTY12345 or PASSWORD123, with dictionary-based and brute-force attacks. However, it is difficult to remember complicated password credentials when you are using multiple online services, and this is where password vaults come in. Password managers are specialized pieces of software used to securely record the credentials required to access your online services. Rather than needing to remember each set of credentials, these systems keep everything in one place, accessed through one master password, and they will use security measures such as AES-256 encryption to prevent exposure. Vaults may also generate strong and complex passwords on your behalf, as well as proactively change old and weak ones. It is true that many popular password managers and vaults do have vulnerable design elements that can be exploited on already-compromised machines, but when you balance risk, it is still recommended to use such software.

ENABLE TWO-FACTOR AUTHENTICATION (2FA): Two-factor authentication (2FA) is a widely-implemented method of adding an extra layer of security to your accounts and services after you have submitted a password. The most common methods are via an SMS message, a biometric marker such as a fingerprint or iris scan, a PIN number, pattern, or physical fob. Using 2FA does create an additional step to access your accounts and data. SECURE YOUR MOBILE DEVICE: Mobile devices can act as a secondary means of protection for your accounts through 2FA, but these endpoints can also be the weak link that completely breaks down your privacy and security. Both Apple iPhones and mobile devices based on Google's Android operating system have sold by the millions. Android has maintained the lion's share of the global smartphone and tablet market for years, but due to its popularity, the majority of mobile malware samples are geared towards this OS. The open-source nature of Android has also opened the way for hackers to search for vulnerabilities in its code, but to combat this, Google does run a bug bounty program and consistent security patch cycle. iOS, in contrast, is a proprietary operating system and iPhones are generally considered more secure -- despite the emergence of security flaws on occasion, which are almost laughable. (Google has previously said that Android security is now as good as iOS, but we are still waiting to see the real-world evidence of this claim.)

PATCH, PATCH, PATCH: The first and easiest way to keep mobile devices on either platform secure is to accept security updates when they appear over the air. These patches resolve new bugs and flaws, as well as sometimes provide performance fixes, and can keep your device from being exploited by attackers.

To check your device is up to date on iOS, go to Settings > General > Software Update. On Android, go to Settings > Software Update.

LOCK IT DOWN: It sounds simple, but many of us don't do it -- make sure your mobile device is locked in some way to prevent its physical compromise. You can turn on your iPhone's Passcode feature to enter a four or six-digit passcode, as well as select the 'custom' option to set either a numeric or alphanumeric code. On iPhone X and later, go to Settings > Face ID & Passcode, while on earlier iPhone devices, go to Settings > Touch ID & Passcode. If TouchID is not a feature on your iPhone, the menu option will simply show Passcode. On Android, you can choose to set a pattern, PIN number, or password with a minimum of four digits. You can choose by tapping Settings > Security & location/Security > Lock Screen. BIOMETRICS: Face recognition, iris scanning, and fingerprints are biometric authentication options found on modern iPhones and Android devices. These services can be convenient, although it is worth noting that in the US, law enforcement may be able to force you to unlock your devices as biometrics are not protected under the Fifth Amendment.

FIND YOUR PHONE: We want to stop ourselves from being monitored without consent, but some technologies can be beneficial for tracking down our own lost or stolen property. Find my iPhone is a security feature for iOS devices that you can enable to allow you to track your device through iCloud. The system also includes a remote lock to prevent others from using your iPhone, iPad or iPod Touch in the case of theft. In order to enable Find my iPhone, go to Settings > [your name] > iCloud. Scroll to the bottom to tap Find my iPhone, and slide to turn on. Google's Find My Device can be used to ring a missing device, remotely secure your smartphone, and also wipe all content on your stolen property. The service is automatically made available by default once a Google account is connected to your device but it does require the device to be turned on, to have an active internet connection, and to have both location and the Find My Device feature enabled.In order to do so, open Settings > Security & Location/Security > Find My Device.

FOR THE IPHONE: USB Restricted Mode: A handy security feature introduced in iOS 11.4.1, USB Restricted Mode prevents USB accessories from automatically being able to connect to an iPhone if an hour has elapsed since the last time it was unlocked. In order to enable, go to Settings > Touch ID/Face ID > USB Accessories.

ANDROID: Disable the option to enable unknown developers/apps: If there have been apps you simply had to install outside of Google Play, make sure the "Unknown Sources" or "Install Unknown Apps" option is not left open afterward. Sideloading isn't necessarily a problem on occasion but leaving this avenue open could result in malicious .APKs making their way onto your smartphone. To disable it, select Settings > Security > Unknown Sources. On the later Android models, the option is usually found in Apps > Top-right corner > Special access. Encryption: Depending on your smartphone's model, you may have to enable device encryption, or some will be encrypted by default once a password, PIN, or lock screen option is in place. If you have such a device you can generally encrypt your smartphone through Settings > Security > Encrypt Device. Other models, such as the Samsung Galaxy S8, do not have this option as encryption is enabled by default but you can choose to encrypt accompanying SD cards by going to Biometrics and security > Encrypt SD card.You can also choose to enable the Secure Folder option in the same settings area to protect individual folders and files. JAILBREAKING: Rooting your device to allow the installation of software that has not been verified by vendors or made available in official app stores has security ramifications. You may not only invalidate your warranty but also open up your device to malware, malicious apps, and data theft. An example of this is KeyRaider, a malicious campaign uncovered by Palo Alto Networks in 2015. The malware specifically targeted jailbroken iOS devices, leading to the theft of 225,000 Apple accounts and their passwords.

SIGNAL: Signal is widely regarded as the most accessible, secure messaging service in existence today. Available for Android, iOS, MacOS, and Windows, the free app -- developed by Open Whisper Systems -- implements end-to-end encryption and no data is stored by the company's servers, which means that none of your conversations can be seized or read by law enforcement or hackers. In order to use the service, you will need to tie a phone number to the app. You can also use Signal to replace traditional SMS messaging, but the same encryption and protections do not apply unless both recipients are using Signal.

WHATSAPP: WhatsApp is an alternative messaging app, which completed a rollout of end-to-end encryption across all compatible devices in 2016. Available for Android, iOS, Windows Phone, Mac, Windows, and desktop, the messaging app is a simple and secure means to conduct chats between either a single recipient or a group. Having grown even more popular in recent years and now boasting over one billion users, WhatsApp is certainly worth downloading to replace traditional chat apps. However, to tighten things up, make sure you visit the Chat Backup option in "Chats" and turn it off. I

MESSAGE: Apple's iMessage, a communications platform that comes with Mac and iOS products, is another option if you want to secure and protect your digital communications. However, this does come with some caveats. Messages are encrypted on your devices via a private key and cannot be accessed without a passcode. However, if you choose to back up your data to iCloud, a copy of the key protecting these conversations is also stored -- and this has the possibility of being accessed by law enforcement. In order to keep your messages truly private, turn off the backup option. Apple will then generate an on-device key to protect your messages and this is not stored by the company. In addition, only conversations taking place between iPhones -- rather than an iPhone and Android device, for example -- are encrypted. FACEBOOK MESSENGER: Facebook Messenger is not encrypted by default. The chat service does, however, have a feature called "Secret Conversations " on iOS and Android -- but not the standard web domain -- which is end-to-end encrypted. In order to start a secret conversation, go to the chat bubble, tap the "write" icon, tap "Secret," and select who you want to message. You can also choose to set a timer for messages to vanish. A word of warning, however: Not only is Facebook constantly under fire for its attitude to the privacy and security of its users and their data, but US law enforcement is reportedly attempting to pressure the social network into planting a backdoor into Facebook Messenger to monitor conversations. With other end-to-end options available, it's not worth the risk.

TELEGRAM: Telegram, which received over three million new signups during the Facebook outage in March 2019, is another popular chat application worth noting as many presume chats made through this app are automatically secure and encrypted -- which is not the case. Available for Android, iOS, Windows Phone, macOS, Linux, Windows, and desktop, Telegram is not encrypted by default but does have a "Secret Chat" option that is end-to-end encrypted and kept away from the Telegram cloud. These particular chats are device-specific and include a self-destruct option. It is also worth keeping an eye on the rumored, upcoming Facebook Messenger, WhatsApp, and Instagram merger. Facebook CEO Mark Zuckerberg has reportedly ordered end-to-end encryption services to be added to the combined platform to create secure, cross-app messaging, which may make the combined service a future possibility for secure chats. However, the integration is not expected to be ready for commercial release until 2020. No matter which mobile operating system you have adopted, downloading apps from verified, trusted sources such as Google Play and Apple's App store is always the best option to maintain your security and privacy. However, the permissions you give an installed app are also important. Apps can request a variety of permissions including sensor data, call logs, camera and microphone access, location, storage, and contact lists. While many legitimate apps do require access to certain features, you should always make sure you are aware of what apps can access what data to prevent unnecessary security risks or information leaks. CCleaner, Pokemon Go, Meitu, and Uber have all come under fire for privacy-related issues in the past and the problem of data collection and extended business permissions will likely carry on in the future. To be on the safe side, any time you no longer need an application, you should also simply uninstall it. Mobile malware is far from as popular as malicious software that targets desktop machines but with these variants infecting Android, iOS, and sometimes making their way into official app repositories, they are worth a mention. The types of malware that can hit your mobile device are varied, from Trojans and backdoors to malicious code that focuses on the theft of valuable information, such as online banking credentials. The most common way that such malware can infiltrate your smartphone is through the installation of malicious apps, which may actually be malware, spyware, or adware in disguise. It's recommended that you download and install an antivirus software solution for your mobile device, however, you will probably be safe enough as long as you do not jailbreak your phone and you only download app .APKs from trusted sources, such as Google Play or the Apple App Store. However, malicious apps do sneak into these official stores as well.  Many email providers now encrypt email in transit using TLS, but there are few email services, if any, which you can truly consider 100 percent "secure" due to government laws, law enforcement powers, and the difficulty of truly implementing strong encryption in email inboxes beyond using PGP to sign messages. However, ProtonMail is worth considering. The open-source email system is based in Switzerland and therefore protected under the country's strict data protection laws. Emails are end-to-end encrypted which prevents ProtonMail -- or law enforcement -- from reading them. In addition, no personal information is required to open an account. Now that you've begun to take control of your devices, it is time to consider what data is floating around the internet that belongs to you -- and what you can do to prevent future leaks.

GOOGLE PRIVACY CHECKS If you are a user of Google services, the Privacy checkup function can be used to stop Google from saving your search results, YouTube histories, device information, and for you to decide whether you are happy for the tech giant to tailor advertising based on your data. Make sure you also take a look at your main Google Account to review security settings and privacy measures. The Security checkup page also shows which third-party apps have access to your account and you can revoke access as necessary.

Social networks can be valuable communication tools but they can also be major sources of data leaks. It is not just friends and family that might be stalking you across social media -- prospective employers or shady characters may be doing so, too, and so it is important for you to lock down your accounts to make sure only the information you want to be public, is public.

FACEBOOK: To begin locking down your account, go to the top-right corner, click the downward arrow, and choose "Settings," which is where the majority of your options for privacy and account safety are based. Security and login- Under this tab, you can choose to enable 2FA protection, view the devices in which your account is actively logged on, and choose whether to receive alerts relating to unrecognized attempts to log in. Your Facebook information - Review activities: Under Activity Log, you can review all your activity across the social network, including posts published, messages posted to other timelines, likes, and event management. You can use the "edit" button to allow something on a timeline, hide it, or delete it outright -- a handy function for wiping clean your older timeline. Download data: Under this tab, you can choose to download all the data Facebook holds on you. Privacy Settings and Tools: Here, you can choose who can see your future posts. For the sake of privacy, it is best to set this to friends only, unless you are happy for such content to automatically be made public. How people can find and contact you: You can tighten up your account by also limiting who can send you friend requests, who can see your friend lists, and whether people are able to use your provided email address or phone number to find your profile. A particular feature you may want to turn off is the ability for search engines outside of the network to link to your Facebook profile. Location: Turn off this to prevent Facebook from gathering a log of your location history.Face recognition: Another feature you should consider turning off -- it's unnecessary.Apps and websites: Under this tab, you can see a list of third-party services that have been logged into using your Facebook credentials and whether they are active. Ad Preferences, advertisers: A settings option that has been heavily expanded upon since the Cambridge Analytica scandal, in this section, you can review what Facebook believes are your interests, a list of advertisers that "are running ads using a contact list that they or their partner uploaded which includes information about you," and you can manage personalized ad settings -- at least, to a point. Your interests: If you select this tab you will see topics, such as property, finance, food, and education, which are collated based on ads or promotional material you have previously clicked on. In order to remove a topic, hover over the option and select the "X" in the top right. The same principle applies to the "Advertisers" tab. Your information: There are two tabs here that are both relevant to your online privacy and security. The first tab, "About you," allows you to choose whether Facebook can use your relationship status, employer, job title, or education in targeted advertising. The second tab, "Your categories," includes automatically generated lists of topics that the social network believes are relevant for ad placement -- all of which can be hovered over and removed. Ad Settings: To further thwart targeted ads, consider saying no to all the options below.Another section to mention is under the "About Me" tab in Facebook's main account menu. Here, you can choose whether to make information public (whether globally or to your friends), or only available to you. This information includes your date of birth, relationship status, contact information, and where you've lived.

TWITTER: Under the "Settings" tab there is a variety of options and changes you should implement to improve the security of your account. Login verification: After you log in, Twitter will ask you for additional information to confirm your identity to mitigate the risk of your account from being compromised. Password reset verification: For added security, this requires you to confirm your email or phone number while resetting your password. Privacy and safety: You can deselect location tracking and stop your locations being posted at the same time you send out a tweet, and there is also an option for removing all past location data from published tweets in your history. In this section, you will also come across "Personalization and data," which allows you to control -- to an extent -- how the social network personalizes content, collects data, and what information is shared with third-parties. You have the option to choose not to view personalized adverts, but the main setting you need to be aware of is for sharing. Described by Twitter as an option to permit the company to "share non-public data, such as content you've seen and your interests, with certain business partners for uses like ads and brand marketing," you should consider saying no. Apps and devices: Under this tab, you can see what third-party services, if any, are connected to your account, as well as what devices your Twitter account is actively logged into. There is also an interesting section under "Your Twitter data." Once you have entered your password, you can see Twitter's compiled collection of interests and advertising partners based on your activities. It is also possible to request your full data archive under the main Settings tab.

INSTAGRAM: To give your Instagram account a privacy boost, there are a few changes you can implement. By default, anyone can view the photos and videos on your Instagram account. By going to Settings and then Account Privacy, you can change this to ensure only those you approve of can see your content. If your account is public, then anyone can view and comment on your images and videos. However, you can block people you would rather not interact with.

The Internet of Things (IoT) started off with mobile devices, including our smartphones, tablets, and smart watches. Now, IoT encompasses everything from smart lights to voice-controlled smart speakers and home hubs, such as Google Home and the.  Amazon Echo

Here are some tips to improve the security of your connected home and prevent your products from being compromised, your information stolen and your IoT products from being added to botnets:

Keep IoT devices password protected. Default credentials -- unfortunately often still in play when it comes to IoT vendors -- are an easy way for hackers to compromise a device. The first and easiest way to protect your devices is to change these credentials ASAP.

Making sure your IoT device firmware, as well as your router software, is to up-to-date is also a key factor.

Consider running all your IoT devices on a separate home network. Therefore, in the case of compromise, the damage can be limited.

If your IoT device does not require an internet connection to run, then disable it. (Unfortunately, this is rare nowadays)

If you no longer need an IoT device or have upgraded, perform a factory reset and remove older devices from your network.

Always check the default settings on new products. It may be that default options -- such as the implied consent for usage data and metrics to be sent to the vendor -- will benefit the vendor, but not your privacy.


JUST DO IT: The threats to our privacy and security are ever-evolving and within a few short years, things can change for the better -- or for the worse. It is a constant game of push-and-pull between governments and technology giants when the conversation turns to encryption; cyberattackers are evolving and inventing new ways to exploit us daily, and some countries would rather suppress the idea of individual privacy, rather than protect it. Thankfully, the threat to our privacy has now been acknowledged by technology companies and many organizations, both for and non-profit, have taken it upon themselves to develop tools for our use to improve our personal security -- and it is now up to us to do so.

______________________________________________________________________________


THREAT FOCUS: National Cardiovascular Partners - UNITED STATES

https://healthitsecurity.com/news/national-cardiovascular-partners-email-hack-impacts-78k-patients?&web_view=true


Exploit: Unauthorized Account Access

National Cardiovascular Partners: Healthcare Provider

Risk to Small Business: 2.232 = Severe - Patient data was exposed after hackers were able to gain access to the Excel spreadsheet where it was stored through an employee account compromise. Undetected for over 3 weeks, the spreadsheet contained patient information, including names, contact information, and a host of other sensitive data that varied by patient. No word on what else the hackers may have obtained.

Individual Risk: 2.377 = Severe - Impacted patients are being notified and offered a one-year membership in Experian IdentityWorks, an identity theft protection service. These patients should also take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.

Customers Impacted: 78,070

How it Could Affect Your Business: Handling sensitive medical data is a proposition that requires excellent security training as well as a strong suite of cybersecurity solutions. Not only was this incident preventable, but it was also expensive – and it will not just cost a fortune in recovery, it will also invite regulatory penalties. Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: IndieFlix Services - UNITED STATES

https://cybernews.com/security/indieflix-leaks-thousands-of-filmmaker-ssns-confidential-agreements-videos/?web_view=true


Exploit: Unsecured Database

IndieFlix: Streaming Service

Risk to Small Business: 1.603 = Severe - Another unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server is the culprit for a data breach at the streaming platform IndieFlix. The exposed data includes over 90,000 files. Some of the data includes scans of confidential motion picture acquisition agreements, tax ID requests that include filmmaker social security numbers and employer identification numbers, and detailed contact information of thousands of film professionals – plus thousands of unlocked video files of short films, movie clips, and trailers that can be accessed and downloaded by anyone with a direct link to the files.

Individual Risk: 1.599 = Severe - 3,217 scans of requests for tax identification numbers that include addresses, signatures, as well as social security numbers and/or employer identification numbers of the filmmakers or their distribution agents were compromised. Film industry professionals and organizations that have signed agreements with IndieFlix or given the company their contact details between 2013 and 2016, should be aware of the potential for their data, including financial information, to be used for fraud and spear phishing attacks.

Customers Impacted: Unknown

How it Could Affect Your Business: Sloppy storage causes big problems that can have a huge impact on a company’s reputation client confidence. By improving security awareness training, employees will develop better handling habits for data and passwords.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: Athens Independent School District - UNITED STATES

https://www.easttexasmatters.com/news/education/athens-isd-pays-50k-for-release-of-data-in-ransomware-attack/?web_view=true


Exploit: Ransomware

Athens Independent School District: Public School System

Risk to Small Business: 1.207 = Extreme - A school system in East Texas has paid cybercriminals a ransom of $50K for the key to unencrypt its data. The school board noted that it had no choice but to pay the ransom because it could not complete recovery in time to start the new school year. The report also noted that other school systems in East Texas have been hit with ransomware attacks recently as well. The district has cyberattack insurance.

Individual Risk: No personal or financial data about students or staff was reported as compromised at this time.

Customers Impacted: Unknown

How it Could Affect Your Business:  Ransomware is today’s biggest cybersecurity headache, and it’s usually delivered through a poisoned phishing email. A well-timed ransomware attack can create a big payday for cybercriminals as impacted victims are left with little recourse when they’re on a tight schedule.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue: Phishing is a common delivery system for malware. Our security awareness training solution BullPhish ID helps prevent malware attacks by teaching users to be aware of phishing attempts. To Learn more, call Avantia on 07 30109711  

THREAT FOCUS: Ledger Development - UNITED STATES

https://portswigger.net/daily-swig/ledger-data-breach-impacts-one-million-users-hardware-wallet-funds-are-safe


Exploit: Unauthorized Database Access 

Ledger: Cryptocurrency Storage Hardware Developer

Risk to Small Business: 1.993 = Severe - Cryptocurrency wallet maker Ledger has announced that they experienced a data breach that exposed contact information for many clients. The breach was discovered by a participant in a bug bounty program. A marketing database containing email addresses for approximately one million users was unsecured, and a subset of 9,500 customers also had other contact information including first and last name, mailing addresses, and phone numbers exposed.

Individual Risk: 2.775 = Moderate - Only basic information like email addresses was exposed for a majority if the affected clients, but some customers’ addresses and phone numbers were compromised as well. Clients should be suspicious of potential spear phishing attacks.

Customers Impacted: 1 million 

ow it Could Affect Your Business: Simple security failures like this mirroring the data breach caused by phishing at Twitter don’t increase client confidence in companies that promise secure technology.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Huntsman Digital Auditor to the Rescue: Helping SME’s to understand the importance of security is no easy task. With an ‘Essential8’ Digital Security Audit we offer a remote access, independent, ‘real time’ audit of our clients critical operational infrastructure systems to determine where the gaps are, with recommendations for remediation.

Its the first step to real cyber security. Call Avantia’s office on 07 30109711 or visit: https://www.avantiacybersecurity.com/cyber-security-audit

THREAT FOCUS: Havenly Design - UNITED STATES

https://www.bleepingcomputer.com/news/security/havenly-discloses-data-breach-after-13m-accounts-leaked-online/?&web_view=true


Exploit: Unauthorized Database Access

Havenly: Interior Design Collaboration Website 

Risk to Small Business: 2.302 = Severe - As part of last week’s ShinyHunters data dump, the account details of millions of Havenly users were leaked on the Dark Web. The leaked data included affected users’ login name, full name, hashed password, email address, phone number, zip, and other data related to the usage of the site. Havenly noted that it does not store credit card numbers and no financial data was involved in this incident

Individual Risk: 2.503 = Moderate - No financial data was reported as compromised in this breach, but users should be aware of the personal details that were stolen being used to conduct spear phishing attempts.

Customers Impacted: 13 million

How it Could Affect Your Business: Data dumps from major players in the data selling business are becoming more common. These dumps often include email addresses and login credentials for work accounts that staffers may be using (or reusing) for convenience.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: Drizzly Deliveries - CANADA

https://techcrunch.com/2020/07/28/drizly-data-breach/


Exploit: Unauthorized Database Access

Drizzly: Alcohol Delivery Service

Risk to Small Business: 2.101 = Severe - Online booze startup Drizzly just announced that it suffered a data breach. Hackers were able to snatch customer email addresses, DOBs, hashed passwords, and some delivery addresses. The company says that no financial information was taken, but researchers noticed that hackers trying to sell Drizzly’s data claim to also have credit card numbers.

Individual Risk: 2.661 = Moderate - No financial information was reported stolen, by the company, but cybersecurity reports put that claim in question. Users of the service should change their passwords immediately and monitor their credit accounts for fraud.

Customers Impacted: 2.5 million

How it Could Affect Your Business: As more competition pops up in online delivery service spaces, customers will be inclined to choose to do business with companies that can protect their data.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Corporate Services & ID Agent to the Rescue: Phishing is a common delivery system for malware. Our security awareness training solution BullPhish ID helps prevent malware attacks by teaching users to be aware of phishing attempts. To Learn more, call Avantia on 07 30109711  

THREAT FOCUS: Pivot Technology Solutions MSP - CANADA

https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/?&web_view=true


Exploit: Ransomware 

Pivot Technology Solutions – Managed Services Provider

Risk to Small Business: 1.513 = Severe - A ransomware attempt at Canadian MSP Pivot Technology Solutions was ultimately foiled, but not before the attackers were able to access and copy sensitive company data for some US employees and consultants. Compromised staff and associate data included names, addresses, dates of birth, gender, disability status, and type of insurance coverage. Cybercriminals also stole payroll data including details about deductions, 401k forms, income, and benefits as well as scooping up, banking details like routing and account numbers, and Social Security numbers.

Individual Risk: 2.074 = Severe - The company is offering free monitoring solutions to affected staffers and advises anyone who suspects that their information may have been involved to monitor accounts for financial and identity compromise. Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the bane of cybersecurity professionals around the world. It is typically used to encrypt data, but even an attempt that fails to encrypt data can still expose sensitive information.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Protection from ransomware starts as protection from phishing. Improved phishing resistance training with BullPhish ID will arm staffers with the knowledge and awareness that they need to spot and stop potentially ransomware-infected emails. Call Avantia on 07 3010 9711 to find out more.

THREAT FOSCUS: Avon Cosmetics Distribution - UNITED KINGDOM

https://www.infosecurity-magazine.com/news/cosmetics-giant-avon-leaks-19/?&web_view=true


Exploit: Unsecured Database

Avon: Cosmetics Manufacturer and Distributor

Risk to Small Business: 1.883 = Severe - A misconfigured cloud server at global cosmetics powerhouse Avon was the culprit of a 7GB data breach at the cosmetics giant after it was discovered by researchers. The Elasticsearch database on an Azure server was publicly exposed with no password protection or encryption for nine days. The treasure trove of information available included personally identifiable information of both customers and employees, including full names, phone numbers, dates of birth, emails, and home addresses with GPS coordinates. Also included in the haul were an eye-popping 40,000+ security tokens and OAuth tokens plus internal logs, account settings, and technical server information.

Individual Risk: 2.339 = Severe - While no financial data was reported as exposed, the personal information that was available to cybercriminals opens Avin customers and staffers up to spear phishing attempts and potential identity theft. Customers Impacted: 19 million

How it Could Affect Your Business: Basic security failures are unacceptable at companies of any size. Consumers are becoming more aware of the potential risk that comes from having their personal data exposed and will be less likely to do business with companies that fail to secure it.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

THREAT FOCUS: Dussmann Group - GERMANY

https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/?&web_view=true


Exploit: Ransomware

Dussmann Group: Services Conglomerate

Risk to Small Business: 1.827 = Severe - Nefilim Ransomware is responsible for a data breach at Dresdner Kühlanlagenbau GmbH (DKA), a subsidiary of the Dussmann Group. The attackers began the sale of 14 GB of sensitive data including archives contain numerous documents, including Word documents, images, accounting documents, and AutoCAD drawings before encrypting systems. In total, the gang claims to have encrypted four domains and stolen approximately 200GB of archived data. Individual Risk: No personal or financial information was reported as stolen in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Dark Web data brokers aren’t just looking for password lists and credit card numbers. They also want proprietary data and business secrets like formulas and schematics like the ones stolen in this incident.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security and Cyber Hawke to the Rescue: Many cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented.  Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes, and threats caused by misconfigurations. To find out more call Avantia on 07 30109711 or Email info@avantiacorp.com.au


THREAT FOCUS: Promo Video - ISRAEL

https://portswigger.net/daily-swig/promo-com-data-breach-impacts-23-million-content-creators


Exploit: Third Party Data Breach

Promo.com: Marketing Video Creation

Risk to Small Business: 2.092 = Severe - The Israeli-based marketing video creation site has disclosed a data breach after a database containing 22 million user records was leaked for free on a hacker forum. The exposed data includes content creators’ first name, last name, email address, IP address, approximated user location based on their IP address, and gender, as well as encrypted, hashed passwords. Promo.com says that the information was stolen as part of a third party data breach involving one of their service providers.

Individual Risk: 2.802 = Moderate - No financial data was stolen in this incident, but the personal information stolen may open creators that use the site up to identity theft and spear phishing attempts.

Customers Impacted: 23 million

How it Could Affect Your Business: A data breach at a third party provider is almost as dangerous to a company’s security and reputation as an in-house incident.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Protection from ransomware starts as protection from phishing. Improved phishing resistance training with BullPhish ID will arm staffers with the knowledge and awareness that they need to spot and stop potentially ransomware-infected emails. Call Avantia on 07 3010 9711 to find out more.

THREAT FOCUS: Regis Healthcare - AUSTRALIA

https://www.smh.com.au/business/companies/aged-care-operator-s-sensitive-data-stolen-in-foreign-cyberattack-20200803-p55hxl.html?&web_view=true


Exploit: Ransomware

Regis Healthcare: Aged Home Operator

Risk to Small Business: 2.002 = Severe - Care home operator Regis is reporting that it suffered a cyberattack leading to a data breach that was allegedly perpetrated by “foreign attackers” using Maze ransomware. The stolen data from 2 servers includes the personal information of a small number of residents at Regis facilities and a staff member Individual Risk: 2.705 = Moderate - While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster. Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for Breach levels are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & Passly to the Rescue: With Passly, get the secure identity and access management solutions that you need to protect your systems and data in today’s remote work landscape at a price that you can afford, including multi-factor authentication, single sign-on, and secure password storage. Find out more by phoning Avantia on 07 30109711 or Click the link to get started: https://www.avantiacybersecurity.com/overwatch

______________________________________________________________________________

POSTSCRIPT:


The BlackBaud Breach Fallout Continues to Pile Up

The recent data breach at fundraising technology provider BlackBaud is an object lesson in how third party risks can compromise cybersecurity and cause huge problems for other businesses, leading to a cascade effect that keeps the damage rolling. Initially, BlackBaud obfuscated the details it released about the breach, including insinuating that the initial ransomware attack was unsuccessful. Two weeks ago, it was noted that BlackBaud had actually paid the ransom demanded for the encryption key. The company also claimed that very little user data was stolen and the breach would only impact a small subset of its users. Once again, that wasn’t necessarily the case. As the ripple effect of the initial breach became more apparent, large universities and institutions around the world began disclosing that information including details about their alumni, donors, and fundraising efforts had been compromised in the BlackBaud breach, Including The National Trust (UK), Texas Tech, the University of York, the University of South Wales, Aberystwyth University, and UK Charities including The Wallich, Crisis, Sue Ryder, and Young Minds. The UK’s Information Commissioner’s Office (ICO) told the BBC that 125 organizations had reported that they were impacted by the event, including dozens of universities and 33 charities. Internationally, the breach is expected to impact many more universities, trusts, museums, schools, churches, and food banks.  So how can you protect your clients’ sensitive data and systems from breach danger or exposure because of third party service providers? We’ll be coming out with a new book addressing that problem soon, but here’s a sneak peek at our advice – and you can put this into practice right now. Start employing single sign-on (SSO) and multifactor authentication (MFA) immediately. Those two tools combines add a strong barrier between cybercriminals and sensitive data and systems by giving IT staffers more control. MFA is often the star of the show when considering secure identity and access management solutions, but single-sign-on is the unsung hero. SSO allows for the creation of a unique Launchpad for every user, giving IT staff the opportunity to control each user’s access to applications and data with one action. If someone’s account is compromised, instead of figuring out what they ad access to and turning each one off individually, IT staffers can cauterize the bleeding quickly by simply deactivating that user’s Launchpad, eliminating their access to everything. Get these essential protections and more with our freshly updated secure identity and access management solution Passly. Not only do you get MFA and SSO, Passly also includes easy remote management tools, secure password storage vaults, and seamless integration with over 1,000 commonly used business applications. Start using Passly now to provide an essential upgrade in protection from unexpected threats that won’t break the bank – and gets to work securing data and systems from Day 1.


Double Extortion Ransomware is in Fashion This Year.

In a tough economy, everybody’s looking for a way to make a little more money and increase profitability – even cybercriminals. Why should a cybercriminal only benefit once from the hard work of hacking into systems and deploying ransomware, when they could benefit twice? Double extortion ransomware is becoming more trendy as a means of cybercrime because it opens up extra opportunities for profit as cybercriminals not only attempt to get paid by selling you the encryption key to unlock your systems and data, they also try to extort a little extra by threatening to release especially sensitive information on the Dark Web. The majority of ransomware infections are delivered via phishing- and phishing isn’t just an email threat these days. Instead of the proverbial malware-laced attachment, phishing has expanded to include attack attempts through malicious links, SMS messages, texts, chats, and more. By implementing and updated regular phishing resistance training, companies can improve their defence against ransomware. Choose an innovative solution like BullPhish ID that offers constantly updated, plug-and-play phishing training in bite-sized pieces using engaging video lessons in 8 languages to keep staffers on alert for suspicious messages and stop ransomware attacks before they start.

______________________________________________________________________________


AVANTIA CYBER SECURITY - PARTNER FOCUS

IT Governance is a leading global provider of cyber risk and privacy management solutions, with a special focus on cyber resilience, data protection, PCI DSS, ISO 27001 and cybersecurity.  In an increasingly punitive and privacy-focused business environment, they are committed to helping businesses protect themselves and their customers from the perpetually evolving range of cyber threats.  Their deep industry expertise and pragmatic approach helps their clients improve their defenses and make key strategic decisions that benefit the entire business.


FOR MORE INFORMATION ON IT GOVERNANCE PLEASE CONTACT AVANTIA CYBER SECURITY ON +61 7 30109711 / info@avantiacorp.com.a

______________________________________________________________________________


Disclaimer*:

Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.

(58,578,070)

Want The Information  Cyber Criminal's  Don't Want You To Know?

Subscribe below to receive our weekly Threat Updates straight to your inbox.

Call (07) 3010 9711 

info@avantiacorp.com.au

 

Avantia Corporate Services Pty Ltd,                    Level 7, 320 Adelaide Street

Brisbane, Queensland 4000

AUSTRALIA.

  • LinkedIn Social Icon
  • Facebook Social Icon

DISCLAIMER*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cybersecurity information to us in real-time. Given their international focus and experience in the cyberspace arena, we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the content's accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services  PTY LTD - All Rights Reserved.