Whitehat Virtual Security Bulletin - September 2016
Every day is an interesting one in the cyber security world. Here are some highlights from the past few weeks that Whitehat Virtual would like to share with you. At the end of each security breach you'll find recommended solutions to address each issue. We’re here to help you secure your business in any way we can and we hope this helps. Stay safe out there!
Hackers have stolen over 60 million Dropbox users’ account information. They have released a statement requesting that users change their passwords.
Instructions for resetting your Dropbox password
If you're not currently signed in to your account:
- Visit dropbox.com in your web browser.
- Click Sign in.
- Click Forgot your password?
- Enter the email address you used to create the account.
- Check your email inbox and click the link in the email you received to reset your password.
Apple has released a patch for what is arguably the worst vulnerability of all time for its’ iOS devices. Remote spying of text, email, phone calls, GPS location, and even remote camera usage are among the headlines relating to this vulnerability.
Instructions for updating iOS devices can be found by clicking here
NSAA group claiming to have hacked the NSA’s hacking group released a small amount of what it claims are military grade cyber weapons that were in use by the NSA as recently as 2013. The vulnerabilities affect some of the most popular network and security hardware and software in use today. Cisco, Fortinet, Juniper and TopSec are among those. The group is now auctioning off the remainder of the weapons, though it’s widely believed to be a smoke and mirror distraction.
Instructions for updating the affected products can be found in each of the links above. We recommend updating these products as soon as possible.
Google has released updates to Chrome after researchers discovered a Trojan that impersonates the popular web browser.
Instructions for updating Chrome can be found here.
New “Fantom” ransomware has been found disguised as a legitimate Microsoft Windows update.
Single sign-on and identity management company OneLogin was breached. The attacker used an employee’s login information to gain access to internal logging systems and see customer Secure Notes which are typically encrypted.
As always, we encourage users to be aware of their actions pertaining to security online. Some simple tips to keep you safe include:
- Use complex and unique passwords when possible and change them on a regular basis
- Don’t click links in emails that you can’t verify the authenticity of
- Don’t visit websites that are of a questionable nature
- DO NOT provide any personal information if you do find yourself at a questionable site
Online security starts with the end user and basic awareness can go a long way to prevent accidental exposure of sensitive information. We hope you’ve found this informative and helpful and we encourage you to send us any questions or comments you may have on the topics we’ve addressed.
If you'd like to identify the strengths and weaknesses of your IT infrastructure, a security risk assesment will let you know if you are at risk.
Click Here to speak with a member of our Security Team.