SECURITY
NEWS, UPDATES & TIPS
Welcome to the Security Resources page, your go-to place for learning about phishing, online safety, and more. This hub is designed to equip you with essential tools and knowledge to safeguard your personal and company information against cyber threats. Whether you're seeking tips on identifying phishing emails, securing your accounts, or best practices for staying safe online, you'll find everything you need to enhance your digital security right here.
TIPS TO AVOID PHISHING SCAMS
What steps can you take to verify if an email sender is legitimate?
Check to see whether the sender is from within or outside of the company. There will be a banner that states “ CAUTION: *** This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.*** “
- Check the spelling of the username and hostname to see if there are any spelling errors or rush job differences
- Check the URL of a link by hovering over it and see the place it is trying to take you. Make sure it matches or at least seems like a relatable website.
How can you recognize a phishing attempt in an email subject line?
Anything mentioning your name or requesting anything ESPECIALLY finances in the subject line, it is a phish. Examples, Need social, need payment now, give me a call, pretty much anything asking you for info in the subject.
Why is it important not to click on links or attachments from unknown senders?
It is important because you want to make sure that this link isn’t malicious. Some links can send you to google and others can be used to spy on your browser session, or sending you to a fake Microsoft sign-in page where your credentials can be captured. That is why it is important to hover over the contents BEFORE clicking.
What should you do if an email asks for sensitive information like passwords or banking details?
Tell them I already sent it to the bank, no need to worry about it.
How can multi-factor authentication help protect your email account?
2 Factor-Authentication provides an extra-layer of security protecting your account from unauthorized access.
LATEST NEWS ON CYBER SECURITY
Microsoft News
on patched security flaw:
Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data.
HM Surf follows Microsoft’s discovery of Apple macOS flaws like Shrootless, powerdir, Achilles, and Migraine that could enable malicious actors to sidestep security enforcements.
While this allows Safari to freely access sensitive permissions, it also incorporates a new security mechanism called Hardened Runtime that makes it challenging to execute arbitrary code in the context of the web browser.
The HM Surf exploit devised by Microsoft hinges on performing the following steps :
Changing the home directory of the current user with the dscl utility, a step that does not require TCC access in macOS Sonoma
Modifying the sensitive files (e.g., PerSitePreferences.db) within “~/Library/Safari” under the user’s real home directory
Nidec Confirms
on Ransomware Attack:
Nidec Confirms Ransomware Attack Leaked Company Data Online Threat Actors Breached Nidec Corporation Earlier This Year And Have Now Leaked Stolen Data On The Dark Web. In An Announcement, The Company Explained That A Hacker Stole Valid VPN Account Information From A Nidec Employee, And Used It To Access A Server Holding Sensitive Information Consisting Of 50,694 Files, Including Internal Documents, Letters From Business Partners, Documents Related To Green Procurement, Labor Safety And Health Policies, Business Documents (Purchase Orders, Invoices, Receipts), Contracts, And More.
Data Breach Reported By The Texas Department Of Public
on patched security flaw:
The Internet Archive has confirmed a third security breach on Oct. 20, in what has become a series of escalating cyberattacks. Despite previous warnings and multiple breaches earlier this month, the organization had not or were unable to secure the system adequately. The Internet Archive is a nonprofit digital library that was established in 1996 by Brewster Kahle with the goal of providing universal access to all knowledge.
Learn more about
our Security tools
Check out the tools our security team recommends to keep you safe online. From antivirus software to password managers, these trusted solutions help protect your data and prevent cyber threats. Stay secure with our top picks for online safety.
