Always verify unusual requests for sensitive information or actions, especially if they come from unexpected sources or unofficial channels. Confirm these requests through a trusted method, such as a known phone number or official email, to ensure their legitimacy and avoid potential scams or unauthorized access.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

A new cyber threat has emerged, connected to the RansomHub ransomware, designed to shut down security software on infected computers. Named EDRKillShifter by the cybersecurity company Sophos, this tool joins other similar programs that disable security measures. 

Sophos discovered EDRKillShifter during a failed ransomware attack in May 2024. This tool acts as a delivery system for vulnerable drivers, which can be misused to bypass security protections. Security expert Andreas Klopsch explained that EDRKillShifter can load different harmful drivers depending on what the attackers need. 

RansomHub, which is thought to be a new version of the Knight ransomware, first appeared in February 2024. It takes advantage of security weaknesses to gain access and installs legitimate remote-control software, like Atera and Splashtop, to maintain control over infected systems. 

Source: August 21, 2024 16:50 (on 8/21/24) |  2 | 1 minute read

Avoid accessing sensitive accounts or entering personal information on public computers or shared devices. Opt for private browsing modes and remember to clear browsing history after use to protect your privacy and prevent unauthorized access to your information. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Devices hold personal photos, messages, financial data, and sensitive documents. To avoid breaches:

• Use a PIN, password, or biometric lock for security.
• Keep your device in a locked drawer or bag when not in use.
• Be wary of public Wi-Fi, suspicious links, and untrusted apps; use a VPN for extra protection.
• Keep software up to date to guard against threats.

Keep your personal and work activities separate by using different devices whenever possible. This helps protect sensitive work information from accidentally mixing with personal data, reducing the risk of unauthorized access. By dedicating specific devices for work tasks, you can better control and safeguard your work-related information and maintain your privacy.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Safeguard your digital identity by using distinct usernames, email addresses, and profile details for each online account. Minimize sharing personal information on social media to reduce the risk of identity theft and unauthorized access. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Use email and messaging apps that offer end-to-end encryption, ensuring that your messages are unreadable to anyone except the intended recipient. This protects sensitive information like financial details and personal addresses from being intercepted by cybercriminals during transmission. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Keep your work smartphones and tablets safe by setting strong rules like encryption, remote wiping, and allowing only approved apps. These steps protect your data and privacy if your device is lost or stolen. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

A new phishing campaign is exploiting Google Drawings and WhatsApp’s shortened links to deceive users and steal sensitive data. Cybersecurity researchers, including Menlo Security's Ashwin Vamshi, revealed that attackers are using these trusted platforms to craft fake Amazon account verification pages.

The scheme begins with a phishing email directing users to a Google Drawings graphic containing a link to a fake Amazon login page. This page, obscured by multiple URL shorteners, captures login credentials and personal details before redirecting users to the genuine Amazon site. The phishing page is then rendered inaccessible from the same IP to avoid detection. This tactic showcases the evolving sophistication of cyber threats and the need for heightened user vigilance.

Source: New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links (thehackernews.com)

Cybersecurity is a shared responsibility within organizations. Everyone should understand and practice cybersecurity measures, like following policies, using strong passwords, enabling multi-factor authentication, and updating software. These actions contribute to a secure environment and reduce organizational risks. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.