cybercrime
4 Security Loopholes Have Been Found in Microsoft Office Apps Including Excel, Word
Sourced from Wikimedia Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in the Microsoft Office suite, including Excel and Office online. The loopholes were found in sections of legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook. Malicious code could have been delivered via Word documents (.DOCX) , Outlook Email (.EML) and most office file formats. Vulnerabilities are the result of parsing mistakes made in legacy code, leading CPR to believe security flaws have existed for years CPR responsibly disclosed to Microsoft, who then issued fixes: CVE-2021-31174, CVE-2021-31178, CVE-2021-311...
What is POPIA and What Does it Mean for Cybersecurity
With an inundation of information from all angles regarding The Protection of Personal Information Act (POPIA), and the 1 July commencement date quickly approaching, organisations could be forgiven for feeling more than a little overwhelmed. Emmanuel Tzingakis, Technical Lead for Trend Micro Sub-Saharan Africa, contemplates how POPIA can assist organisations to secure their data and be better enabled to handle any potential cyber threats. What is POPIA? With personal information becoming a hot commodity on the dark web it is critical to understand exactly how to protect data from cybercriminals. A recent global survey revealed that 79% of organisations experienced disruptions, financial loss or other setbacks due to a lack of cyber preparedness in 2020. As work from home strateg...
Crypto ban: We acted in Nigerians’ best interest – CBN
The Governor, Central Bank of Nigeria (CBN), Mr Godwin Emefiele, says the Bank’s decision to prohibit deposit money banks, non-banking institutions, and other financial institutions from facilitating trading and dealings in cryptocurrency is in the best interest of Nigerian depositors and the country’s financial system. Mr Emefiele made the declaration on Tuesday, February 23, 2021, while briefing a joint Senate Committee on Banking, Insurance and Other Financial Institutions; ICT and Cybercrime; and Capital Market, on its directive to institutions under its regulation. Describing the operations of cryptocurrencies as dangerous and opaque, the CBN Governor said the use of cryptocurrency contravened an existing law. He said given the fact that cryptocurrencies were issued by unregulated and...
How to Avoid Digital Fraud Over the Festive Season
With the festive season being synonymous with more transactions, especially as people typically have more money at this time of year, the greater the probability there is of fraud occurring. In fact, according to PwC’s Global Economic Crime and Fraud Survey 2020, South Africa has the third-most incidents of economic crime in the world behind India and China. “This festive season, I believe that there will be an uptick in fraud unless South African consumers and businesses are more security conscious,” says Nicho Bouma, CIO at Pay@. “More people have been forced to enter the digital space this year, due to the COVID-19 crisis. With many being new to the digital experience, they can easily fall prey to schemesters.” To prevent consumers from becoming victims of cybercrime, he urges them to o...
CSCS sensitizes financial market stakeholders on cyber-security
Central Securities Clearing System (CSCS) Plc, Nigeria’s capital market infrastructure, is ramping up its cyber-security advocacy as it sensitizes financial market participants on rising rate of cybercrime. In a webinar organized by CSCS, financial market stakeholders, including bankers and capital market operators dialogued on innovative measures for preventing cybercrimes, dire need for increased campaign and exigency of collaborative investments to reign in the rising rate of cybercrime. The online event themed “Cyber Security and Information During the Pandemic” was lauded for its timeliness, as COVID-19 pandemic and attendant remote connections may have increased cyber-security risks in many organizations, particularly as the crime rate surges globally, with rising exposure of financi...
5 Ways to Effectively Defend Against Cyberthreats
Sourced from Republic Title Garmin and Twitter recently joined the ranks of a string of global organisations that have fallen victim to crippling cyberattacks. A little closer to home, last year, the City of Johannesburg’s network was also hacked and held ransom for a hefty 4 bitcoins (worth around R520 000 at the time). While the nature of these attacks may be different, it’s clear that cybercrime is on the rise and companies of all sizes and across all sectors need to be vigilant. An ideal environment for cybercrime It’s no surprise that these attacks are becoming more common in today’s increasingly connected society. The rise of online applications and services means unprotected users are more exposed than ever before. Added to this, the current pandemic has pushed man...
5 Trends to Consider When Developing a Cybersecurity Awareness Training Program
Among the wide range of reasons that cause cybersecurity incidents, inappropriate use of IT resources by employees remains a challenge for businesses. In 2019, half (52% enterprise, 50% SMBs) of companies faced a data breach because of this, as revealed in a Kaspersky survey of IT decision-makers. Quite surprisingly, companies experienced this almost as often as their devices being infected with malicious software. This shows that businesses need to explain to their employees how to recognise ‘dangerous’ situations and ensure they know how to react appropriately. Security awareness training programmes are designed to teach important cybersecurity hygiene. To make sure courses deliver the desired results, companies should meet modern learners’ requirements and the current trends in corporat...
South African Organisations Lag Behind Global Average of Cybersecurity Resilience
Email and data security company, Mimecast, unveiled its fourth-annual State of Email Security 2020 report. This report summarises details from 1,025 global IT decision-makers on the current state of cybersecurity. The findings in this year’s report demonstrate that despite high levels of confidence in respondents’ cyber resilience strategies, there is a clear need for improvement. While a large majority (77%) of respondents say they have or are actively rolling out a cyber resilience strategy, only 62% of South African organisations are doing the same. Yet an astounding 47% of local organisations – and 60% of global ones – believe it is inevitable or likely they will suffer from an email-borne attack in the coming year. South African respondents cite data loss (35%), a decrease in employee...
Web Skimming – A New Way to Steal Payments from Online Shoppers
Sourced from IOL. Researchers from cybersecurity and antivirus experts, Kaspersky, have uncovered a new technique for stealing users’ payment information on online shopping websites – a type of attack known as web skimming. Web skimming is a popular practice used by attackers to steal users’ credit card details from the payment pages of online stores, whereby attackers inject pieces of code into the source code of the website. This malicious code then collects the data inputted by visitors to the site (i.e. payment account logins or credit card numbers) and sends the harvested data to the address specified by attackers. Often, to conceal the fact that the webpage has been compromised, attackers register domains with names that resemble popular web analytics services, such as Google Analyti...
Google Launches Website to Help People Avoid Online Scams
Sourced from Google. Ever opened your emails and received a poorly-worded message about a payment that you weren’t expecting? What about one proclaiming that you’ve won a competition you never entered. “Congratulations!” it reads, beneath, a sinister attachment that you probably should not open. This is becoming more and more common, and now Google has unveiled a website to teach people how to spot and avoid online scams. Digital hoaxes, malware and cyberattacks have been surging during the ongoing coronavirus pandemic. The website – Scamspotter.org – tries to show users how to identify things such as false stimulus checks, fake vaccine offers, or other fake medical information. The site also attempts to make clear certain patterns that are typical of hoaxes, like a romance scammer asking ...
Use of Cloud Collaboration Tools Surge Across the World and So Do Attacks
The COVID-19 pandemic has pushed companies to adapt to new government-mandated restrictions on workforce movement around the world. The immediate response has been a rapid adoption and integration of cloud services, particularly cloud-based tools such as Microsoft Office 365, Slack and other video conferencing platforms like Zoom. A new report by security firm McAfee shows that hackers are responding to this mass migration to these platforms with an increased focus on abusing cloud account credentials. After analyzing cloud usage data that was collected between January and April, from over 30-million enterprise users of its MVISION cloud security monitoring platform, the company estimates a 50% growth in adoption of cloud services across all industries. Some industries, however, saw a much...
7 Techniques Cybercriminals Could Use to Steal Your Private Data
Cyber threats do not rest and they continue to evolve as bad actors develop new attack techniques. Good cybersecurity hygiene requires more than a strong password to avoid compromise. The most important thing is to know how exactly cybercriminals may attempt to gain access to your data. Here are seven techniques they might try: Password Spraying: A form of brute force attack that targets multiple accounts in which adversaries try multiple guesses of the password on a single account that often leads to account lockout. With password spraying, the adversary only tries a few of the most common passwords against multiple user accounts, trying to identify that one person who is using a default or easy-to-guess password and thus avoiding the account lockout scenario. Key logging attack: By insta...
