the staff of the Ridgewood blog
Ridgewood NJ, according to a new report from mobile security firm Lookout, which recently published a list of the 20 passwords most commonly found in leaked account information on the dark web. The list ranges from simple number and letter sequences like “123456” and “Qwerty” to easily typed phrases like “Iloveyou.”
the staff of the Ridgewood blog
Ridgewood NJ, according to the New Jersey Cybersecurity and Communications Integration Cell , Cyber Monday 2020 set a record for e-commerce spending in one day, totaling $10.8 billion. With the pandemic raging on, many customers took to online stores to do their holiday shopping. While NJ COVID-19 cases have declined in recent weeks and vaccinations continue, we can still expect many customers to choose to conduct their shopping online and potentially start shopping earlier than usual given concerns for supply chain issues and shipping delays. Adobe predicts that online shopping spending will total over $200 billion for the first time ever by the end of the holiday season. Given the volume of e-commerce shopping, cybercriminals will continue their efforts to target online shoppers and marketplaces for financial gain. Therefore, it is vital to maintain awareness of the many cyber threats posed by these individuals and groups. Threat actors may target victims through a variety of methods, including compromised or spoofed websites, phishing emails, social media ads and messages, or unsecured Wi-Fi networks. Reviewing the following list of common attack vectors, along with tips and best practices, will help to combat the threats posed by cybercriminals this holiday season.
Continue reading Be Safe Online Shopping this Holiday Season
the staff of the Ridgewood blog
Ridgewood NJ, as part of the American Rescue Plan Act, the IRS began to distribute the first iteration of the child tax credit payments, which are automatically disbursed and do not require signing up for benefits, similar to past stimulus payments. Threat actors are quick to exploit public interests in order to carry out cyberattacks as reported by DomainTools researchers who discovered approximately 41 credential harvesting websites claiming to be American Rescue Plan Act sign-up sites. Researchers were able to trace the websites to a Nigerian web development firm, GoldenWaves Innovations. A spokesperson from GoldenWaves states their web hosting account was compromised and denies any involvement with these claims. They further stated that the sites are unable to be deleted due to illegal activity and have been forwarded to the Legal and Abuse department. DomainTools researchers assess that this activity is, in fact, linked to GoldenWaves and have reported the list of sites to Google Safe Browsing for blocking, further emphasizing the usefulness of historical WHOIS data.
the staff of the Ridgewood blog
Ridgewood NJ, a hacking group demanding $70 million infected the systems of a US information technology firm with ransomware over the Fourth of July weekend, impacting around 1,500 companies in at least 17 countries. REvil, the Russia-linked group behind another cyber attack on meat supplier JBS over Memorial Day weekend, took advantage of a software vulnerability to deploy this attack against Miami-based firm Kaseya. That software is sold to large managed service providers (MSPs), which assist small and midsize businesses, as well as local and state governments and agencies, in monitoring and controlling their computer networks.
Continue reading Sophisticated Ransomware Attack on US Tech Firm Affects 1,500 Organizations
the staff of the Ridgewood blog
Ridgewood NJ, many people travel for business or leisure purposes year-round to local destinations or around the globe. As people travel and access public networks, they are exposed to various cyber risks. The NJCCIC reminds users to be aware of the cyber risks associated with traveling and to employ best practices to stay safe while they are away. Users are encouraged to review the recommendations for the security of devices, accounts, networks, vehicles, and international travel.
the staff of the Ridgewood blog
Ridgewood NJ, Peloton be warned a new security threat relating to the touchscreen on their Bike+ that could potentially be controlled by hackers.
Continue reading New Security Threat Issued on Peloton Bikes
the staff of the Ridgewood blog
Linden NJ, The Department of Justice today announced that it has seized 63.7 bitcoins currently valued at approximately $2.3 million. These funds allegedly represent the proceeds of a May 8, ransom payment to individuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation. The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.
the staff of the Ridgewood blog
Linden NJ, The largest gasoline pipeline in America Colonial Pipeline is returning to service, according to the company that runs it, after a cyberattack choked fuel supplies across the eastern U.S. Shortages are likely to continue for some time however, as supplies got more sparse overnight with stations as far north as New Jersey affected.
the staff of the Ridgewood blog
Linden NJ, Colonial Pipeline, the largest refined products pipeline company in the US, says it has experienced a major cyber-attack. The incident has prompted the company to halt all its pipeline operations.
the staff of the Ridgewood blog, we know we are a day late !
Ridgewood NJ, The first Thursday in May is World Password Day, which was originally created by Intel in 2013 as a global effort to address the critical need for strong, unique passwords and emphasize the importance of this first line of defense in securing information, networks, servers, devices, accounts, databases, files, and more against cyberattacks. This day also serves as a reminder to update and organize all recent passwords. Now more than ever before, many users are connected to the internet and access multiple accounts and services for business, including email, applications, and vendor websites. Users also have access to multiple personal accounts, such as email, social media, online banking, bill payment, utilities, healthcare, shopping, entertainment, food delivery, dating apps, and more. The increased use of online accounts and services, combined with users engaging in risky password management practices, puts both themselves and employers at risk of account compromise and data breaches. Therefore, it is important to practice good password hygiene to protect accounts and data, not just on World Password Day, but year-round.
file photo by Boyd Loving
the staff of the Ridgewood blog
Ridgewood NJ, ParkMobile, the company that operates Ridgewood’s mobile parking app, announced in March it was investigating a cybersecurity incident linked to a vulnerability in a third-party software.
The company published a notification on Mar. 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use.”
the staff of the Ridgewood blog
Ridgewood NJ, Personal data from 533 million Facebook accounts was recently leaked online. The dataset was scraped by exploiting a vulnerability that was fixed in 2019. It contains information such as phone numbers, Facebook IDs, full names, locations, birth dates, email addresses, and more. Portions of the dataset were available for purchase earlier this year through a Telegram bot. The leaked emails have been uploaded to Have I Been Pwned, but the owner of the site is still debating whether to make the leaked phone numbers available.
the staff of the Ridgewood blog
Trenton NJ, searches this morning revealed many New Jersey Government state site are down or offline this morning . The Ridgewood blog ran a check and found some functions on NJMVC offline , the Office of New Jersey Governor Phil Murphy, NJDEP, NJDOL and NJDOH all offline at 7:20 am this morning(04/03/21) . Currently there is no information available as to the nature of the problem.
the staff of the Ridgewood blog
Ridgewood NJ, hackers continue to send COVID-19-related messages to deliver malware or steal credentials and other sensitive information. In an attempt to counter these threats, the US Department of Justice recently seized five domains that impersonated biotech companies involved in vaccine development. These domains collected personal data on visitors for use in future cyber attacks. Organizations and individuals are advised to remain vigilant and report incidents to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).
Continue reading COVID-19 Message Phishing Attacks on the Raise
the staff of the Ridgewood blog
Ridgewood NJ, The Parler app is non-functional, and parler.com has gone offline, as Amazon Web Services discontinued service to the company. Both the website and the app relied on AWS for content distribution.
AWS banning rekindles debate on the public cloud. When asked ,where is the “cloud”, its best to assume North Korea .
Continue reading AWS Banning Rekindles Debate on the Public Cloud
