With the emergency approval of COVID-19 vaccines, many are (rightfully) starting to see the proverbial light at the end of the tunnel. Although GroupSense is hopeful 2021 will bring health, prosperity, and recovery from the global public health crisis, we are also cognizant of numerous cyber security threats that may derail the mass-vaccination process. Below are five of the many threats GroupSense expects to see as the world moves forward with COVID-19 vaccination efforts.
Five COVID-19 Vaccine Threat Predictions for 2021
By Editorial Team on Jan 12, 2021 8:45:00 AM
Topics: Blog
Ransomware Read Me First: Don't Get Scammed... Twice
By Editorial Team on Jan 11, 2021 8:45:00 AM
You were hit with ransomware. You panic. You search “ransomware response” or “ransomware repair” and among the top results is a link that reads “Recover Encrypted Files - Guaranteed.” Sounds like you found the solution! None of us wants to pay the ransomware operators. If there is a legitimate solution that avoids sending tens of thousands (if not millions) of dollars via cryptocurrency to threat actors overseas, it’s worth paying for.
Topics: Blog
Overview of the SolarWinds Software Supply Chain Attack
By Editorial Team on Dec 17, 2020 1:39:15 PM
Background
The cyber security industry is reeling from another large scale, targeted attack. What was initially reported as a breach of FireEye red team tools on December 8th has now been exposed as a much wider, potentially catastrophic breach affecting the SolarWinds Orion software. SolarWinds stated a threat actor inserted malware, SUNBURST or Solorigate, into a service providing trojanized software updates for its Orion platform, used by public and private companies to track IT resources. To date (December 16th, 2020), as many as 18,000 organizations have been affected by SUNBURST, announced SolarWinds. On December 14, Reuters and the Washington Post reported the U.S. Department of Homeland Security (DHS), the State Department, and the National Institutes of Health (NIH) were also compromised as a result of the infected Orion distribution.
Topics: Blog
Ephemeral Messaging: Good for Users, Bad for Security Researchers
By Editorial Team on Dec 9, 2020 9:50:54 AM
The world’s most popular messaging and social media apps are rolling out new privacy features allowing users to send content that will self-delete after a short time. On November 5, WhatsApp announced “disappearing messages” that are automatically erased after a week; on November 12, WhatsApp’s parent company Facebook introduced “vanish mode” for Messenger and Instagram, seamlessly deleting messages after users leave their chat. And on November 17, Twitter launched “Fleets,” messages with 24-hour lifespans.
Topics: Blog
The 5 Reasons WhatsApp Could be a National Security Risk
By Editorial Team on Oct 28, 2020 1:35:00 PM
Republished from October 2019
Last week I was asked by one of the 24-hour news networks to comment on camera about Jared Kushner’s use of WhatsApp for official White House business. The news network wanted my thoughts on the vulnerabilities and risks associated with this behavior. My first thought was that this was outside the core focus of what we do at GroupSense, but before I declined I gathered my thoughts on the topic. I quickly realized that this falls squarely in line with the GroupSense mission. Since the networks only want sound bites, I thought I would crystalize the concerns with greater context here. It is my intention to make this post apolitical, but in today’s climate, people are likely to trigger on the particular individual, so replace “Mr. Kushner” with “WH Staffer with critical national intelligence information”, and the risks remain.
Topics: Blog
Think Before You Share: How Tweets Fuel the Infodemic
By Editorial Team on Sep 15, 2020 9:44:15 AM
Twitter is a fun and easy way to engage with pop culture and maybe even spark a spirited discussion. Many of us on twitter can retweet/share without thinking or researching what tweets truly say, causing them to spread quickly to a larger audience. But, the sad fact is, some tweets might end up being misinformation or disinformation, especially politically-oriented tweets.
Topics: Blog
Breached Passwords and Legacy Protocols Still Defeat Azure MFA
By Editorial Team on Sep 3, 2020 10:04:24 AM
In August 2020, Microsoft posted an article focused on email authentication utilizing their Azure Active Directory (AD) authentication and the use of Multi-Factor Authentication (MFA).
Topics: Blog
Stopping Disinformation: A 'How To' Guide
By Editorial Team on Aug 6, 2020 1:17:07 PM
Topics: Blog Elections
Dark Web Timeline
By Editorial Team on Mar 4, 2020 11:45:00 AM
The dark web has been around for 20 years, and in “celebration” we’ve put together a timeline of the major events from these past two decades. It’s important to note that many events have formed it into the dark web we see today. This is only a taste of its history…
Topics: Blog
Biometric Security: More Risk than Reward
By Editorial Team on Feb 4, 2020 1:57:00 PM
Using biometrics for authentication has always been a source of controversy. At face value, it seems like a fool-proof way to authenticate users (everyone has unique fingerprints, right?). But dig a level deeper, and biometric access management systems store that fingerprint (or iris, or facial map, or walking gait) as data. And, we all know what happens to data if it’s not protected properly. Which brings us to the big problem with biometrics: while passwords can be changed if there’s a data breach, fingerprints and other biometric data are permanent. One breach of a biometrics database is all it takes for someone to lose their identity for a lifetime.