Blog Category: News

Social Business Software powered by NewPush Alt Ten, a Littleton, Colorado based Social Business Software startup selects NewPush to run its ground breaking software, TurboStack. TurboStack aims at filling the gap between traditional Email, CRM, ERP and other productivity tools and the power of Social Media. NewPush has the infrastructure and know-how to scale applications […]

Today Cisco BGP memory leak (bug ID CSCsw63003) during routine BGP updates caused a 22 minute outage in our downtown Denver facility. An after action report can be found here: Cisco BGP Bug After Action Report. We extend our deepest apologies to all of our customers who were impacted by this outage. We clearly recognize […]

Windows 7 has an interesting feature to determine if there is a working Internet connection. By default, it sends information to Microsoft to about the connection location. The following article explains how this works, and how to reconfigure the setting to regain privacy while maintaining that useful feature: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/

NewPush newsletter – November 2016 edition I would like to welcome you to our newsletter of November 2016. Did you know that NewPush has been in business since 1999 providing stable and reliable service to our customers in both North America and Europe? Our cloud vision was implemented many years prior to the time the […]

By Mark Nyquist ‐ Information Systems Director, Epicor HCM In the wake of the recent security breaches (see links below), I’d like to take just a quick moment to remind everyone that extra vigilance and scrutiny are becoming vital for the security of work and home environments. I’m sure that many of you have already […]

Thoughout the week of October 25th, 2010, we will be upgrading our customers from the Postini/Google SPAM filter to the Red Condor SPAM and Virus filter. As a result of the upgrade, former Postini/Google customers will have more flexibility and more ease of use to access automatically their quarantine. If you have any questions, please […]

***IPPAY NON-INTRUSIVE MAINTENANCE NOTIFICATION*** Duration of Maintenance: 60 minutes Start Time of Maintenance: 10:00pm CST, Thursday, July 2, 2015  Stop Time of Maintenance: 11:00pm CST, Thursday, July 2, 2015 Scope of Maintenance: To ensure the most reliable environment is maintained for our customers, IPpay Technical Services will be performing planned system updates. We expect the […]

The majority of projects in IT are over budget and miss their deadline.  We often notice that IT staff works hard just to stay in one place.  While there are many causes, one of the key factors to mitigate the problem is testing.  In this article, we will define show what happens if you: let testing […]

I had a chance to chat with Dave Simpson recently about our partnership with Zerowait to deliver great value on high end and high quality storage to our customers. Here is the article mentioning our Petabyte Storage Solutions.

Akavit picks NewPush to power the Denver Broncos mail gateway.

This debate over what the future of cryptocurrencies should look like is just heating up, as central banks around the world are developing their own currencies, and legislation is being passed to begin to define the crypto sector.

Okta Security detected unauthorized access to their support system due to a compromised credential, allowing the viewing of certain customer files.

A global coalition of government cybersecurity leaders will announce efforts to boost information sharing about digital threats and take on nefarious cryptocurrency payments when they convene in Washington.

As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their operations, widen their profit margins, and increase their likelihood of pulling off successful attacks.

In a development sparking chatter and debate through the cybersecurity world, the lawsuit filed by the U.S. Securities and Exchange Commission (SEC) against the Chief Information Security Officer (CISO) of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles.

The UK government called it a “landmark” decision for the future of artificial intelligence (AI). The Bletchley Declaration, has been signed by 28 countries, including the US, the UK, China, six EU member states, Brazil, Nigeria, Israel and Saudi Arabia. 

The average Password Health Score ranges from 70.9 in Northern America to 78.2 in Eastern Europe, indicating a need for improvement across all regions, according to a report. However, the scores improved by nearly two points in the past year, thanks to fewer weak, reused, and compromised passwords.

The FBI has warned that ransomware attackers are targeting third party vendors and services to compromise businesses.

The popular generative AI application ChatGPT experienced recurring outages this week on both the ChatGPT interface and the associated API, according to its own status page.

The spree of attacks against MOVEit environments in May, which are still cascading to downstream victims five months later, capped a concentrated period of damaging attacks against file-transfer services. Progress Software’s MOVEit, Fortra’s GoAnywhere and IBM Aspera Faspex were hit by supply-chain attacks over a three-month span starting in March this year.

Threat groups are finding sophisticated new technologies to target retailers and their customers, as consumers turn to e-commerce channels to find the best discounts.

In the dubious race for popularity among cybercriminals, Redline Stealer appears to be far and away attackers' top choice for malware built to steal lucrative and sensitive data, including cryptocurrency wallet and remote access credentials. 

A security vendor’s 11-month long review of non-public data obtained by investigative journalists at Reuters has corroborated previous reports tying an Indian hack-for-hire group to numerous — sometimes disruptive — incidents of cyber espionage and surveillance against individuals and entities worldwide.

According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have been impacted to date, with millions in the past weeks alone have received notifications that their info was either accessed, leaked, or both after the Russian ransomware gang Clop exploited a security hole in MOVEit back in May to steal files from compromised instances.

Threat intelligence-sharing platform VirusTotal has unveiled new research showing how AI can be used by cyber defenders to enhance malware analysis.

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform.

OpenAI launched ChatGPT a year ago on November 30, 2022. The public release of the large language model (LLM) chatbot quickly sparked discussion about the societal impact generative AI will have – both good and bad.

The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors abusing its iMessage server infrastructure.

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.

A total of 26,447 vulnerabilities were disclosed in 2023, surpassing the previous year by over 1500 CVEs. The figures come from the latest report by the Qualys Threat Research Unit (TRU), published today.

There has been a wide range of major cybersecurity incidents in 2023, from nation-state espionage campaigns to attackers gaining a gateway to thousands of enterprises through software supply chain vulnerability exploitations.

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S.

With cybercrime projected to cost $8 trillion in 2023 and businesses, particularly smaller ones, often lacking the resources and expertise to keep up, the digital sector is fast becoming the most vulnerable one.

The year 2023 saw three significant events that raised the stakes for cybersecurity professionals.

The world of information security covers a range of topics, and in such a rapidly evolving field, we sometimes come across unique, unusual and even downright whacky stories. These include bizarre attack methods and cybercriminals getting their comeuppance.

GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts.

On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.

In a recent development on an underground forum, a user is actively promoting the sale of Zeppelin2 ransomware, offering both its source code and a cracked version of its builder tool. This malicious software, known for its destructive capabilities, has caught the attention of cybersecurity experts and law enforcement agencies worldwide.

Distributed denial of service attacks hit an all-time high in 2023, more than doubling year over year in the fourth quarter, Cloudflare said Tuesday in a threat report. The record high year for DDoS attacks coincided with mass exploits of the novel zero-day vulnerability HTTP/2 Rapid Reset, which threat actors used to launch DDoS attacks that broke records during the third quarter of 2023.

A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. China has a long history of censoring its people, requesting Apple block access to mobile apps, blocking encrypted messaging apps, such as Signal, and creating the Great Firewall of China to control what sites can be visited in the country.

Kaspersky’s Global Research and Analysis Team (GReAT) has unveiled a new, lightweight method to detect sophisticated iOS spyware, including notorious threats like Pegasus, Reign and Predator.

With elections expected to occur in over 50 countries in 2024, the misinformation threat will be top of mind. OpenAI, the developer of the AI chatbot ChatGPT and the image generator DALL-E, has announced new measures to prevent abuse and misinformation ahead of big elections this year.

Email security remained top of mind for cybersecurity professionals in 2023 as over nine in ten (94%) cyber decision-makers had to deal with a phishing attack, according to email security provider Egress. This is up 2% from the previous year, Egress’ Email Security Risk Report 2024 found.

Apple pushed out a security update for iPhone this week featuring a brand-new Stolen Device Protection for iPhone feature. Stolen Device Protection restricts the user's ability to make critical changes to the device settings when the device is not in a familiar location such as the user's home.

The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. The supermassive MOAB (Mother of all breaches) does not appear to be made up of newly stolen data only and is most likely the largest compilation of multiple breaches (COMB).

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.

Data compromises were more abundant and organizations were less forthright about the root cause of cyberattacks throughout 2023, according to the Identity Theft Resource Center’s annual data breach report. The number of data compromises reported in the U.S. last year jumped 78% to a record high of 3,205 incidents, the non-profit organization said Thursday. These compromises ultimately impacted more than 353 million victims, including individuals affected multiple times.

CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses.

Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. The previous record-high figure was set in 2021, with ransomware payments amounting to $983 million, surpassing the preceding record of $905 million in 2020 by approximately 10%.

A study by Surfshark, a VPN service provider, has revealed that ethical hackers, or white hat hackers, played a vital role in improving cybersecurity in 2023 by identifying 835 vulnerabilities across 105 websites.

Ransomware operators were especially successful targeting critical zero-day vulnerabilities in widely used IT products.

Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership.

Apple on Wednesday unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks.

Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System (DNS) security extension, which under certain circumstances could be exploited to take down wide expanses of the Internet.

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer.

NIST on Feb 26th announced the official release of version 2.0 of its Cybersecurity Framework (CSF), the first major update since its creation a decade ago.

Despite arrests, infrastructure seizure and international law enforcement efforts, LockBit ransomware has resurfaced, promising robust security and threatening aggressive cyber attacks on UK and USA government sectors.

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates’ money by pretending the FBI seized their site and infrastructure.

Lookout recently discovered an advanced phishing kit exhibiting novel tactics to target cryptocurrency platforms as well as the Federal Communications Commission (FCC) via mobile devices.

Google’s new Security Command Center Enterprise (SCC Enterprise) could streamline cloud risk management through AI automation, saving security teams time, experts say. Enhanced with Mandiant threat intelligence and generative AI, SCC Enterprise aims to offer comprehensive insights across the cloud security lifecycle.

The NIST Cybersecurity Framework (CSF) 2.0, an evolution of its predecessor, is a comprehensive guide designed to assist organizations across various sectors in managing and mitigating cybersecurity risks effectively.

DDoS attacks against the financial services sector historically accounted for about 10-15% of all attacks, however that trend began to rise in 2021, the FS-ISAC and Akamai found.

APIs were the target of 29% of web attacks in 2023, with cybercriminals exploiting the swiftly growing API economy for new avenues of attack, according to a report from Akamai.

It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged.

In a proactive measure to enhance user security, Google has announced an update to its Chrome browser, effectively patching a series of vulnerabilities, including the zero-day flaw CVE-2024-3159, unveiled at the Pwn2Own hacking contest in March 2024.

Cybercriminals are looking for ways to integrate large language models (LLMs) into their attacks, and they have three main options: trying to bypass the safeguards on existing LLMs, building their own LLMs, or using uncensored open-source models.