The Cyber Scoop Newsletter

WELCOME TO THE MARCH 2025 NEWSLETTER

Cyber Scoop is KeyStone Solutions monthly newsletter about the latest trends, topics, and articles relating to cybersecurity. As a Managed Service Security Provider (MSSP), KeyStone’s expert team helps small to medium sized businesses with IT services including virtual Chief Information Security Officer (vCISO), cybersecurity, help desk support, Governance, Risk, and Compliance (GRC), cloud solutions, and KeyStone’s signature service, IT Team as a Service (ITTaaS) which is an all-encompass solution.

From The Desk of the CISO

What is the Zero Trust Security Approach And is it Relevant to a Small Business?

By Rob Ashcraft, CISO at KeyStone Solutions

Zero trust in circle on circuit board

The Zero Trust security approach is an approach (or model) built on the principle of “never trust, always verify.” Unlike traditional security models that assume everything inside your network is safe, Zero Trust operates on the assumption that threats can exist both inside and outside the network perimeter. This means that every user, every device, and every application, regardless of location, must be authenticated, authorized, and continuously validated before being granted access to resources. This approach challenges the conventional “trust but verify” method, mandating stricter policies and permissions for all system and accounts access.

Read The Full Article

 

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud

Commentary by KeyStone’s Rob Ashcraft

Person holding mobile phone with face recognition

Let’s face it, malware attacks are only getting more complicated (no pun intended).  An article in bleepingcomputer.com highlights a new type of fraud. Here are a couple of thoughts I would consider regarding this article:

  • iOS is becoming more vulnerable and security measures are necessary.
  • This attack starts with social engineering via email (phishing) or text message (smishing), making security awareness training more important than ever.
  • The malware attack is called “GoldPickaxe” and can steal images from iOS and Android phones showing the victim’s face or trick the users into disclosing their face on video through social engineering.
  • The messages attempt to trick the smartphone owner into installing fraudulent apps, such as fake apps or fake URLs. Review apps and links before downloading or clicking them.
  • Examples of fake apps: “TestFlight” for iPhones and “DigitalPension” for Android. Do not download these!
  • Setting up a secure enclave will protect the device’s biometric data; Newer iOS devices have a secure enclave feature. Also, high-end Android devices have a trusted execution environment (TEE) chip which will serve this purpose.
  • A VPN can also help secure your internet connection and prevent third parties from intercepting any biometric data you transmit.
  • Businesses should stay informed about potential threats and practice safe browsing habits.
  • Talk to your IT provider about securing biometric data on mobile devices.

Read the Article

View Live Cyber Threat Map From Check Point

Check Point Live Cyber Threat Map Jan 22, 2024