Cybersecurity

News

Tips

A coordinated cyberattack dismantles Iranian Banks

•

20 min read

A coordinated cyberattack dismantles Bank Sepah’s data. But was this the first shot in a wider digital war?

In a chilling escalation of digital warfare, a hacking group known as Gonjeshke Darande (“Predatory Sparrow”) has claimed responsibility for a devastating breach targeting Iran’s Bank Sepah, a financial institution under US sanctions and reportedly linked to the IRGC’s nuclear and ballistic missile programs.

According to statements released by the group on X (formerly Twitter), the attack destroyed critical data and disrupted services nationwide, citing internal collaborators as part of the operation.

“This is what happens to institutions dedicated to maintaining the dictator’s terrorist fantasies.” — Predatory Sparrow

While Israel maintains official silence, cybersecurity experts and geopolitics analysts are closely watching — especially given the group’s history with high-profile cyberattacks, including those on Iranian gas stations and industrial sites.

Why this matters for SMBs, law firms, healthcare and schools

You don’t have to be a military bank to be a target.

Sophisticated attacks like these often begin with small cracks — a phishing email, an outdated VPN appliance, or a compromised vendor login. Hackers are no longer just after government assets — they’re exploiting anyone connected to valuable networks.

If your organization handles financial data, personal information, or serves regulated sectors, the same tools used in international cyberwarfare — wipers, remote access malware, DNS poisoning — could hit your infrastructure.

What you should be asking now:

🔍 Have we segmented sensitive data away from public-facing systems?
🔐 Are all critical systems protected with MFA and endpoint detection?
🛡️ Do we have an incident response plan that includes nation-state threats?
🔁 When was our last tabletop exercise simulating a ransomware or wiper attack?

Final Word:

The digital battlefield is no longer “out there.” Whether it’s a hacker-for-hire or a state-sponsored actor, their targets increasingly include your servers, your users, and your data.

70% of all cyberattacks target small businesses. I can help protect yours.

=============================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

#Cybersecurity #Infosec #MSP #DigitalWarfare #SmallBusinessSecurity

Tips

News

Cybersecurity

Call of the MAG-Network: Trump Enters the Telecom Arena

•

20 min read

Call of the MAG-Network: Trump Enters the Telecom Arena

When politics, branding, and tech collide, cybersecurity should be front and center.

In a move that surprised some and thrilled others, the Trump Organization has launched Trump Mobile, a mobile phone service and branded smartphone designed to cater to “hard-working Americans.” The offering includes unlimited talk, text, and data on a 5G network — likely via an MVNO partnership with major carriers — and a gold-toned “T1” smartphone priced at $499.

But under the red, white, and gold branding is something far more consequential for IT and cybersecurity professionals to consider.

Brand Power Meets Tech Infrastructure: A Double-Edged Sword

Trump Mobile isn’t the first branded telecom venture — FreedomPhone and Patriot Mobile treaded similar ideological ground — but it’s easily the highest-profile. With a loyal customer base and vast media reach, the adoption curve could be steep.

This raises real-world cybersecurity and IT management concerns:

Unknown back-end systems: Who actually manages the infrastructure? Will updates be timely? Are endpoints hardened?
Political branding ≠ proven security: While the patriotic packaging may appeal to users, security professionals must look past aesthetics. Is the smartphone OS locked down? Are firmware and app stores vetted?
SMB risk vector: Employees bringing in personal Trump Mobile devices into work environments could create unvetted endpoints with potential vulnerabilities — especially in regulated industries like healthcare or law.

What You Need to Know as an IT Leader

If you’re running or securing an organization — whether a law firm, clinic, school, or small business — here’s how to think about the rise of politicized mobile tech platforms:

Update your BYOD policy: If a Trump Mobile device enters your network, will you allow it? Require mobile threat defense (MTD) tools and endpoint visibility.
Assess app ecosystem & OS: If the T1 phone runs a modified Android OS, it may not receive regular Google Play Protect scans. Clarify support with users.
Train your users, not just your firewalls: Employees may assume that recognizable names equal secure tech. Educate them on verifying device integrity before connecting to corporate networks.

Closing Thought: Patriotism Isn’t a Patch

As mobile carriers multiply — and brands enter the digital space to monetize their followings — security should never take a backseat to marketing. The arrival of Trump Mobile is just the latest reminder that every device is a potential vulnerability, regardless of the flag printed on the back.

Whether it’s red, blue, or gold-plated — if it’s connected, it needs to be protected.

70% of all cyber attacks target small businesses. I can help protect yours.

#Cybersecurity #BYOD #MobileSecurity #Telecom #SmallBusinessSecurity

Tips

Cybersecurity

News

When a URL looks familiar, we let our guard down

June 16, 2025

•

20 min read

Trusted, Then Busted: Malware Masquerading Through Google.com

When a URL looks familiar, we let our guard down — and that’s exactly what cybercriminals are banking on.

A new, silent malware campaign is leveraging none other than Google.com to sneak malicious payloads past antivirus software and into your browser — undetected.

Researchers at c/side have uncovered a sophisticated attack that uses real Google OAuth URLs to bypass content filters, exploit trust, and strike at the exact moment users reach checkout pages on ecommerce websites. The result? Real-time control of your browser by hackers — all while you think you’re shopping safely.

How the Attack Works

Compromised Website: The script begins on a vulnerable Magento-based ecommerce site.
Trusted URL Abuse: It references https://accounts.google.com/o/oauth2/revoke, but with a malicious callback parameter.
Obfuscated Payload: The hidden JavaScript decodes itself using eval(atob(...)), then quietly opens a WebSocket connection.
Dynamic Control: Hackers remotely execute code — live — during your session.

Because this traffic originates from Google’s own domain, traditional antivirus tools, DNS filters, and even firewalls fail to detect it.

“The attack is invisible, conditional, and evasive. Antivirus software doesn’t even see it coming,” says the research team.

Why It Matters to SMBs, Schools, and Law Firms

Business owners could have malicious scripts running on their checkout pages without knowing.
Law firms handling sensitive client data in browsers may become easy targets during login.
Educational institutions are vulnerable to session hijacking during enrollment or portal access.

This isn’t just a phishing scam — it’s a live backdoor in your browser, triggered at your most vulnerable moments.

How to Protect Yourself and Your Business

Isolate sensitive sessions: Use a dedicated browser for financial and legal transactions.
Disable third-party scripts where not needed — especially on CMS-based platforms like Magento or WordPress.
Monitor outbound connections: Look for unusual WebSocket behavior and evaluate Content Security Policies (CSP).
Educate your team: Most users have no idea malware can come through trusted domains.

✅ Bottom Line

Don’t let trust become your weakest link. Even URLs from tech giants can be used as delivery vehicles for highly targeted browser malware.

=============================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

70% of all cyber attacks target small businesses. I can help protect yours.

#CyberSecurity #BrowserSecurity #MalwareAlert #GoogleHack #ManagedIT

News

Travel

Tips

STOP sharing locations or footage of missile or drone impact sites

June 15, 2025

•

20 min read

📵 Don’t Help the Enemy: Stop Sharing Impact Site Footage

The IDF Spokesperson has issued an urgent warning to the public:

Do not publish or share locations or footage of missile or drone impact sites.

These images and videos are actively monitored by enemy forces — including Iran and its proxies — and are used to refine and improve the accuracy of future attacks.

What may seem like a harmless post or helpful update can put lives at risk and assist the enemy in real time. Please think before you share.

⚠️ Bonus Alert: Beware of Fake Travel Sign-Up Forms

With many individuals stranded due to the ongoing Iran–Israel conflict and Ben Gurion Airport closed until at least Thursday, June 19, 2025, numerous online forms are circulating offering to arrange return travel.

Some are legitimate. Many are not.

Terror groups have been known to create fake forms to harvest:

Passport photos & numbers
Social Security data
Contact and location information
Family member details

This information can be used for tracking, fraud, or worse.

✅ Protect Yourself:

Only sign up via reputable organizations or official community sources.
Never submit sensitive data unless you’re certain the site is legitimate and secure (look for HTTPS).
When in doubt, verify with trusted agencies or local authorities.

Stay safe. Stay smart. And don’t give the enemy an advantage.

News

Tips

Security Alert - Iran-Israel Conflict

•

20 min read

⚠️ Security Alert: Be Cautious With Travel Sign-Up Forms

Due to the ongoing conflict between Iran and Israel, many individuals are currently stranded — either within Israel or abroad — and are actively seeking ways to return home. As of now, Ben Gurion Airport remains closed to air travel until at least Thursday, June 19, 2025.

In response, numerous sign-up forms are circulating online and via messaging platforms. While some are from legitimate organizations, others are from unknown or even suspicious sources.

❗ Important Warning

Terrorist groups and malicious actors have been known to mimic humanitarian efforts by creating fake forms that request sensitive personal information, including:

Location data
Passport numbers and photos
Social Security numbers
Contact and relative information
Travel plans

This data can be exploited for identity theft, targeted surveillance, or harmful operations.

✅ What You Should Do:

Only register with reputable, verified organizations you personally recognize or can confirm through trusted sources.
Check that the form is on a secure website (https://) and avoid links shared by anonymous accounts or in unverified group chats.
Be skeptical of any form requesting more information than necessary.
When in doubt, contact your embassy or consulate directly.

⚠️ Sharing your private details with an untrusted source can put you and your family at serious risk.

Stay safe, stay smart — and only trust secure, official channels.

Cybersecurity

News

Tips

Lights, Camera, Surveillance: Facial Recognition and the LA Protests

June 12, 2025

•

20 min read

👁️ Lights, Camera, Surveillance: Facial Recognition and the LA Protests

“I have all of you on camera.”

Those words from an LAPD officer hovering over Los Angeles protestors weren’t just intimidation — they were a glimpse into a surveillance system that’s growing more capable, and more controversial, by the day.

🎯 From Protest to Profile

In the wake of recent demonstrations against ICE raids in Los Angeles, the intersection of surveillance, facial recognition, and public protest has become a flashpoint.

While LAPD regulations restrict facial recognition searches to mugshot databases, federal agencies like ICE face no such limits.

Tools like Clearview AI — which scrape billions of faces from social media — can take aerial or bodycam footage and potentially match protestors with online profiles.

🛎️ Amazon Ring Enters the Scene

Amazon Ring, once marketed as a doorbell for deliveries, has quietly become a neighborhood-wide surveillance system. Though Ring no longer lets police request video directly through its Neighbors app, law enforcement can still subpoena footage — and use it to identify protestors captured near homes or businesses.

🔎 Even if you’re not being watched by police — your neighbor’s doorbell might be.

📡 Surveillance vs. Civil Liberties

The LAPD, according to internal sources, is actively reviewing footage from helicopters, fixed cameras, and bodycams — all within its legal authority. But facial recognition? That’s where the lines blur.

➡️ LAPD: Limited to mugshots

➡️ Federal agencies (like ICE): Access to social media-scraped images via Clearview AI

Meanwhile, protestors are using the same Ring platform to track ICE raids in real-time — flipping surveillance into community activism.

🧠 Why This Matters to You

Whether you’re a protestor, business owner, or concerned citizen, this story isn’t just about LA — it’s about who controls your image, your location data, and your digital footprint.

We’re entering a time when a doorbell can identify your face, a drone can trace your path.

If you haven’t discussed data privacy, smart camera policies, or employee surveillance risks with your tech provider — now is the time.

🔐 At Gigabit Systems, we help businesses and schools develop policies around:

Smart camera placement
Consent and data retention
Surveillance system segmentation
Access control and audit logs
Facial recognition opt-out and monitoring

👇 Let’s start a conversation:

Would you install a Ring camera today — knowing what it can capture?

====================================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

‍

Because 70% of all cyberattacks target small businesses—

I can help protect yours.

‍

#SurveillanceState #FacialRecognition #CyberSecurity #AmazonRing #PrivacyMatters

‍

Cybersecurity

News

$1.3M Jewelry Store Heist Highlights a Bigger Security Problem

June 12, 2025

•

20 min read

💎 $1.3M Jewelry Store Heist Highlights a Bigger Security Problem

In just five hours, thieves disabled internet, sawed through a steel safe, and vanished with $1.3 million worth of jewelry.

The overnight heist at Rick Kleinvehn Diamond Brokers in South Barrington, IL wasn’t just about jewelry. It was a warning — to every business owner who thinks alarm systems and cameras are enough.

This is a case study in cyber-physical attacks: where digital sabotage (cutting internet access) pairs with surgical physical intrusion (wet saw through reinforced steel) — and it’s becoming more common.

🧠 How It Went Down

According to the owner:

Internet to the building was cut first
A wall was breached behind the safe, bypassing visible defenses
Thieves used a wet saw and buckets of water to cool metal while cutting for hours
Over 1,000 pieces of jewelry were taken — nearly 90% of the store’s inventory
The burglars knew exactly where to find the hidden safe

👀 Evidence suggests an insider tip or prior surveillance.

📍 Why This Should Terrify More Than Jewelers

Two weeks later, a nearly identical break-in occurred in California — through a candy store wall, into a neighboring jewelry shop. Coincidence?

Maybe. But for law firms, medical clinics, private schools, and retail operations, this is a wake-up call.

Here’s the real threat:

If thieves can cut your internet, they can disable your alarms, block your cameras from syncing to the cloud, and stall panic alerts. That gives them time.

🛡 What You Can Do Today

At Gigabit Systems, we help businesses protect data, inventory, and people.

Here’s how:

✅ Internet Redundancy

Set up failover LTE or Starlink backups for alarm & surveillance continuity.

✅ Local + Cloud Video Storage

Don’t rely on cameras that only record to the cloud — use hybrid systems.

✅ Physical Penetration Testing

We can simulate physical breaches — and show you where you’re vulnerable.

✅ Smart Safes + Access Logs

Upgrade safes with multi-user biometric logging, tamper alerts, and internal audit trails.

✅ Security Awareness for Staff

Teach employees how to spot surveillance behavior and social engineering tactics.

🎯 Bottom Line

This wasn’t a smash-and-grab. It was coordinated, patient, and precise. And as businesses rely more on cloud-connected devices, hybrid threats will keep rising.

👇 Comment if you’ve reviewed your security plan in the last 12 months.

🔁 Share this with your ops manager or facilities lead.

====================================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

‍

Because 70% of all cyberattacks target small businesses—

I can help protect yours.

‍

#PhysicalSecurity #CyberSecurity #BusinessContinuity #HybridThreats #RetailSecurity

‍

Cybersecurity

News

Tips

Samsung Issues Critical Warning: Restart Your Phone — Every Day

June 9, 2025

•

20 min read

📱 Samsung Issues Critical Warning: Restart Your Phone — Every Day

If you use a Samsung Galaxy — or manage employees who do — it’s time to rethink how often you reboot.

Samsung is urging all Galaxy users to restart their phones daily as a new wave of Android-targeted attacks continues to gain traction. And this isn’t just about performance — it’s becoming a core part of mobile cyber hygiene.

At Gigabit Systems, we help clients secure not just desktops and servers, but phones too — because increasingly, they’re the front lines of cyberattacks.

‍

🛡 Why Restarting Matters for Security

Zero-click attacks — exploits that don’t require the user to tap, download, or click anything — are on the rise.

These often exploit:

Messaging app vulnerabilities (iMessage, WhatsApp, RCS)
Background processes in Android or iOS
Forensic tools used by law enforcement or criminal actors to extract data silently

🧠 Rebooting clears temporary memory, disrupts malware persistence, and forces background apps to reload securely.

“Rebooting your phone daily is your best defense against zero-click attacks.”

— Ricky Cole, iVerify

🔄 What Samsung Recommends

Samsung now officially encourages daily restarts of all Galaxy devices.

📲 You can even automate restarts in device settings:

Go to Device Care > Auto Optimization
Toggle “Auto restart when needed”
Schedule for nighttime or low-use hours

This can help:

Stop freezing and lag (yes, that too)
Clear session-based exploits
Close unauthorized persistent connections

📣 Why It Matters for Your Business

If your employees use BYOD smartphones to access work email, Teams, or patient/client records — this isn’t optional anymore.

✅ We recommend:

Enabling mobile endpoint protection (e.g., Microsoft Defender for Endpoint or Lookout)
Enforcing auto-restart policies via MDM (Intune, Jamf, etc.)
Requiring app isolation for business-critical tools (e.g., Outlook, Teams, Google Workspace)
Educating staff on zero-click threats and mobile security hygiene

🧠 Mobile Is the New Attack Surface

It’s not just laptops and desktops anymore. Phones hold:

MFA codes
Password vaults
Secure notes
Business communications
Customer data

A compromised device can open the door to account takeovers, data leaks, and business email compromise.

👇 Comment if your org has a mobile policy.

🔁 Share this with anyone managing devices, even for a small team.

====================================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

Because 70% of all cyberattacks target small businesses—

I can help protect yours.

‍

#CyberSecurity #MobileSecurity #ZeroClickAttack #AndroidTips #ManagedITServices

‍

Cybersecurity

News

Tips

What ChatGPT Knows About You — And How to Make It Forget

June 7, 2025

•

20 min read

🧠 What ChatGPT Knows About You — And How to Make It Forget

Think of ChatGPT as a brilliant digital assistant with a perfect memory — sometimes too perfect.

It can remember where you live, what you’re researching, and what’s going on in your personal life… all from casual chats.

But what if you didn’t want it to?

This post breaks down:

What ChatGPT remembers about you
How to view and delete that data
How to use ChatGPT privately and securely

🔍 How ChatGPT Collects and Remembers Personal Info

When you chat with ChatGPT while logged in, it stores “memories” to personalize future responses. This includes:

Where you live
Your profession
Projects you’re working on
Family or health details you’ve voluntarily shared

You’ll sometimes see an “Updated saved memory” label in chat — that’s your cue that the AI just learned something new about you.

🧾 How to See What ChatGPT Knows About You

Just ask:

What do you know about me?

If you’re logged in, ChatGPT will list what it’s remembered — and even offer to forget or update anything.

🧹 How to Delete or Manage ChatGPT’s Memory

To fully manage your stored data:

Click your profile icon > Settings
Go to Personalization > Manage memories
Delete individual items using the bin icon
Or click Delete All to wipe everything

📌 Pro Tip: Just asking the chatbot to forget isn’t always effective. Use the settings panel for full control.

🔒 How to Use ChatGPT Confidentially

If you want to discuss something sensitive (business strategy, health issues, finances), use Temporary Chat Mode:

🟢 Click the dotted speech bubble icon (next to your profile picture)

🟢 This starts a memory-free session — nothing is saved

🟢 But remember: once you leave, you can’t return to that chat

🔐 Secure Your ChatGPT Account

If your ChatGPT account stores personal info, you should lock it down just like your email or bank login.

Do this now:

Go to Settings > Security
Enable Multi-Factor Authentication (MFA)
Use apps like Authy or Google Authenticator for added protection

🔐 That way, even if someone steals your password, they can’t access your AI data.

Why This Matters for Businesses

At Gigabit Systems, we help SMBs, law firms, and healthcare teams use AI responsibly.

⚠️ If your team is feeding client names, PHI, passwords, or legal notes into AI tools — you need to understand how memory works.

We offer:

AI policy guidance
Staff training on secure usage
ChatGPT configuration support for business
MFA + privacy audits

🔁 Share this with a colleague who chats with ChatGPT regularly.‍

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

Because 70% of all cyberattacks target small businesses—

I can help protect yours.

‍

#DataPrivacy #ChatGPT #AIPrivacy #CyberSecurity #ManagedITServices

‍