Latest Insights on BarberaIT News | BarberaIT

Security Report – 30 Jan 2026

BarberaIT — Tue, 03 Feb 2026 04:51:41 +0000

Cybercriminals never stand still, constantly reinventing their tactics to exploit trust, familiarity and human instinct. INKY continues to observe threat actors weaponising cloud email platforms and voice‐based social engineering to bypass security controls. A recent example is a phishing campaign that sent hundreds of emails from a compromised SendGrid account linked to OpenAI to issue fraudulent invoices. The OpenAI invoice scam demonstrates how attackers leverage legitimate cloud email services and voice‑based social engineering to bypass security controls. By sending an invoice‑themed email through SendGrid, criminals ensured the message passed SPF/DKIM/DMARC checks and appeared trustworthy. The absence of malicious links allowed the email to evade URL filters, while the urgent call‑to‑action prompted the recipient to contact a scammer who then sought remote access.

Callback phishing is part of a broader trend in which attackers weaponise trusted platforms and remote‑support tools. Advanced email security, vigilance, user education and rigorous verification through official channels remain the most effective defenses against this evolving threat.

Recent Breaches

Australia – Victorian Department of Education – Education

Exploit: Hacking

Risk to Business: Moderate: The Department of Education in Victoria, Australia, has confirmed a data breach that affected current students and inactive past student accounts across more than 1,700 government schools. On January 14, the department said an unauthorised third party breached a school’s network. A follow-up update on January 21 confirmed that the attacker accessed a Department of Education database containing student information. The exposed data includes student and school names, year levels and department-issued email addresses with encrypted passwords. The department stated that no other student data, such as dates of birth, home addresses, phone numbers or family details, was accessed. At this stage, there is no evidence that the data has been publicly released or shared with third parties. The Office of the Victorian Information Commissioner (OVIC) has launched an investigation into the incident.

United States – The Illinois Department of Human Services – Healthcare

Exploit: Hacking

Risk to Business: Moderate: The Illinois Department of Human Services (IDHS) confirmed a data breach that exposed sensitive records of roughly 700,000 individuals, marking one of the largest public-sector breaches in 2026. According to the agency, the breach exposed two separate sets of records. The first involves personal and program-related data tied to more than 672,000 Medicaid and Medicare Savings Program recipients, including addresses, case numbers, demographic details and medical assistance plan names. A second set of records affected around 32,000 customers of the Division of Rehabilitation Services, exposing names, addresses, case details and referral information spanning multiple years. IDHS said the investigation into the incident is ongoing, and officials are still working to determine how the intrusion occurred and whether additional data may have been accessed.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Robert Brown
30/1/2026

The post Security Report – 30 Jan 2026 appeared first on Barbera IT.

The Server Refresh Deadline for Windows Server 2016

BarberaIT — Wed, 28 Jan 2026 01:00:00 +0000

Time moves fast in the world of technology, and operating systems that once felt cutting-edge are becoming obsolete. With Microsoft having set the deadline for Windows Server 2016 End of Support to January 12, 2027, the clock is ticking for businesses that use this operating system. Once support ends, Microsoft will no longer provide security updates or patches, leaving your business systems vulnerable. It’s not just about missing new features, continuing to use unsupported software significantly increases the risk of cyberattacks. If your systems are still on Windows Server 2016, now is the time to plan your upgrade. With about a year until support ends, waiting until the last minute can lead to rushed decisions and higher costs.

Understanding the Security Implications

When support ends, the protection provided by security updates and patches disappears, as Microsoft will no longer fix bugs or vulnerabilities. Hackers often target unsupported systems, knowing any new exploits will go unpatched and open the door to attacks. Legacy systems put IT administrators in a tough spot. Without vendor support, defending against threats becomes nearly impossible, compliance with industry regulations is compromised, and running unsupported software can lead to failed audits. Additionally, customer data on servers running this operating system is vulnerable to theft and ransomware. The cost of a breach far outweighs the cost of upgrading. Using unsupported systems is like driving a faulty, uninsured car, failure is inevitable. The question isn’t if it will happen, but when.

The Case for Cloud Migration

Businesses can either buy new servers or migrate to the cloud. New hardware is expensive and locks you into fixed capacity for years. Cloud platforms like Azure and AWS offer scalable resources, pay‑as‑you‑go pricing, better reliability, and built‑in infrastructure management. This frees your IT team to focus on strategic work instead of hardware maintenance.

Analyse Your Current Workloads

Before moving to the cloud, it’s essential to know what you’re working with. Take inventory of all applications running on your Windows Server 2016 machines. While some are cloud-ready, others may need updates or reconfiguration. Identify which workloads are critical to your daily operations and prioritise them in your migration plan. You may also discover applications you no longer need, making this an ideal time to streamline and clean up your environment. When in doubt, consult with your software vendors to confirm compatibility, as they might have specific requirements for newer operating systems. Gathering this information early helps you to avoid surprises during the actual migration.

Plan a Phased Migration

Avoid “big bang” transitions. Move low‑risk workloads first, then gradually migrate higher‑impact systems. Set a timeline well ahead of the support deadline and communicate clearly with staff to prevent confusion and downtime.

Test and Validate

After migrating each workload, confirm that applications run correctly, users can access data, and performance meets expectations. Adjust cloud resources as needed for optimal speed. The summarised steps for a successful migration include:

Audit all current hardware and software assets
Choose between an on-premise upgrade or a cloud migration
Back up all data securely before making changes
Test applications thoroughly in the new environment
Do not declare victory until users confirm everything is working

The Cost of Waiting

Ignoring the end of support deadline is not a viable strategy. Some businesses hope to delay until the last minute and then rush a migration, but this is extremely risky. Cybercriminals constantly target outdated, vulnerable systems, often using automated bots to scan for weaknesses. If you continue using Windows Server 2016 past the extended support dates, you may need to purchase ‘Extended Security Updates.’ While Microsoft offers this service, it is extremely costly, and the price rises each year, making it more a penalty for delay than a sustainable long-term solution.

Take Action Now

With Windows Server 2016 reaching end of support, upgrading is essential. Whether you choose new hardware or the cloud, acting now protects your data and modernises your infrastructure. If you need help planning or migrating, we specialise in smooth, secure upgrades—reach out today to get started.

Robert Brown
28/1/2026

The post The Server Refresh Deadline for Windows Server 2016 appeared first on Barbera IT.

How AI Is Changing Cybercrime

BarberaIT — Tue, 09 Dec 2025 01:00:00 +0000

Artificial Intelligence (AI) is no longer just a tool for innovation – it’s now a weapon in the hands of cybercriminals. In 2026, AI-driven attacks will become faster, smarter, and more scalable than ever before, creating a new era of cyber threats that challenge traditional security measures.

The AI Revolution in Cybercrime

AI has fundamentally reshaped the economics of cybercrime. What once required skilled hackers and weeks of manual effort can now be executed in hours—or even minutes—by automated systems. Here’s how AI is changing the game:

1. AI-Powered Phishing and Social Engineering

Phishing emails used to be easy to spot—poor grammar, generic greetings, and suspicious links. Not anymore. AI now crafts hyper-personalised phishing campaigns that mimic corporate communication styles and even replicate entire email threads. Attackers scrape social media and company data to create messages that feel authentic, increasing click-through rates dramatically.
Deepfake technology adds another layer of deception, enabling voice and video impersonations of executives during live calls to authorise fraudulent transactions. In one real-world case, a finance worker was tricked into transferring $25 million after attending a video conference populated entirely by AI-generated deepfakes of senior executives.

2. Adaptive, Self-Evolving Malware

Traditional malware relies on static code, making it easier to detect. AI-powered malware, however, learns and adapts in real time. It analyses security measures, rewrites its own code, and changes behaviour to evade detection. Google reported malware strains like PROMPTFLUX and PROMPTSTEAL that use large language models to autonomously generate new malicious scripts every time they run. This means signature-based antivirus tools are becoming obsolete. Attackers can now deploy polymorphic malware and fileless attacks that slip past traditional defences as if they weren’t even there.

3. Deepfake-Enabled Cyberattacks

Deepfakes have moved beyond social media pranks—they’re now a serious cybersecurity threat. Artificial Intelligence (AI) generated audio and video can impersonate CEOs, government officials, or trusted partners with alarming accuracy. In 2025, 85% of organisations reported at least one deepfake-enabled incident, with average losses exceeding $280,000 per attack. These attacks bypass voice authentication systems and exploit trust at scale, making them one of the fastest-growing cybercrime tactics.

4. Autonomous AI Agents

The rise of agentic AI—autonomous systems capable of planning and executing complex tasks—has lowered the barrier to entry for cybercrime. Anthropic’s recent report revealed that attackers used AI agents to automate up to 90% of a cyber espionage campaign, performing reconnaissance, exploitation, and data exfiltration with minimal human oversight.
This shift means even low-skilled criminals can launch sophisticated attacks, dramatically increasing the volume and impact of cybercrime worldwide.

Why This Matters for Businesses and Individuals

The consequences of AI-driven cybercrime are severe:

Financial Losses: Global cybercrime costs are projected to hit $24 trillion by 2027.
Data Breaches: AI accelerates zero-day exploitation, making patching cycles dangerously slow.
Reputational Damage: Deepfake scams and synthetic identity fraud erode trust in digital communications.

Artificial Intelligence (AI) has supercharged cybercrime, turning traditional threats into highly adaptive, scalable attacks. But the same technology can empower defenders—if organisations act now. Building resilience means combining AI-driven security tools, human expertise, and robust governance frameworks to stay ahead in this arms race.

Talk to a BarberaIT team member today about implementing an Artificial Intelligence (AI) strategy plan for your business.

Robert Brown
26/11/2025

The post How AI Is Changing Cybercrime appeared first on Barbera IT.

Shop Safer This Holiday Season

BarberaIT — Tue, 09 Dec 2025 01:00:00 +0000

Have you ever been concerned about your credit card or personal data getting stolen while shopping online? You’re not alone. Each holiday season, as millions of shoppers flock online for convenience, hackers ramp up their activity. The Federal Trade Commission (FTC) has warned that scammers often create fake shopping websites or phishing emails to steal consumers’ money and personal information, especially during the holidays. If you’re planning to shop this holiday season, now is the perfect time to boost your online security. Two simple tools, password managers and virtual cards, can make a big difference. But how exactly? This article will show you how to use them to enjoy zero-risk online holiday shopping.

Why People Prefer Password Managers and Virtual Cards for Online Shopping

Shopping online is quick, easy, and often cheaper than going to physical stores. However, it is fraught with security risks. Many people now use password managers and virtual cards for safer transactions. A password manager creates and keeps complicated, distinct passwords for all accounts. This minimises the chance of unauthorised access and theft. The Cybersecurity and Infrastructure Security Agency (CISA) recommends using password managers to reduce password reuse and protect sensitive data from hackers. Virtual cards also add an extra layer of protection when shopping online. Although the card numbers are linked to your real credit or debit card account, the merchant never sees your card details. This helps prevent identity theft and financial fraud.

Tips for Using Password Managers and Virtual Cards for Zero-Risk Holiday Shopping

Before you start adding items to your cart, the safety of your money comes first. Here are smart ways to use these tools to improve online security during the holidays.

Choose a Reputable Password Manager

Select a trusted provider with strong encryption and a solid reputation. Popular options include 1Password, Dashlane, LastPass, and Bitwarden. Fake versions are everywhere, so make sure you only download from the official website or app store.

Create a Strong Master Password

Your master password protects all your other passwords and should be the most secure. “Secure” means making it unusual and not something that can be guessed. You can achieve this by combining letters, numbers, and special characters.

Turn On Two-Factor Authentication (2FA)

2FA adds another protection step by requiring two verification steps. Besides your password, you can choose to receive a verification code on your phone. Even if hackers steal your password, they can’t access your account without your verification code.

Generate Virtual Cards for Each Store

Set up a separate virtual card for each online retailer, many banks and payment apps offer this feature. That way, if one store is compromised, only that temporary card is affected, your main account stays safe.

Track Expiration Dates and Spending Limits

Virtual cards often expire after a set time or after one purchase. This is good for security, but make sure your card is valid before placing an order. Set spending limits as well, as this helps with holiday budgeting and prevents unauthorised charges.

Shop Only on Secure Websites

Be sure to purchase only from websites you are familiar with. Don’t shop from any link in an advertisement or email. You may end up on phishing sites that target your information. The URL of a safe site starts with “https://.” Also, pay attention to data encryption. Look for the padlock symbol on your browser address bar. This indicates that the site has employed SSL/TLS encryption, which encrypts data as it is passed between your device and the site.

Common Mistakes to Avoid for Safer Online Shopping

Even with the best security tools, simple mistakes can put your data at risk. Developing strong security awareness is key to safer online habits. Here are some common pitfalls to watch out for when shopping:

Reusing Passwords

One hacked password can put all your accounts at risk. Keep them safe by using a different password for every site, your password manager makes it easy.to generate and store strong, distinct passwords for each one.

Using Public Wi-Fi for Shopping

Hackers can easily monitor public Wi-Fi networks, making them unsafe not just for shopping but for any online activity. To protect your data, avoid using Wi-Fi in coffee shops, hotels, or airports for online shopping. Instead, stick to your mobile data or a secure private network.

Ignoring Security Alerts

Many people overlook alerts about unusual activity but ignoring them can be risky. If your bank, password manager, or virtual card provider alerts you to suspicious activity, act immediately. Follow their instructions to protect your data, for example, changing your password and reviewing recent transactions for any signs of fraud.

Saving Card Details in Your Browser

While browsers allow card information to be saved, it is less secure than virtual cards. If hackers access your browser, your saved cards are compromised.

The holidays should be about celebration, not about worrying over hacked accounts or stolen card details. Using tools like password managers and virtual cards lets you take control of your online shopping security. These tools make password management easier, protect you from phishing scams, and add extra protection against cybercriminals. As you look for the best holiday deals, include security in your shopping checklist. Peace of mind is the best gift you can give yourself. Need help improving your cybersecurity before the holiday rush? We can help you protect your data with smarter, easy-to-use security solutions. Stay safe, stay secure, and shop online with confidence this season. Contact us today to get started.

Robert Brown
12/11/2025

The post Shop Safer This Holiday Season appeared first on Barbera IT.

Essential Tips For Cyber Hygiene in 2026

BarberaIT — Mon, 08 Dec 2025 01:00:00 +0000

Cyber hygiene is super important. It’s like brushing your teeth but for your online life. Good cyber habits help keep you safe from hackers on the internet. Let’s check some easy ways to stay safe online in 2026.

What is Cyber Hygiene?

Cyber hygiene means the care you give to your online stuff. This includes keeping your devices and information clean and safe. Washing your hands stops germs. Good cyber behaviour stops digital germs like viruses and hackers.

Why is it Important?

Criminals online always try new tricks to get your info or mess up your gadgets. Good cyber hygiene stops them. It keeps your stuff private and your devices working well.

How Can You Improve Your Passwords?

Passwords are like keys to your online home. You want them to be strong. Here are some tips:

Use Long Passwords Longer passwords are harder to guess. Try using a sentence. For example, “I love eating pizza on Fridays!” is a good password.
Mix it Up Use different types of characters. Mix in numbers, symbols, and both big and small letters. “I<3EatingPizza0nFridays!” is even better.
Don’t Reuse Passwords Use a unique password for each account. If someone steals one, the others stay safe.

Why Should You Update Your Software?

Updating your software is like getting a flu shot. It protects you from new threats. Here’s why it’s important:

Fix Security Holes Updates usually fix problems in your software. These are holes that bad guys can use to get in. Updating closes these holes.
Get New Features Updates can also give you new cool stuff. Your apps may work better or do more things.
Set Automatic Updates Turn on automatic updates when you can. Then you don’t have to remember to do it.

How Does Two-Factor Authentication Work?

Two-factor authentication is like putting two locks on your door. It makes it harder for bad guys to break in. Here’s how it works:

What is 2FA? 2FA needs two things to prove it’s you. Usually, one thing is your password. The second thing might be a code sent to your phone or your fingerprint.
Why Use 2FA? If someone steals your password, they still can’t get in. They don’t have the second thing. It’s much safer.
Where to Use 2FA Use 2FA on all your important accounts. These include email, banking, and even social media.

Are You Being Careful on Public Wi-Fi?

Public Wi-Fi can be very dangerous. It’s like yelling in a crowded place. Anyone could listen. Here’s how to stay safe:

Using a VPN A VPN is like a secret tunnel to the internet. It keeps your information private, even on public Wi-Fi.
Avoid Sensitive Tasks Don’t do banking or shopping on public Wi-Fi. Wait until you’re on a safe network.
Turn Off Auto-Connect Don’t let your device connect to any Wi-Fi network by itself. It might connect to a fake, bad network.

How To Identify Phishing Scams?

Phishing is when a bad guy tries to trick you into giving away your information. It’s like a fake fisherman trying to catch you. Here’s how to avoid the hook:

Check the Sender Look closely at who sent the message. Scammers often use names that look real but aren’t.
Don’t Click Suspicious Links If a link looks weird, don’t click it. Move your mouse over it to see where it really goes.
Be Wary of Urgent Messages Scammers often say you need to act fast. Real companies rarely do this.

Are You Backing Up Your Data?

Backing up is like making copies of your important papers. If something bad happens, you don’t lose everything. Here’s why it’s important:

Against Ransomware Ransomware can lock up your files. With backups, you can tell them to go away.
Recover from Accidents Sometimes we delete things by mistake. Backups let you get them back.
Use the 3-2-1 Rule Keep 3 copies of your data, on 2 different types of storage, with 1 copy off-site.

How Often Should You Review Your Privacy Settings?

Your privacy settings are like curtains on your windows. They let you control what others see. Check them often:

Schedule It Check your privacy settings every few months. Write it down so you don’t forget.
Check All Your Accounts Don’t forget about old accounts. If you don’t use them, close them.
Limit What You Share Only share what you need to. The less you share, the safer you are.

Are You Teaching Your Family About Cyber Safety?

Cyber safety is for everyone in your family. It’s like teaching kids to look both ways before crossing the street. Here’s how to spread the knowledge:

Make it Fun Use games or tell stories to teach about cyber safety. It’s easier to remember that way.
Lead by Example Show good cyber habits to your family. They learn by watching you.
Talk About Online Experiences Have open talks about what happens online. That keeps everyone in your house safe.

Want to Level Up Your Cyber Hygiene?

Good cyber hygiene protects you from online bad guys in 2026. Use strong passwords, update your software, and be careful on public Wi-Fi. Watch out for phishing scams. Always back up your data. Check your privacy settings and teach your family about online safety. Want to know more about staying safe online? We can help! Contact us for more tips on cyber hygiene. Let’s make your online life easier and safer together!

Robert Brown
08/12/2025

The post Essential Tips For Cyber Hygiene in 2026 appeared first on Barbera IT.

Data Security Trends to Prepare for in 2026

BarberaIT — Mon, 08 Dec 2025 01:00:00 +0000

With cyber threats evolving at an alarming pace, staying ahead of the curve is crucial. It’s a must for safeguarding sensitive information. Data security threats are becoming more sophisticated and prevalent. The landscape must change to keep up. In 2026, we can expect exciting developments in data security trends alongside persistent challenges. Over 70% of business professionals say their data privacy efforts are worth it. And that their business receives “significant” or “very significant” benefits from those efforts. Staying informed about these trends is crucial. This is true whether you’re an individual or a business safeguarding valuable data. Here are some key areas to watch.

The Rise of the Machines: AI and Machine Learning in Security

Artificial intelligence (AI) and machine learning (ML) are no longer futuristic concepts. They are actively shaping the cybersecurity landscape. This year, we’ll likely see a further rise in their application:

Enhanced Threat Detection: AI and ML algorithms excel at analysing massive datasets. This enables them to identify patterns and anomalies that might escape human notice. This translates to a quicker detection of and reaction to potential cyber threats.

Predictive Analytics: AI can predict potential vulnerabilities and suggest proactive measures. It does this by analysing past cyberattacks and security incidents.

Automated Response: AI can go beyond detection and analysis. Professionals can program it to automatically isolate compromised systems. As well as block malicious activity and trigger incident response procedures. This saves valuable time and reduces the potential impact of attacks.

AI and ML offer significant benefits. But it’s important to remember they are tools, not magic solutions. Deploying them effectively requires skilled professionals. Experts who can interpret the data and make informed decisions.

Battling the Ever-Evolving Threat: Ransomware

Ransomware is malicious software that encrypts data and demands a ransom for decryption. It has been a persistent threat for years. Unfortunately, it’s not going anywhere in 2026. Hackers are constantly refining their tactics, targeting individuals and businesses alike. Here’s what to expect:

More Targeted Attacks: Hackers will likely focus on meticulously selecting high-value targets. Such as critical infrastructure or businesses with sensitive data. They do this to maximise their impact and potential payout.

Ransomware-as-a-Service (RaaS): This enables those with limited technical expertise to rent ransomware tools. This makes it easier for a wider range of actors to launch attacks.

Double Extortion: Besides encrypting data, attackers might steal it beforehand. They then may threaten to leak it publicly if the ransom isn’t paid, adding pressure on victims.

Shifting Strategies: Earlier Data Governance and Security Action

Traditionally, companies have deployed data security measures later in the data lifecycle. For example, after data has been stored or analysed. But a new approach towards earlier action is gaining traction in 2026. This means:

Embedding Security Early On: Organisations are no longer waiting until the end. Instead, they will integrate data controls and measures at the start of the data journey. This could involve setting data classification levels. As well as putting in place access restrictions. They will also be defining data retention policies early in the process.

Cloud-Centric Security: More organisations are moving towards cloud storage and processing. As they do this, security solutions will be closely integrated with cloud platforms. This ensures consistent security throughout the entire data lifecycle.

Compliance Focus: Data privacy regulations like GDPR and CCPA are becoming increasingly stringent. As this happens, companies will need to focus on data governance to ensure compliance.

Building a Fortress: Zero Trust Security and Multi-Factor Authentication

We’re in a world where traditional perimeter defenses are constantly breached. This is why the “Zero Trust” approach is gaining prominence. This security model assumes that no user or device is inherently trustworthy. Users and programs need access verification for every interaction. Here’s how it works:

Continuous Verification: Every access request will be rigorously scrutinised. This is regardless of its origin (inside or outside the network). Systems base verification on factors like user identity, device, location, and requested resources.

Least Privilege Access: Companies grant users the lowest access level needed to perform their tasks. This minimises the potential damage if hackers compromise their credentials

Multi-Factor Authentication (MFA): MFA adds an important extra layer of security. It requires users to provide extra factors beyond their password.

When Things Get Personal: Biometric Data Protection

Biometrics include facial recognition, fingerprints, and voice patterns. They are becoming an increasingly popular form of authentication. But this also raises concerns about the potential for misuse and privacy violations:

Secure Storage Is Key: Companies need to store and secure biometric data. This is ideally in encrypted form to prevent unauthorised access or breaches.

Strict Regulation: Expect governments to install stricter regulations. These will be around the collection, use, and retention of biometric data. Organisations will need to ensure they adhere to evolving standards. They should also focus on transparency and user consent.

How to Prepare for Evolving Data Security Trends

Feeling a bit overwhelmed? Don’t worry, here are some practical steps you and your organisation can take:

Stay Informed
Invest in Training
Review Security Policies
Embrace Security Technologies
Test Your Systems

The data security trends of 2026 promise to be both intriguing and challenging. We can help you navigate this evolving terrain with confidence. A data security assessment is a great place to start. Contact us today to schedule yours.

Robert Brown
08/12/2025

The post Data Security Trends to Prepare for in 2026 appeared first on Barbera IT.

Common Cyber Threats in 2026

BarberaIT — Mon, 08 Dec 2025 01:00:00 +0000

In 2026, cyber threats are in almost every nook and corner. They might be with the intent to destroy computers, steal data, or take money. Understanding what they are and how protection against them works will come in handy.

What Are the Most Common Cyber Threats?

They come in so many forms, some old, some new, and very tricky. Here are some of the most common ones you should know about.

Phishing Attacks Phishing attacks will always be in vogue. They make you give away your personal data. It may involve a phony message or fake websites. Always check the sender’s email address. Do not click on suspicious links.

Ransomware Ransomware locks your files and demands money to unlock them. It can spread through email attachments or unsafe downloads. Keep your software updated and back up your files regularly.

Malware Malware is bad software that may cause damage to your computer. It can steal data or spy on you. Use antivirus software and avoid downloading files from unknown sources.

How Can You Protect Yourself Online?

Safety online is important. Here are some simple steps to take to protect yourself from cyber threats.

Use Strong Passwords Use strong and unique passwords for each account. A strong password includes letters, numbers, and symbols. Change your password regularly.

Enable Two-Factor Authentication Two-factor authentication is an added layer of security. When it is in place, one has to take an extra step to log in-for example, getting a code on one’s phone. Whenever possible, turn that on.

Be Careful with Public Wi-Fi Public Wi-Fi is not secure. It is easy for hackers to hack into the data of people who use public networks. Always connect your VPN when using any public Wi-Fi network.

Why is Cybersecurity Important for Everyone?

Cybersecurity doesn’t only apply to big corporations. Everyone should be knowledgeable about cyber threats and their prevention techniques.

Protect Personal Information Your personal information is worth something. Cybercriminals can use it for identity theft or fraud. Be careful about what you share online.

Secure Financial Transactions Online banking and shopping are convenient but risky if not done securely. Use secure websites and monitor your accounts regularly for any suspicious activity.

What Should You Do If You Are a Victim of a Cyber Attack?

Sometimes, despite all precautions, you may still become the victim of a cyber attack. Knowing your next step is paramount.

Report the Incident An immediate report of the cyber attack should be made to the authorities. This could help in investigations and reduce damage.

Change Your Passwords Immediately change all your passwords if you suspect a breach. This prevents further unauthorised access to your accounts.

How Will Cyber Threats Evolve in the Future?

Cyber threats will continually change with emerging technologies. It’s recommended to stay up-to-date on new threats for better protection.

AI-Powered Attacks Cybercriminals will leverage artificial intelligence for more sophisticated attacks. AI supports them in selecting the right victims.

Internet of Things (IoT) Vulnerabilities There are more and more devices connecting via the internet. They start to become the main targets of hackers. Make sure that all devices have updated security measures on them.

Cyber threats are real and growing every day. In this digital age, it is very important to protect yourself online. For more tips on staying safe online, contact us today! We are here to help you keep your digital life secure.

Robert Brown
08/12/2025

The post Common Cyber Threats in 2026 appeared first on Barbera IT.

Security Report – 28 Nov 2025

BarberaIT — Fri, 28 Nov 2025 02:56:34 +0000

Many SMBs think they have a security problem, but the real issue is a fragmented software suite—a mix of disconnected applications added over time. Each tool solves a single problem, but together they create complexity, gaps in protection, and higher costs.

The answer isn’t piling on more products. It’s choosing a concise, best-of-breed product suite that delivers comprehensive cybersecurity without unnecessary overlap. A well-integrated suite reduces complexity, saves time, and closes gaps between systems. Your IT provider can work efficiently, respond faster, and focus on proactive risk management instead of constant firefighting.

For business owners, a unified suite means better visibility and control. Threats, compliance, and performance can be tracked, making planning and resource allocation easier. The result? Stronger security, simpler operations, and a business that moves faster and stays safer.

Recent Breaches

Korea – LG Energy Solution – Energy & Natural Resources

Exploit: Ransomware & Malware

Risk to Business: Moderate: LG Energy Solution, a subsidiary of Korean multinational LG, has confirmed that it experienced a ransomware attack. According to the company, the attack targeted one specific overseas facility and did not impact its headquarters or other global sites. LG Energy Solution said the affected location has since returned to normal operations after recovery measures were implemented. The company is continuing security monitoring and conducting an internal investigation as a precaution. Meanwhile, the Akira ransomware gang has added LG Energy Solution to its leak site, claiming it stole 1.7 TB of data. The group claims the cache contains corporate documents, employee information databases and other sensitive files. According to the Federal Bureau of Investigation (FBI), Akira has already amassed more than $244 million in ransomware proceeds to date.

United States – International Game Technology (IGT) – Media, Sports & Entertainment

Exploit: Ransomware & Malware

Risk to Business: Moderate: International Game Technology (IGT), a global leader in digital gaming, sports betting and fintech solutions for casinos and online platforms, confirmed a significant cybersecurity incident on November 17. In a filing with the U.S. Securities and Exchange Commission (SEC) last Tuesday, the company reported experiencing operational disruptions following unauthorised access to its internal IT systems and applications. IGT stated that it immediately activated its incident response (IR) plan and launched an investigation with support from external advisors. While the company did not disclose the nature of the attack, taking systems offline is a common response to ransomware activity. Meanwhile, the Qilin ransomware gang has added IGT to its dark web leak site, claiming it stole 10 GB of data — an estimated 21,600 files. Although the group did not publish sample data, it labeled the archive as “publicated,” suggesting the stolen files may already be circulating online.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Robert Brown
28/11/2025

The post Security Report – 28 Nov 2025 appeared first on Barbera IT.

Security Report – 14 Nov 2025

BarberaIT — Fri, 14 Nov 2025 00:47:33 +0000

Modern businesses now operate almost entirely in the cloud. From productivity suites like Microsoft 365 and Google Workspace to CRMs and accounting platforms, organisations rely heavily on SaaS applications to power their most critical business operations. For MSPs, this means your clients’ data no longer lives behind a secure firewall. It’s scattered across dozens of SaaS apps and potentially exposed to dozens of risks. As more organisations move toward a cloud-first IT strategy, SaaS applications have become prime targets for cybercriminals. As SaaS threats evolve, MSPs must continuously refine their security strategies and align their services to better protect clients. Staying ahead of today’s risks requires layered, automated and proactive defense.

Recent Breaches

North America – Booking.com – Hospitality & Leisure

Exploit: Phishing

Risk to Business: Severe: A large-scale phishing campaign is targeting the global hospitality industry, with attackers aiming to gain unauthorized access to hotel booking platforms, including Booking.com. In this campaign, hotel managers are being tricked into visiting ClickFix-style phishing pages that steal their login credentials and install PureRAT ransomware. Attackers use compromised email accounts to send convincing spear-phishing messages that impersonate legitimate booking platforms. Once hotel staff click on these links, they will be redirected to malicious websites that will install ransomware and harvest credentials. Active since April 2025, this operation is part of a growing trend of phishing attacks on hotel booking systems. Threat actors either sell stolen booking platform accounts on cybercrime forums or use them to send fraudulent emails to hotels and guests, thereby committing financial fraud.

United States – The University of Pennsylvania – Education

Exploit: Hacking

Risk to Business: Moderate: The University of Pennsylvania confirmed a massive data breach on November 5, which exposed the personal information of students, alumni, staff and community affiliates. The breach reportedly exposed more than 1.2 million records. The cyber incident came to light on October 31, when several members of the Penn community received emails claiming to be from the university’s Graduate School of Education (GSE). The university later confirmed that certain systems linked to its development and alumni activities had been compromised. The stolen data includes personally identifiable information (PII) — some of which dates back decades — along with banking details. However, the university said that no medical information was involved in the breach. According to Penn, the attack began with a social engineering scam. After learning of the incident, university staff quickly locked down the affected systems but were unable to prevent the fraudulent emails from being sent or the sensitive information from being stolen.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Robert Brown
14/11/2025

The post Security Report – 14 Nov 2025 appeared first on Barbera IT.

Security Report – 7 Nov 2025

BarberaIT — Fri, 07 Nov 2025 05:44:56 +0000

Phishing continues to be one of the most dreaded cybersecurity risks facing businesses today. According to the 2026 Kaseya Cybersecurity Outlook Report, nearly half (49%) of businesses have been impacted in the last 12 months alone. Phishing-as-a-Service platforms and ready-to-use phishing kits make it easier for even less tech-savvy individuals with malicious intent to launch phishing attacks at scale. Additionally, AI-powered phishing campaigns are more dangerous, sophisticated and harder to spot. Without proper education and training, employees may struggle to distinguish genuine emails from phishing scams. Even with regular awareness training, some users consistently fall for phishing simulations. In real-world scenarios, such risky behaviors can put the entire organisation at risk.

Recent Breaches

Australia – Ansell – Manufacturing

Exploit: Third-Party Data Breach

Risk to Business: Severe: Clop, the notorious cyber extortion group behind several high-profile breaches, has listed Australian personal protective equipment (PPE) manufacturer Ansell as a victim on its darknet leak site. The claim comes just weeks after Ansell disclosed “unauthorised data access” in an Australian Securities Exchange (ASX) announcement. On October 14, Ansell confirmed the breach stemmed from vulnerabilities in licensed third-party software. The hackers have now allegedly published a 552GB dataset that is said to have been exfiltrated from Ansell’s network, sharing it via the BitTorrent peer-to-peer protocol. The torrent file, made available on November 3, has already been downloaded multiple times. So far, the hackers have not disclosed what data is included in the breach, nor have they shared proof of compromise or any ransom demand.

United Kingdom – Ernst & Young – Finance

Exploit: Misconfiguration

Risk to Business: Moderate: A major cloud misconfiguration has exposed a massive amount of data belonging to British multinational professional services firm Ernst & Young (EY). The exposure has become one of the most talked-about topics in cybersecurity circles this week. Cybersecurity researchers discovered 4TB of publicly accessible EY data on Microsoft Azure during a routine network and cloud scan. The file carried a .BAK extension, indicating it was a full SQL Server database backup. The exposed backup likely contained sensitive information such as user data, API keys, credentials, authentication tokens and database schemas. Experts warn that such a large volume of exposed data could have serious consequences. With today’s automated scanning tools, countless threat actors could have easily found and accessed the files.

Talk to a BarberaIT team member today about implementing IT strategy plan for your business.

Robert Brown
7/11/2025

The post Security Report – 7 Nov 2025 appeared first on Barbera IT.