Weekly #cybersecurity digest to your inbox

FBI says that sharing personal info online only helps scammers

The FBI Charlotte office is warning social media users to pay close attention to the information they share online.

Go to article at

15.5.2020

Phishing

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.

Go to article at

15.5.2020

Ransomware

One man lost his life savings in a SIM hack. Here's how you can try to protect yourself

Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 million.

Go to article at

15.5.2020

Phishing

Phishing Campaign Uses Malicious Office 365 App

Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Go to article at

15.5.2020

Phishing

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder Vid  Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time.…

Go to article at

15.5.2020

Unpatched Vulnerabilities

Time to Warn Users About Black Friday & Cyber Monday Scams

Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.

Go to article at

15.5.2020

Phishing

Since 2013 More Than $26 Billion Has Been Scammed by Business Email Comprise and Email Account Compromise aka Spearphishing!

Tuesday, November 26, 2019 The FBI Internet Crime Complaint Center (IC3) announced “Domestic and international exposed dollar loss: $26,201,775,589 “ by BEC/EAC which “…is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests…. The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information or Wage and Tax Statement (W-2) forms.”  The September 10, 2019 FBI Public Service Announcement entitled “BUSINESS EMAIL COMPROMISE THE $26 BILLION SCAM” included these comments: The BEC/EAC scam continues to grow and evolve, targeting small, medium, and large business and personal transactions. The increase is also due in part to greater awareness of the scam, which encourages reporting to the IC3 and international and financial partners. The scam has been reported in all 50 states and 177 countries. Fraudulent transfers have been sent to at least 140 countries.

Go to article at

15.5.2020

Business-Email-Compromise

An Alarming Number of Software Teams Are Missing Cybersecurity Expertise

Go to article at

15.5.2020

CyberNow

When Rogue Insiders Go to the Dark Web

Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.

Go to article at

15.5.2020

Insider Attacks