Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

The Latest Scams You Need to Be Aware Of

While you always need to be wary of scammers and the methods they use, you may want to approach situations with an extra level of scrutiny during the ongoing COVID-19 (coronavirus) crisis. Fraudsters know people are more vulnerable to scams when they’re desperate, and use times of crisis as an opportunity to come up with new scams—or new twists on existing scams.

Fortunately, keeping yourself safe doesn’t require a lot of extra work. In many cases, the same measures you’d take to protect yourself during normal times apply during a crisis as well.  Read more…

IRS to Make ID Protection PIN Open to All

From the About Frickin’ Time Department

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.  More…

A Hacker Is Selling Access to the Email Accounts of Hundreds of C-Level Executives

ZDNet’s Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet: “A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.

The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions.

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user’s role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.

The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker.

I don’t have to tell you the risks that this brings related to CEO fraud, also known as Business Email Compromise.

Full post with links:  https://blog.knowbe4.com/heads-up-a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives

Home Wi-Fi security tips – 5 things to check

5 checks to make sure your home Wi-Fi is secure

Divers Discover Nazi Enigma Machine Thrown Into the Baltic Sea During WWII

German forces used the device—likely cast into the water to avoid falling into Allied hands—to encode military messages

German divers find Enigma crypto machine on seabed

What looked at first glance underwater like an “old typewriter” turned out to be an historic cipher machine.

How cybercrime will cost the world $1 trillion this year

Including both financial losses and cybersecurity spending, the $1 trillion in costs will represent a 50% increase over 2018, says McAfee.

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

Original release date: December 7, 2020

The National Security Agency (NSA) has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. The NSA advisory provides mitigation and detection guidance.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates and detection guidance.

Theft of FireEye Red Team Tools

Original release date: December 8, 2020

FireEye has released a blog addressing unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. Although the Cybersecurity and Infrastructure Security Agency (CISA) has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems. The exposed tools do not contain zero-day exploits.

CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures:

Sources tell the WaPo that the Russian SVR intelligence service –APT 29 — appears to be behind the hack of FireEye. That’s the same group that hacked Democratic servers in 2015. But the investigation continues. @Joseph_Marks_ washingtonpost.com/national-secur


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.