WyzGuys Tech Talk

From the About Frickin’ Time Department

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.  More…

A Hacker Is Selling Access to the Email Accounts of Hundreds of C-Level Executives

ZDNet’s Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet: “A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.

The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions.

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user’s role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.

The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker.

I don’t have to tell you the risks that this brings related to CEO fraud, also known as Business Email Compromise.

Full post with links:  https://blog.knowbe4.com/heads-up-a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives

Home Wi-Fi security tips – 5 things to check

5 checks to make sure your home Wi-Fi is secure

Divers Discover Nazi Enigma Machine Thrown Into the Baltic Sea During WWII

German forces used the device—likely cast into the water to avoid falling into Allied hands—to encode military messages

German divers find Enigma crypto machine on seabed

What looked at first glance underwater like an “old typewriter” turned out to be an historic cipher machine.

How cybercrime will cost the world $1 trillion this year

Including both financial losses and cybersecurity spending, the $1 trillion in costs will represent a 50% increase over 2018, says McAfee.

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

Original release date: December 7, 2020

The National Security Agency (NSA) has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. The NSA advisory provides mitigation and detection guidance.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates and detection guidance.

• NSA Cybersecurity Advisory Russian State-Sponsored Actors Exploiting Vulnerability in VMware Workspace ONEAccess Using Compromised Credentials
• VMware Security Advisory VMSA-2020-0027.2
• CERT Coordination Center (CERT/CC) Vulnerability Note VU#724367

Theft of FireEye Red Team Tools

Original release date: December 8, 2020

FireEye has released a blog addressing unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. Although the Cybersecurity and Infrastructure Security Agency (CISA) has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems. The exposed tools do not contain zero-day exploits.

CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures:

• FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
• Unauthorized Access of FireEye Red Team Tools
• FireEye’s GitHub repository: Red Team Tool Countermeasures 

Sources tell the WaPo that the Russian SVR intelligence service –APT 29 — appears to be behind the hack of FireEye. That’s the same group that hacked Democratic servers in 2015. But the investigation continues. @Joseph_Marks_ https://washingtonpost.com/national-security/leading-cybersecurity-firm-fireeye-hacked/2020/12/08/a3369aaa-3988-11eb-98c4-25dc9f4987e8_story.html