While you always need to be wary of scammers and the methods they use, you may want to approach situations with an extra level of scrutiny during the ongoing COVID-19 (coronavirus) crisis. Fraudsters know people are more vulnerable to scams when they’re desperate, and use times of crisis as an opportunity to come up with new scams—or new twists on existing scams.
Fortunately, keeping yourself safe doesn’t require a lot of extra work. In many cases, the same measures you’d take to protect yourself during normal times apply during a crisis as well. Read more…
From the About Frickin’ Time Department
The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years. More…
ZDNet’s Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet: “A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.
The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions.
Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user’s role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.
The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker.
I don’t have to tell you the risks that this brings related to CEO fraud, also known as Business Email Compromise.
5 checks to make sure your home Wi-Fi is secure
German forces used the device—likely cast into the water to avoid falling into Allied hands—to encode military messages
What looked at first glance underwater like an “old typewriter” turned out to be an historic cipher machine.
Including both financial losses and cybersecurity spending, the $1 trillion in costs will represent a 50% increase over 2018, says McAfee.
Original release date: December 7, 2020
The National Security Agency (NSA) has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. The NSA advisory provides mitigation and detection guidance.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates and detection guidance.
- NSA Cybersecurity Advisory Russian State-Sponsored Actors Exploiting Vulnerability in VMware Workspace ONEAccess Using Compromised Credentials
- VMware Security Advisory VMSA-2020-0027.2
- CERT Coordination Center (CERT/CC) Vulnerability Note VU#724367
Original release date: December 8, 2020
FireEye has released a blog addressing unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. Although the Cybersecurity and Infrastructure Security Agency (CISA) has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems. The exposed tools do not contain zero-day exploits.
CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures:
- FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
- Unauthorized Access of FireEye Red Team Tools
- FireEye’s GitHub repository: Red Team Tool Countermeasures
Sources tell the WaPo that the Russian SVR intelligence service –APT 29 — appears to be behind the hack of FireEye. That’s the same group that hacked Democratic servers in 2015. But the investigation continues. @Joseph_Marks_ washingtonpost.com/national-secur