WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

The Metaverse or the Matrix?

The metaverse will help power virtual workspaces

Gartner predicts that 25% of people will spend an hour or more per day in the metaverse by 2026.

Comprehensive Online Security Guide For Women

This article, written by Julia SJ covers a lot of ground related to cyberbullying .  She writes:

“I have been on the other end of some extreme cyberbullying from different online platforms and I am really happy to have found out that there are ways for me to protect myself. I thought I’d share with you this extremely useful guide I found that really helped me ease back into the cyber world with more confidence and a feeling of safety. You can find the article here: https://www.wizcase.com/blog/comprehensive-online-security-guide-for-women/

I suggest you share it with your readers on the abovementioned page, I’m sure many of them have gone through the same.”

Power company pays out $3 trillion compensation to astonished customer

More money than the UK’s economy produces in a year!

Adobe fixes zero-day exploit in e-commerce code: update now!

There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it.

FBI Warns Against New Criminal QR Code Scams

QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more.
However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.

QRime Codes
As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals.

The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply.

CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog:
FBI Warns Against New Criminal QR Code Scams

As U.S. Tax Season Starts, So Do IRS Scams – Here’s What to Look Out For

It’s that time again, when we all dread finding out if we owe money or not. And cybercriminals are banking on it with a wide range of scams that all impersonate the IRS.

You’d think, by now, people would be savvy to emails and phone calls purporting to be from the IRS saying “you owe money!” or “call us immediately!”. The IRS has posted details about phishing attacks that impersonate them for years (here’s one from 2014 that reads like it’s a relatively new scam). And yet, individuals continue to fall for these scams – mostly due to their ignorance around how the IRS contacts you.

The IRS has taken steps to not just let you know what to expect should they reach out, but they even go as far as to spell out for you the types of tax scams you should be mindful of.

Most of the current scams revolve around simple premises that are designed to both get your attention and strike a little fear into you. According to Nerdwallet, some of these premises sound like the following:

• “We’ll cancel your Social Security number”
• “This is the Bureau of Tax Enforcement, and we’re putting a lien or levy on your assets”
• “If you don’t call us back, you’ll be arrested”

These scams are usually intent on stealing personal data or payment details. So, there are a few things you can do to ensure you’re protected:

• Pay attention to how they contact you – the IRS doesn’t call, text, email, leave voicemails, or reach out to you via social media. They send you a letter in the mail. That’s it.
• They don’t ask for payment over the phone – Not credit cards, and most certainly not gift cards!
• They can’t arrest you, etc. – There is a taxpayer’s bill of rights, an appeal process, etc. Jumping right to arresting you is downright foolishness.

Those organizations putting their users through continual security awareness training are already prepared for IRS-themed and other types of scams, as they are taught to maintain a state of vigilance whenever any unsolicited communication – whether via email, phone, etc. – and to scrutinize the message, it’s sender, and the call to action, all to determine whether it’s a scam or not.

Tell your friends:
As U.S. Tax Season Starts, So Do IRS Scams – Here’s What to Look Out For

Who did I just hire!?

Hiring people has always been hard. But since the arrival of the COVID-19 pandemic, it’s hit new levels of strangeness.

These days it’s not uncommon to interview someone over Zoom and never actually meet them in person. A friend recently told me they hired a great candidate for their Kubernetes senior engineer position. This was a big deal. Kubernetes-savvy people are rarer than hen’s teeth. The person they hired showed he had the technical chops they needed and made it through three rounds of interviews with flying colors.

They offered him the position. He accepted, went through onboarding, showed up at his first real virtual meeting—and it wasn’t the same guy.

He literally wasn’t the person they’d interviewed. He didn’t look the same, didn’t talk the same, and most important of all, he didn’t have the job skills they needed.

3 IT Trends That Every Business Should Know About in 2022

It is important for companies to keep track of IT developments that can affect their business operations. Here are three IT trends that will affect all organizations, no matter their size or industry.

Although technologies and their impacts can change quickly, adjusting business operations accordingly often takes time. Thus, knowing about important IT developments sooner rather than later is important. It can give companies the time they need to avoid potential problems or take advantage of opportunities. More…

The post 3 IT Trends That Every Business Should Know About in 2022 appeared first on CHIPS

Russia vs. Ukraine Round 3

NCSC-NZ Releases Advisory on Cyber Threats Related to Russia-Ukraine Tensions

Original release date: February 18, 2022

The New Zealand National Cyber Security Centre (NCSC-NZ) has released a General Security Advisory (GSA) on preparing for cyber threats relating to tensions between Russia and Ukraine. The advisory recommends organizations review their security posture and monitor for cyber incidents and provides additional resources to help protect against potential threats.

CISA encourages all users to review GSA: Understanding and Preparing for Cyber Threats Relating to Tensions Between Russia and Ukraine and consider the recommendations.