WyzGuys Tech Talk

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

“Gucci Master” business email scammer Hushpuppi gets 11 years

He was sentenced under his real-life name of Ramon, but in back in his boastful days of pretending to be a seriously successful real estate agent based in Dubai, you may have seen and heard of him as Ray, or, to give him his full nickname, Ray Hushpuppi.

To be clear, Ramon Olorunwa Abbas wasn’t pretending to have lots of money, but he was pretending to have acquired his money by legitimate means.

His now-shuttered Instagram account was awash with show-off photos promenading the extent of his wealth, including fancy cars (see featured image at top of article), luxury travel by private jet, and high-ticket shopping trips:

Unfortunately for Abbas, who allegedly referred to himself on Snapchat as The Billionaire Gucci Master!!!, and fortunately for the numerous victims of his criminality, the photos above were featured in a US Department of Justice charge sheet signed in June 2020 by FBI Special Agent Andrew Innocenti and approved by US Magistrate Judge Rozella Oliver:  More…

IT-ISAC Comments on Mandatory Cyber Incident Reporting

The Information Technology-Information Sharing and Analysis Center appreciates the opportunity to provide the following comments in response to the Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was issued on September 12, 2022. With over 20 years’ experience in facilitating information sharing, the IT-ISAC understands the value of collaboration, partnership and cyber threat intelligence sharing to help manage the ever-expanding range of cyber threats.

To begin, we would like to emphasize the importance of developing and implementing regulations that do not further strain security resources. Private enterprise operates in an environment of finite resources such as talent and money. Resources that are devoted to ensuring compliance with mandatory reporting requirements are resources that are not available to actively mitigate or respond to an incident.  More…

Here Is What You Can Do to Inspect SMS URL Links Before Clicking

By Roger A. Grimes.

Phishing via Short Message Service (SMS) texts, what is known as smishing, is becoming increasingly common.

There is probably not a person on Earth who does not get at least one smishing message a month. It is a big problem.

The U.S. government has been warning about them for years.  More…

CISA Releases One Industrial Control Systems Advisory

Original release date: November 15, 2022

CISA released one Industrial Control Systems (ICS) advisory on November 15, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Original release date: November 16, 2022

Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server.

The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining Software, on the mining software that the APT actors used against the compromised FCEB network. The CSA also provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from the incident response as well as recommended mitigations.

CISA and FBI strongly recommend organizations apply the recommended mitigations and defensive measures, which include:

  • Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version.
  • Minimizing your organization’s internet-facing attack surface.
  • Exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA.
  • Testing your organization’s existing security controls against the ATT&CK techniques described in the CSA.

For additional information on malicious Iranian government-sponsored cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage.

November 16, 2022
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.  More…


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.