Sextortion is the newest cyber crime Sextortion scam emails are circulating. They claim that a popular adult site has been hacked, allowing an attacker to record videos of you through your webcam, according to Lawrence Abrams at BleepingComputer. The attacker claims that these videos will be sent to all of the victim’s contacts unless the victim pays the equivalent of $969 to the attacker’s Bitcoin address. The emails also include a victim’s old password obtained from a past data breach in an attempt to frighten the victim. Victims Additionally, some of the emails contain links, supposedly leading to sample videos of the victim as proof of the attacker’s claims. These links have been known to install malware, such as ransomware, in past campaigns. BleepingComputer observes that the Bitcoin address in ... Read More

Phish attack meeting requests A widespread phishing campaign is targeting executives across a number of industries. The messages ask to reschedule a board meeting in an effort to steal logins and passwords. Spotted by researchers at security firm GreatHorn, the phishing messages spoof the name and email address of the CEO of the company being targeted and uses a subject line including the company name and a note about the meeting to gain the attention of potential victims. Users are more likely to fall for attacks they believe to come from their boss. The contents of the phishing email is simple: it says a board meeting has been rescheduled and asks users to take part in a poll to choose a new date. Office 365 If users click the link, they're taken to a ... Read More

Late last month, Daniel R. Coats, Director of National Intelligence reported on Threats to US national security gave the 40,000 foot view of cyber threats. I'm quoting them here. Summary of Cyber Threats China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge, particularly regarding perceived US unilateralism and interventionism and Western promotion of democratic values and human rights. As China and Russia seek to expand their global influence, they are eroding once well-established security norms and increasing the risk of regional conflicts, particularly in the Middle East and East Asia. At the same time, some US allies and partners are seeking greater ... Read More

Phishing attack uses DocuSign Here is a brilliant new social engineering phishing scam that you may have already seen. It will sail through all your spam / malware filters and email protection devices, because it's entirely legit by using the Docusign infrastructure. Prime example of an info grabbing phishing attack that does not use a malicious payload. Easy money? Clicking on the yellow "Review Document" button gets you to—again an entirely legit—Docusign page, which requires you to fill out the form as per the normal process. I broke it up in two parts. The top half is more or less normal for a loan application. But wait, the second half really takes the cake. Looking for financial information Continuing to fill out the form allows the bad guy to completely steal the ... Read More

Conversation with a Mac and security expert RE: malware We need to have a conversation about Macs, says TJ Letourneau of VIPRE Security. I’ve been a long-time fan of Mac.  In fact, my first personal Mac was a Power Mac G5 and I absolutely loved that device.  So much so that when I had to evacuate my home due to a hurricane…I brought it with me!  Yeah, it was like that. Some call it the greatest love story ever told. With my love of the Mac in mind, I feel that the time has come to discuss the state of Macs today and some of the preconceived notions around their security and security needs. Specifically, I want to discuss malware-related security, for Mac devices. “Macs are Completely Safe, ... Read More

Test your users' gullibility to social engineering Stephanie Carruthers, People Hacker for IBM- X-Force Red wrote an excellent post on why you should social engineer your own organization. I'll quote the first paragraph or so, and you should read the rest of the article, it makes an excellent point for the need to "social engineer your employees" and assess the strength of your human firewall! "It was one of the highest phishing rates I had ever seen: Almost 60 percent of employees clicked the malicious link. Yet the client, a chief information security officer (CISO) of a Fortune 100 company, asked a question that caught me completely off-guard. “So what?” he said, clearly unimpressed. As a “people hacker” for X-Force Red, IBM Security’s team of veteran hackers, I’ve performed social ... Read More

Cybersecurity training kids can understand KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform is offering an interactive, no-cost, children’s cybersecurity activity kit to the public. A workbook, poster and video module available to help families teach children how to protect themselves from online dangers The activity kit consists of two workbooks with puzzles and games, a poster and a video module featuring KnowBe4’s security awareness hero Captain Awareness. The workbook also includes a cyber hero pledge consisting of helpful tips to help children stay safe online, along with a family agreement that parents can review with their children to set guidelines for using online devices. Concrete tools With this activity kit, parents, teachers and other guardians have some concrete tools to help teach their children about online ... Read More

Anatova game tricks users into downloading ransomware The anatova ransomware strain was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it. McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it. Creating a quick and fast piece of ransomware is fairly easy Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also ... Read More

Phishing attack when selling a house Cyber thieves stole $150,000 from a woman during a real estate transaction last year, according to Lisa Vaas at Naked Security. Mireille Appert, a Swiss woman who lives in the United States, inherited her uncle’s house in Australia when he passed away in 2014. She fell victim to a phishing attack. In 2018, Appert decided to sell the house and got in touch with an Australian law firm, KF Solicitors, on July 1st. On July 18th, she received a phishing email that read, “The sellers [sic] authority just needs to be emailed back to us and not posted.” She emailed her bank details to the company in a PDF. Wrong bank account number Over the next month, Appert and her son worked with ... Read More