CyberSecure Specialist

08 Dec

CISA Releases Phishing Infographic

Attacks, Insights, Malware

Original release date: December 8, 2022 Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. The infographic also provides detailed actions organizations and individuals can take to prevent successful phishing…

Read More
08 Dec

CISA Releases Three Industrial Control Advisories

Attacks, Insights, Malware

Original release date: December 8, 2022 CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-342-01 Advantech iView ICSA-22-342-02 AVEVA InTouch Access Anywhere ICSA-22-342-03 Rockwell Automation Logix Controllers   This product is provided subject to this Notification and this…

Read More
08 Dec

IOTW: Metallica encourages fans to seek and destroy crypto scams

Attacks, Data Breaches

Metal band Metallica has warned fans of scammers posing as them and offering fake cryptocurrency giveaways ahead of the launch of their album, 72 Seasons. ⚠️ pic.twitter.com/KmlofVdiBM — Metallica (@Metallica) December 6, 2022 In a tweet, the band warned fans that any websites, YouTube channels and livestreams claiming to offer Metallica cryptocurrency were fake. To avoid getting scammed, the band urged fans to “always look for official verification before believing something wild and crazy to…

Read More
08 Dec

Fantasy – a new Agrius wiper deployed through a supply‑chain attack

Information

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for its destructive operations. In February 2022, Agrius began targeting Israeli HR and IT consulting firms, and users of an Israeli…

Read More
08 Dec

TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Information, News

TikTok was hit Wednesday with a pair of lawsuits from the US state of Indiana, which accused it of making false claims about the Chinese-owned app’s safety for children. The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting…

Read More
08 Dec

Microsoft’s rough 2022 security year in review

Data Breaches, Malware, Social Engineering

We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year. January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the…

Read More
07 Dec

Apple finally adds encryption to iCloud backups

Data Breaches, Malware, Social Engineering

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users. Along with end-to-end encryption for iCloud, Apple’s cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend. Apple Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign…

Read More
07 Dec

Antwerp City Services Down After Digital Partner is Breached

Attacks, Malware

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security.…

Read More
07 Dec

Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam

Attacks, Malware

As with any crypto giveaway scam, the victim ends up sending the funds to the attacker’s wallet but never receives any amount back. Twitter accounts following famous personalities should be wary of suspicious messages and notifications heading their way. https://www.bleepingcomputer.com/news/security/elon-musks-twitter-followers-targeted-in-fake-crypto-giveaway-scam/

Read More
07 Dec

US Congress rolls back proposal to restrict use of Chinese chips

Data Breaches, Malware, Social Engineering

The US Congress is rolling back proposed legislation that would place restrictions on the use of Chinese-made chips by the government and its contractors, after  companies argued that the measures would raise costs. While the draft legislation still provides for restrictions to be enacted, contractors now have five years to comply with them, rather than the two years stipulated in an earlier version of the proposal, and the language of the new draft leaves room…

Read More