CyberSecure Specialist

iDealwine Confirms Data Breach

Individuals that were potentially affected have an increased likelihood of becoming targets of phishing attempts. iDealwine has advised their customers to not respond to emails or open their attachments if they are unfamiliar of the source. Customers can reach out to iDealwine if they have any issues, and they claim their team will assist. Although passwords were encrypted, a good precautionary step would be to change those passwords, and make sure passwords aren’t reused on…

Read More

Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Google today introduced Graph for Understanding Artifact Composition (GUAC), an open source tool for centralizing build, security, and dependency metadata. Developed in collaboration with Kusari, Purdue University, and Citi, the new project is meant to help organizations better understand software supply chains. GUAC aggregates metadata from different sources, including supply chain levels for software artifacts (SLSA) provenance, software bills of materials (SBOM), and vulnerabilities, to provide a more comprehensive view over them. “Graph for Understanding…

Read More

With Conti gone, LockBit takes lead of the ransomware threat landscape

The number of ransomware attacks observed over the previous three months declined compared to the previous quarter, according to reports from two threat intelligence companies. However, the gap left by the Conti gang has been filled by other players, with LockBit cementing itself in the top position and likely to serve as a future source for ransomware spin-offs. From July to September, security firm Intel 471 counted 455 attacks from 27 ransomware variants, with LockBit…

Read More

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users. Jay Pinho is a developer who…

Read More

Securing your organization against phishing can cost up to $85 per email

As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 and $85.33 per phishing email, according to a new report by Osterman Research. The report does not calculate the cost of damage caused by phishing, rather the productivity loss of IT and security teams. On average, organizations spend 16-30…

Read More

CISA Releases Three Industrial Control Systems Advisories

Original release date: October 20, 2022 CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: •    ICSA-22-293-01 Bentley Systems MicroStation Connect •    ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump (Update A) •    ICSMA-20-296-02 B. Braun SpaceCom Battery Pack…

Read More

Mozilla Releases Security Updates for Firefox

Original release date: October 20, 2022 Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.4 and Firefox 106 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Financial losses to synthetic identity-based fraud to double by 2024

Losses to imposter scams based on synthetic identities—identities that only exist as figments in a credit reporting bureau’s records—will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure. Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure’s report said. Typically, such an identity is based on a real person, but with…

Read More

Attackers switch to self-extracting password-protected archives to distribute email malware

Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password. “This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,”…

Read More