CyberSecurity Updates

10 tips to avoid Black Friday and Cyber Monday scams

It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season Black Friday and Cyber Monday are just around the corner, and scammers are also turning up their efforts in order to cash in on unsuspecting victims during what is traditionally the busiest bargain-hunting period of the year. In 2021, consumers spent a whopping US$8.9 billion on…

Read More

S3 Ep110: Spotlight on cyberthreats – an expert speaks [Audio + Text]

by Paul Ducklin SPOTLIGHT ON CYBERTHREATS Security specialist John Shier tells you the “news you can really use” – how to boost your cybersecurity based on real-world advice from the 2023 Sophos Threat Report. Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Paul Ducklin and John Shier. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts,…

Read More

EPSS explained: How does it compare to CVSS?

The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response…

Read More

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago. Dubbed DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target individuals on LinkedIn who have job descriptions that could suggest they have access to manage Facebook business accounts. More recently,…

Read More

Security fatigue is real: Here’s how to overcome it

Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late. IT security is often regarded as the “Department of No” and sometimes it’s easy to see why. In a world of escalating cyber-risk, expanding attack surfaces and a fast-growing cybercrime economy, security teams are understandably keen to limit the damage their employees could cause. After all, it takes just one misplaced click…

Read More

CryptoRom “pig butchering” scam sites seized, suspects arrested in US

by Paul Ducklin Over the past year, we’ve had the unfortunate need to warn our readers not once, but twice, about a scam we’ve dubbed CryptoRom, a portmanteau word formed from the terms “Cryptocurrency” and “Romance scam”. Simply put, these scammers use a variety of techniques, notably including prowling on dating sites, to meet people online, form a friendship… …not with the intention of drawing their victims into a “we’ve fallen in love, now send…

Read More

Indian Energy Organizations Breached via Vulnerabilities in Discontinued Boa Servers

This new research from Microsoft highlights two of the main issues that plague the cybersecurity industry – legacy software/hardware and the Internet of Things. First, we’ll touch on legacy software/hardware. Legacy software/hardware is old software that is still in use within an environment. While in this case, it was likely unknowingly used by the breached companies due to being within 3rd party devices, legacy software/hardware is something that most large corporations have in their environment…

Read More

Enterprise Healthcare Providers Warned of Lorenz Ransomware Threat

Lorenz targets victims using customized executable code, expressly tailored to the targeted organization. HC3 notes that the tactic implies the actors will maintain persistent access for reconnaissance “for an extended period of time” before deploying the ransomware payload. The typical pattern begins with initial access, then reconnaissance and lateral movement to connected devices, with the primary purpose of finding a Windows domain controller to obtain administrator credentials. Their code also enables multiple program threads to…

Read More

Five Exploits In ARM’s Mali GPU Driver Remain Unfixed

Unfortunately, there are no options for users of these devices to patch these vulnerabilities at this time. The ARM GPU chip manufacturers have released the fix to the maintainers of Android who are testing the fix on Android/Pixel devices. Once the fix has been integrated into the Android code base, OEM partners will receive the patch from Android and will be responsible for implementing the fix and pushing it out to vulnerable Android devices. Users…

Read More

Meta outlines US involvement in social media disinformation in new report

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. “Coordinated inauthentic behavior” is Meta’s term for misinformation activity performed by groups of social media accounts on its platforms that target particular groups or demographics. CIB groups, the company said in a 2018 official blog post, are targeted…

Read More