CyberSecurity Updates

16 Dec

US Food Companies Warned of BEC Attacks Stealing Food Product Shipments

Information, Malware, News

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are raising alarm on business email compromise (BEC) attacks leading to the theft of shipments of food products and ingredients. Typically used to steal money, BEC involves threat actors compromising email accounts at target companies and then targeting employees in charge of making payments with fraudulent emails that instruct them to…

Read More
16 Dec

Ukrainian Government Networks Breached via Trojanized Windows 10 Installers

Attacks, Malware

In this campaign, the initial access using the trojanized ISO file was facilitated through phishing and relied on human error to infiltrate these organizations. A look back at campaigns over the past year have shown that many threat actors have turned to phishing tactics, likely because a human operator is often one of the weakest points in an organization’s security infrastructure. General recommendations for mitigation of phishing attacks are largely policy and user education based,…

Read More
16 Dec

FuboTV Suffers Outage During World Cup

Attacks, Malware

Anyone that is a customer of FuboTV should be monitoring for any change in account activity including password or email changes. They should also be on the lookout for an update from FuboTV regarding what, if any, information was stolen and how to mitigate the attack from a customer standpoint. https://www.bleepingcomputer.com/news/security/fubotv-says-world-cup-streaming-outage-caused-by-a-cyberattack/?&web_view=true

Read More
16 Dec

Attackers Leak Personal Info Allegedly Stolen From 5.7M Gemini Users

Attacks, Malware

Gemini advises its customers to rely on strong authentication methods and recommends activating two-factor authentication (2FA) protection and/or the use of hardware security keys to access their accounts. The company also provides the steps necessary for changing the email address associated with the Gemini account. https://www.bleepingcomputer.com/news/security/hackers-leak-personal-info-allegedly-stolen-from-57m-gemini-users/

Read More
16 Dec

Traveling for the holidays? Stay cyber‑safe with these tips

Information

Holiday travel is back with a vengeance this year. Set yourself up for a cyber-safe and hassle-free trip with our checklist. You’ve successfully avoided all sorts of shopping scams while hunting for bargains this holiday season, and now the time has come to drive, fly or take a train home for Christmas. You’re taking time off to relax, but it is certainly not the time to put cybersecurity on the back burner – cybercrime knows…

Read More
16 Dec

Help! My kid has asked Santa for a smartphone

Information

The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly. Choosing the right holiday gift(s) for your children can be nerve-racking, perhaps doubly so if you’re choosing it for your pre-teen. It’s at that age when many kids feel they’re too old for toys and start insisting they need their first smartphone. Indeed, at that age,…

Read More
16 Dec

S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]

Information, Malware

by Paul Ducklin PWNING THE WINDOWS KERNEL Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Wireless spyware,…

Read More
16 Dec

FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food

Attacks, Insights, Malware

Original release date: December 16, 2022 The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) have released a joint Cybersecurity Advisory (CSA) detailing recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The joint CSA analyzes the common tactics, techniques, and procedures (TTPs)…

Read More
16 Dec

NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

Information, News

The US National Institute of Standards and Technology (NIST) this week recommended that IT professionals replace the SHA-1 cryptographic algorithm with newer, more secure ones. The first widely used method of securing electronic information and in use since 1995, SHA-1 is a slightly modified version of SHA, or ‘secure hash algorithm’, the very first standardized hash function. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities…

Read More
16 Dec

GitHub Announces Free Secret Scanning, Mandatory 2FA

Information, News

Microsoft-owned code hosting platform GitHub this week announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, it helped identify 1.7 million potential secrets exposed in public repositories. “Secret scanning alerts notify you directly about leaked secrets in your code. We’ll still notify our…

Read More