CyberSecurity Updates

21 Nov

How social media scammers buy time to steal your 2FA codes

Information

by Paul Ducklin Phishing scams that try to trick you into putting your real password into a fake site have been around for decades. As regular Naked Security readers will know, precautions such as using a password manager and turning on two-factor authentication (2FA) can help to protect you against phishing mishaps, because: Password managers associate usernames and passwords with specific web pages. This makes it hard for password managers to betray you to bogus…

Read More
21 Nov

New Ransomware Encrypts Files, Then Steals Discord Accounts

Attacks, Malware

While this ransomware generally targets consumers rather than the enterprise, it could still pose a significant threat to large communities. Therefore, users that are impacted by AxLocker should immediately change Discord passwords, as it will invalidate the token stolen by the ransomware. While this may not help recover files, it will prevent further compromise of accounts, data, and Discord communities. https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/

Read More
21 Nov

Google Wins Court Case Against Russians Linked to Glupteba Botnet

Attacks, Malware

Starovikov and Filippov, who claim to have been software engineers for an organization known as Valtron LLC, are accused of seeking to mislead the court and acting to deny Google access to discoverable data. According to a settlement submitted to Google, the actors demanded $1 million each from the company and $110,000 in legal costs in exchange for providing the private keys to Bitcoin addresses linked to the Glupteba botnet. However, the Mountain View-based company…

Read More
21 Nov

California County Says Personal Information Compromised in Data Breach

Information, News

The County of Tehama, California, has started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach. The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and…

Read More
21 Nov

Luna Moth callback phishing campaign leverages extortion without malware

Data Breaches, Malware, Social Engineering

Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars…

Read More
21 Nov

How remote working impacts security incident reporting

Data Breaches, Malware, Social Engineering

The ability for employees to work remotely comes with many benefits, from better work-life balance to lower expenses to higher productivity. But a widely dispersed workforce can pose some great challenges for security teams, not least of which is how remote work affects security incident reporting. With companies growing more accustomed to implementing security technologies and processes better attuned to mass remote working, incident reporting has the potential to become a major stumbling block. Along…

Read More
19 Nov

Latest insights on APT activity – Week in security with Tony Anscombe

Information

What have some of the world’s most notorious APT groups been up to lately? A new ESET report released this week has the answers. What have advanced persistent threat (APT) groups been up to lately? This week, the ESET Research team published their inaugural APT Activity Report, which reviews the activities of selected APT threat actors as observed, investigated, and analyzed by ESET’s experts from May to August of this year. The report specifically looks…

Read More
18 Nov

Tor vs. VPN: Which should you choose?

Information

Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which suits your needs better? People who want to keep their online activities private are often faced with the question – should I use a virtual private network (VPN) or the Tor anonymity network? What are the advantages and downsides of each? There’s definitely a lot to go through before making a choice. Wait…

Read More
18 Nov

Almost half of customers have left a vendor due to poor digital trust: Report

Data Breaches, Malware, Social Engineering

Forty-seven percent of consumers have stopped doing business with a company after losing trust in that company’s digital security, according to new research from certificate authority and cybersecurity vendor DigiCert. The findings, which have been compiled in the company’s 2022 State of Digital Trust Survey, also revealed that 84% of customers would consider switching if they were to lose trust in a company, with 57% saying switching would be likely. The survey was administered as…

Read More