Phishing attacks targeting Office 365 users
By Dominic Chorafakis, CISSP
March 20, 2019
Email continues to be the favorite tool for hackers to hijack computers and steal information. Recent phishing campaigns are proving to be particularly effective by combining different techniques to target Office 365 users. There are two key elements that make the attack effective:
- Malicious messages appear to arrive from known contacts
- Messages contain PDF attachments which do not carry any malware so they get past anti-virus. The goal is to entice users to click on a link that appears to take them to OneDrive or Office 365
Taking the time to verify the email address that a message appears to be from is an important step in security awareness. Some times the domain portion of the email address (the part that comes after the @ sign) will be a clue that the sender isn’t really who they claim to be. Unfortunately, it is not enough to just look at the From field, the sender’s email account may have been hacked, but also sophisticated hackers are able to spoof the From field to make it look like an email was sent by someone else.
It is important to note that this is not personal or specifically targeted, so don’t assume you are safe just because hackers don’t know who you are. Once a computer becomes infected, the malware will automatically extract information from contact lists and earlier email messages and automatically launch a similar attack against those contacts. It doesn’t even need to be someone you know who was infected. Say your friend Bob sends you an email inviting you to a party, and copies you and 10 other people you don’t know. If any one of those 10 people are infected, the malware will try to send an email from Bob to your email address with the malicious PDF without ever knowing you or Bob personally.
The malicious email may contain a link in the message itself, but in this case, we are focusing on the attack specifically targeting Office 365 users. In those attacks, when you open the PDF file, it will try to get to click on what looks like a legitimate link, here’s an example
If a user is tricked into clicking on the link, what happens next depends on the specific type of attack.
In some cases, the user is directed to a website that looks like a real Office 365 login page as seen below.
Note the URL in the browser is not Microsoft’s at all.
In this case the attacker is trying to trick the user into providing their username and password which will be sent to the hacker instead of Microsoft.
In other cases, clicking on the link will take to you a website that hosts software known as an Exploit Kit that will attack your PC looking for a vulnerability that can be used to install malware on it.
What to do
- Be suspicious of any email with a PDF attachment even if it appears to come from someone you know. If it is unusual (e.g. someone sends you an invoice or other document you are not expecting), do not open the attachment.
- If you suspect an email may be a scam, do not reply to that email to verify its authenticity if you have other means of contacting them.
- If you do open the attachment and see a Word or Excel logo prompting you to click on a link to open the document in Office 365
- Do not click on that link
- Notify your IT administrator immediately
- Close the attachment immediately
- Run a full virus scan on your system
- If you do click on the link before you realize it is a scam
- Power down your computer
- Notify your IT administrator immediately
The new normal in cybersecurity
By Dominic Chorafakis, CISSP
Not so long ago, computer viruses were mostly created by pranksters and computer geeks trying to see what they could get away with. There was still some risk for data loss and downtime, but for the most part viruses were just an annoyance and installing a decent anti-virus was enough to keep your systems safe.
Today things are much different. Online banking and bitcoin have made it possible and safe for hackers to turn what used to be a misguided hobby into an organized criminal enterprise, with cybercrime proceeds surpassing $ 1 Billion last year.
The lone computer geek has been replaced with sophisticated teams of highly skilled professional hackers creating military grade malware that is able to bypass anti-virus and selling access to it on the “dark web”, a kind of Internet parallel universe that is only accessible through special software which allows its users to remain anonymous and untraceable.
This new reality means that a business-as-usual approach to cybersecurity is no longer enough. Unfortunately, many small and medium business owners believe that cyber criminals won’t target them because they are too small or have nothing that hackers would want and don’t take the necessary steps until it’s too late.
Fortunately, there are some simple and cost-effective steps that businesses can take to reduce risks and avoid potentially significant repair costs and losses due to unplanned downtime.
Apply software updates and patches
Users should check for and apply software updates provided by vendors and this activity should be prioritized:
- Firewalls and Routers exposed to the internet
- Externally accessible servers
- Internal servers and personal computers
- Other infrastructure such as security cameras or other internet-enabled devices
Reduce network footprint
Businesses often create firewall rules to allow employees, vendors or other third parties to access IT systems remotely. Firewall misconfigurations, or intentional creation of rules that are too broad in scope and allow access from anywhere on the internet is a common cause of security breaches.
Firewall rules should be reviewed and the number of systems that are exposed to the internet should be kept to a strict minimum. When network ports are forwarded to allow external access to IT systems, the rules should be restrictive and limit access only from a specific set or range of external IP addresses.
When possible, vulnerability scans should be performed to confirm that firewall rules are correctly restricting access to IT systems.
Perform secure backups
Up-to-date backups are critical in order to quickly recover from an attack with minimal impact to business systems. Backup policies should take into consideration that infected systems with access to mounted backup drives may also encrypt backup files. This risk should be mitigated by having a backup strategy that keeps historical versions of backed up files and includes snapshots that are not accessible to systems that may become infected.
Deploy professional anti-virus
While zero-day attacks are an unfortunate reality, the fact is that the vast majority of breaches are caused by known vulnerabilities that professional anti-virus solutions know about and are able to block. Commercial anti-virus software should be installed and licensed on all systems and configured to automatically update virus definitions from the vendor. Additional security features provided by many commercial solutions like secure browsing extensions, identity theft protection and enhanced computer firewall features should be enabled on all computers.
Cyber Security Awareness
Studies show that the chance of a breach is reduced by up to 40% in businesses that engage in cyber security awareness training.
The method most commonly used by hackers to bypass security measures is phishing, where users are tricked into clicking on a link or opening an attachment in an email that looks like it came from a legitimate source like a customer, vendor, bank or other well-known company or website.
Computer users should take time to educate themselves on spam and phishing techniques as well as tips on how to detect them and ways to avoid falling victim. There are many free resources online such as staysafeonline.org that provide information and tips for businesses and individuals.
Managed Security Services
Cyber-security is constantly evolving as the cat-and-mouse game between cyber criminals and security vendors rages. Installing a firewall and anti-virus and then simply forgetting about cyber-security can be a huge and costly mistake. Businesses should consider managed cyber-security services to make sure IT systems and staff are protected against the most current threats and vulnerabilities.
Hackers targeting Torrent sites
There has been a surge of hacks targeting torrent users by posting fake ads on popular peer-to-peer file sharing sites that direct victims to websites infected with exploit kits able to install information-stealing malware and ransomware on their computers.
Torrents are a common source of malware and viruses since the very nature of peer to peer file sharing means that the files you are downloading can come from anyone and anywhere. As a general rule you should not install torrent clients, and only download files from known, reputable sources.
If you insist on using torrents, you should assume that the computer you are using will be hacked and don’t use it for activities like banking or accessing your email. If possible keep it on a separate network by setting up a guest WiFi network that doesn’t have access to the rest of your network.
What you should do
Take the following measures to protect your systems from this attack:
- Inform your staff that hackers are targeting Torrent users and that accessing file sharing sites is prohibited
- Prohibit the use of peer-to-peer file sharing clients like uTorrent on computers connected to your network
- Ensure that all computers have the latest operating system and browser patches installed
- Consider using a reputable ad-blocker
To receive important cybersecurity updates on the latest threats with tips on how to stay safe click on this button to follow us on LinkedIn or join our critical updates mailing list at My Security Console.
The implications of PIPEDA for small business
By Dom Chorafakis, CISSP
November 27, 2018
Information contained in this post is intended as general information only. It is not, nor should be construed as legal advice and should not be relied upon as such. If you need legal advice, please contact an attorney directly.
Personal Information Protection and Electronic Documents Act (PIPEDA)
It has been almost a month since the new PIPEDA rules regarding mandatory breach reporting in Canada came into effect and many clients still have questions around what it means for their business. In this post we’ll explore some of the key highlights of the legislation and provide links back to the relevant sections of the Office of the Privacy Commissioner of Canada (OPC) website you can use to get more information.
Perhaps the most common question that comes up is whether the rules apply to a small business that only has one or two employees. The short answer is yes, they do. The rules do not provide for any exemptions based on number of employees or revenue. There are however certain types of organizations to which the rules may not apply as per the PIPEDA brief available at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/ :
“Unless they are engaging in commercial activities that are not central to their mandate and involve personal information, PIPEDA does not generally apply to:
- not-for-profit and charity groups
- political parties and associations” 
So if you own a business that is not a charity, political party or association, then the rules definitely apply to you. Note however that even those organizations may need to comply with the rules if “they are engaging in commercial activities that are not central to their mandate” . For example, if an association sells its member list data for marketing purposes, PIPEDA would apply.
As mentioned in the brief, “PIPEDA applies to the collection, use or disclosure of personal information in the course of a commercial activity. A commercial activity is defined as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fund-raising lists.” 
The personal information that is protected under PIPEDA includes anything that is recorded about an identifiable individual. According the brief, “This includes information in any form, such as:
- age, name, ID numbers, income, ethnic origin, or blood type;
- opinions, evaluations, comments, social status, or disciplinary actions; and
- employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).” 
The Act defines 10 fair information principles that businesses must follow with regards to personal information:
- Identifying Purposes
- Limiting Collection
- Limiting Use, Disclosure, and Retention
- Individual Access
- Challenging Compliance
There are a number of clauses in the Act (which is available online at http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html ) that are relevant from a cybersecurity perspective. For example, the Act states that “Organizations shall implement policies and practices to give effect to the principles, including
(a) implementing procedures to protect personal information;
(b) establishing procedures to receive and respond to complaints and inquiries;
(c) training staff and communicating to staff information about the organization’s policies and practices; and
(d) developing information to explain the organization’s policies and procedures.” 
Furthermore, the Act states that “The methods of protection should include
(a) physical measures, for example, locked filing cabinets and restricted access to offices;
(b) organizational measures, for example, security clearances and limiting access on a “need-to-know” basis; and
(c) technological measures, for example, the use of passwords and encryption.”
Not only does the act require businesses to use appropriate administrative and technological safeguards to protect personal information, it also stipulates that any breaches of these safeguards that expose this personal information must be reported to the OPC. Organizations who fail to report such a breach may be liable for a fine of up to $100,000. According to the Act, “An organization shall report to the Commissioner any breach of security safeguards involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.
[…] significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.” .
The OPC provides a privacy toolkit for business at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/guide_org/ to help comply with the Act and its principles.
By Dom Chorafakis, CISSP
June 21, 2017
The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.
With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.
Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.
In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.
People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.
While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector. From account compromise and phishing attacks to malicious attachments, email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.
The long game
Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.
1. Identify your assets
It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.
2. Identify threats and risks
Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.
3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.
4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.
5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.
Where to go from here
There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.
- Untitled August 22, 2019New 4CAN tool helps identify vulnerabilities in on-board car computersBy Alex DeTrano, Jason Royes, and Matthew Valites.Executive summaryModern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global network, and in some cases use that telemetry […]
- Threat Source newsletter (Aug. 22) August 22, 2019Newsletter compiled by Jon Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.A lot of people may think that cyber insurance is this new, unexplored field that carries a lot of questions. But did you know that these policies have actually […]
- Talos DEFCON badge build instructions and use August 21, 2019By Patrick Mullen.We want to thank everyone who stopped by the Cisco Talos booth at DEFCON's Blue Team Village earlier this month. We handed out these badges at our area where we had Snort rules challenges, reverse-Capture the Flag and recruiters ready to answer attendees' career advice questions.Unfortunately, there were two bugs in the board […]
- Vulnerability Spotlight: Multiple vulnerabilities in Aspose APIs August 20, 2019Marcin Noga of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in APIs that help process PDFs, Microsoft Word files and more. An attacker could exploit these […]
- What you — and your company — should know about cyber insurance August 20, 2019By Jon Munshaw and Joe Marshall. It’s no longer a question of “if” any given company or organization is going to be hit with a cyber attack — it’s when. And when that attack comes, who is willing to take on that risk?For some groups, it may be that they feel they are fully prepared to […]
- Beers with Talos Ep. #59: The tardy episode August 20, 2019Beers with Talos (BWT) Podcast episode No. 59 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Recorded 8/2/19 - Yes, I know what today’s date is. We got really busy last week and I am sorry that the podcast is late. Really, I wish […]
- Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera August 19, 2019Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. One of Nest Labs’ most advanced internet-of-things devices, the Nest Cam IQ Indoor integrates Security-Enhanced Linux in Android, Google Assistant, and even facial recognition all into a compact security camera. It primarily […]
- Threat Roundup for August 9 to August 16 August 16, 2019Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
- Threat Source newsletter (Aug. 15) August 15, 2019Newsletter compiled by Jon Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.Sorry we missed you last week, we were all away at Hacker Summer Camp. If you missed us at Black Hat, we have a roundup up on the blog […]
- Talos Black Hat 2019 flash talk roundup August 14, 2019Talos went wall-to-wall at Hacker Summer Camp, showing up to Black Hat and DEFCON with talks, challenges, advice and education.Over the course of two days at Black Hat, Cisco Security hosted more than 20 talks at our booth, many featuring Talos researchers and analysts.In case you couldn't swing by the booth, we've got a quick […]
- Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security August 22, 2019Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.Rik Turner Principal Analyst, Infrastructure Solutions, Ovum
- LinkedIn Details Features of Fight Against Fakes August 22, 2019A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.Dark Reading Staff
- Texas Towns Recover, but Local Governments Have Little Hope for Respite from Ransomware August 22, 2019Their struggles underscore the difficulties for small towns in dealing with cyberattacks.Robert Lemos Contributing Writer
- Silence APT Group Broadens Attacks on Banks, Gets More Dangerous August 21, 2019Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IB says.Jai Vijayan Contributing Writer
- Ransomware Hits Fortnite Players August 21, 2019Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.Dark Reading Staff
- State-Sponsored Cyberattacks Target Medical Research August 21, 2019Cancer research is a particular target among Chinese espionage groups, says security firm FireEye.Robert Lemos Contributing Writer
- 7 Big Factors Putting Small Businesses At Risk August 21, 2019Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.Kelly Sheridan Staff Editor, Dark Reading
- CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats August 20, 2019Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.Dark Reading Staff
- Cyberthreats Against Financial Services Up 56% August 20, 2019Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.Dark Reading Staff
- Who Gets Privileged Access & How to Enforce It August 20, 2019Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.Tim Keeler Founder and CEO, Remediant
- What is personally identifiable information (PII)? How to protect it under GDPR August 22, 2019Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII, but technology has expanded the scope of PII considerably. It can include an IP address, login IDs, social media posts, or digital images. Geolocation, […]
- Why giving users two separate systems won't improve security August 22, 2019A common security question I’m asked is whether it makes sense to have two systems: one locked down and used only for work, and a second for anything else. The idea is that people can do their work on the locked down system and not create excessive risk to their company while still being able […]
- IDG Contributor Network: How to become a cybersecurity RSO August 21, 2019What is an RSO? A “reliability seeking organization,” as described in Vanderbilt Professor Rangaraj Ramanujam’s book Organizing for Reliability. We tend to think of cybersecurity as black and white; breach or no breach. We often focus on architecture, threats and defenses. In fact, we should also be concerned with the reliability of the security program. […]
- What is access control? A key component of data security August 21, 2019Who should access your company’s data? How do you make sure those who attempt access have actually been granted that access? Under which circumstances do you deny access to a user with access privileges? [ Find out how IAM solutions from CA and Oracle compare. | Get the latest from CSO by signing up for […]
- How to avoid using RDP on Windows August 21, 2019The recent discovery of several security vulnerabilities targeting Remote Desktop Protocol (RDP) has led to warnings that we should immediately patch Windows. CVE-2019-0708 (BlueKeep), CVE-2019-1181 (BlueKeep II), and CVE-2019-1182 (BlueKeep III) all rely on the fact that many admins still set up servers and leave them open to remote access over the internet.To read this […]
- BrandPost: 4 Reasons Waiting to Switch to the Cloud May Cost You August 20, 2019Do you make decisions to ensure your organization’s environment is not only secure, but also up-to-date with the latest vulnerability patches? Moving to the cloud can help address these challenges in new, unique ways. With CIS Hardened Images® you can have peace of mind knowing your employees are working in an environment that is built […]
- IDG Contributor Network: Have you been ransomware’d yet? August 20, 2019If you don’t know what ransomware is, chances are you haven’t been victimized – yet. Let’s clear the fog. Ransomware is a type of virus designed to deny access to a computer system or data until a ransom is paid.Some of the most vulnerable and critical agencies are being targeted – state, city and educational […]
- BrandPost: Managing Risks with Limited Resources August 20, 2019According to a recent Forbes Insights survey, an overwhelming consensus among CISOs (84%) is that the risk of cyberattack is high and is only going to get worse. Nearly a quarter of those respondents believe that the capabilities of attackers are outpacing their ability to defend their organization.A Perfect Storm This perception is due to […]
- How to market security: 8 tips for recruiting users to your cause August 20, 2019The figures aren’t encouraging: Recent reports have concluded that most employees don’t know much about cybersecurity best practices.To read this article in full, please click here(Insider Story)
- How much should you spend on security? August 20, 2019How much should an organization spend on security? The simple answer: It depends.To read this article in full, please click here(Insider Story)
- Forced Password Reset? Check Your Assumptions August 21, 2019Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site's efforts to identify customers […]BrianKrebs
- The Rise of “Bulletproof” Residential Networks August 19, 2019Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Most often, those connections are hacked computers, mobile phones, or home routers. But this is the story of a sprawling "bulletproof residential VPN" service that appears to have been built by acquiring chunks of Internet addresses from some […]BrianKrebs
- Meet Bluetana, the Scourge of Pump Skimmers August 14, 2019"Bluetana," a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help […]BrianKrebs
- Patch Tuesday, August 2019 Edition August 13, 2019Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it's all going to turn out. Fortunately, this month's patch batch from Redmond is mercifully […]BrianKrebs
- SEC Investigating Data Leak at First American Financial Corp. August 12, 2019The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.BrianKrebs
- iNSYNQ Ransom Attack Began With Phishing Email August 9, 2019A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQ's internal network to properly stage things before unleashing the ransomware. […]BrianKrebs
- Who Owns Your Wireless Service? Crooks Do. August 7, 2019Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists. If you are somehow under the […]BrianKrebs
- The Risk of Weak Online Banking Passwords August 5, 2019If you bank online and choose weak or re-used passwords, there's a decent chance your account could be pilfered by cyberthieves -- even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to […]BrianKrebs
- What We Can Learn from the Capital One Hack August 2, 2019On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown "zero-day" flaw, or an "insider" attack in which the accused took advantage of access surreptitiously obtained from her former employer. […]BrianKrebs
- Capital One Data Theft Impacts 106M People July 30, 2019Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breached played out publicly over several months on social media and other open online platforms. What follows is a closer look at the accused, and what this […]BrianKrebs
- Google, Mozilla, Apple Block Kazakhstan's Root CA Certificate to Prevent Spying August 21, 2019In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software. Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the "Qaznet Trust Network" certificate […]
- Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics August 21, 2019Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla
- iOS 12.4 jailbreak released after Apple 'accidentally un-patches' an old flaw August 20, 2019A fully functional jailbreak has been released for the latest iOS 12.4 on the Internet, making it the first public jailbreak in a long time—thanks to Apple. Dubbed "unc0ver 3.5.0," the jailbreak works with the updated iPhones, iPads and iPod Touches by leveraging a vulnerability that Apple previously patched in iOS 12.3 but accidentally reintroduced […]
- Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data August 20, 2019Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal, Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and […]
- How Activity Logs Help WordPress Admins Better Manage Website Security August 20, 2019Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or your customers, you need a WordPress activity log […]
- Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers August 20, 2019Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its […]
- European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked August 16, 2019The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted […]
- Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again August 16, 2019If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. LibreOffice is one of the most popular and open source alternatives to Microsoft Office […]
- Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps August 16, 2019In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation. The media has also reported several recent crimes surrounding credit card skimmers, including: Gas pump skimmer found at a […]
- New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections August 16, 2019Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices