Weekly #cybersecurity digest to your inbox

Time to Warn Users About Black Friday & Cyber Monday Scams

Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.

Go to article at

15.5.2020

Phishing

Since 2013 More Than $26 Billion Has Been Scammed by Business Email Comprise and Email Account Compromise aka Spearphishing!

Tuesday, November 26, 2019 The FBI Internet Crime Complaint Center (IC3) announced “Domestic and international exposed dollar loss: $26,201,775,589 “ by BEC/EAC which “…is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests…. The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information or Wage and Tax Statement (W-2) forms.”  The September 10, 2019 FBI Public Service Announcement entitled “BUSINESS EMAIL COMPROMISE THE $26 BILLION SCAM” included these comments: The BEC/EAC scam continues to grow and evolve, targeting small, medium, and large business and personal transactions. The increase is also due in part to greater awareness of the scam, which encourages reporting to the IC3 and international and financial partners. The scam has been reported in all 50 states and 177 countries. Fraudulent transfers have been sent to at least 140 countries.

Go to article at

15.5.2020

Business-Email-Compromise

An Alarming Number of Software Teams Are Missing Cybersecurity Expertise

Go to article at

15.5.2020

CyberNow

When Rogue Insiders Go to the Dark Web

Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.

Go to article at

15.5.2020

Insider Attacks

Mixcloud Breach Exposes 21 Million User Records

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web. The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to examine and verify the authenticity of the data. We verified a portion of the data by validating emails against the site’s sign-up feature, though Mixcloud does not require users to verify their email addresses. But the data we sampled suggested there may have been as many as 22 million records based off unique values in the data set we were given. The breached data came from the same dark web seller who also alerted TechCrunch to the StockX breach earlier this year. The apparel trading company initially claimed its customer-wide password reset was for “system updates,” but later came clean, admitting it was hacked, exposing more than four million records, after TechCrunch obtained a portion of the breached data.

Go to article at

15.5.2020

Cloud Storage Misconfiguration

Mitsubishi Electric Discloses Information Leak

Electronics manufacturer Mitsubishi waits six months to declare breach

Go to article at

15.5.2020

Illegal Personal Data Processing

Phishing Attack Says You're Exposed to Coronavirus, Spreads Malware

A new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.

Go to article at

15.5.2020

Phishing

COVID-19 Phishing Update: Infected Coworker Email Targets Enterprise O365 Credentials

Threat actors are exploiting employee concerns about infected colleagues. Our latest example targets Office 365 accounts at a large Canadian company by falsely claiming a colleague has died from the virus. 

Go to article at

15.5.2020

Saved For Later,Phishing

How to Use Google Chrome Extensions and Themes in Microsoft Edge

Microsoft's new Edge browser is now available and it comes with an add-on store where you can find Microsoft-approved extensions. As Edge is built on the same Chromium code base, it can also access the Chrome Web Store. [...]

Go to article at

15.5.2020

CyberNow