Fraud on Zelle

Read Time:1 Minute, 16 Second

Zelle is rife with fraud:

Zelle’s immediacy has also made it a favorite of fraudsters. Other types of bank transfers or transactions involving payment cards typically take at least a day to clear. But once crooks scare or trick victims into handing over money via Zelle, they can siphon away thousands of dollars in seconds. There’s no way for customers — and in many cases, the banks themselves — to retrieve the money.

[…]

It’s not clear who is legally liable for such losses. Banks say that returning money to defrauded customers is not their responsibility, since the federal law covering electronic transfers — known in the industry as Regulation E ­– requires them to cover only “unauthorized” transactions, and the fairly common scam that Mr. Faunce fell prey to tricks people into making the transfers themselves. Victims say because they were duped into sending the money, the transaction is unauthorized. Regulatory guidance has so far been murky.

When swindled customers, already upset to find themselves on the hook, search for other means of redress, many are enraged to find out that Zelle is owned and operated by banks.

[…]

The Zelle network is operated by Early Warning Services, a company created and owned by seven banks: Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank and Wells Fargo. Early Warning, based in Scottsdale, Ariz., manages the system’s technical infrastructure. But the 1,425 banks and credit unions that use Zelle can customize the app and add their own security settings.

Read More

Post Title

Read Time:21 Second

Multiple vulnerabilities have been discovered in PTC Axeda Agent and Axeda Desktop Server, the most severe of which could allow for remote code execution. PTC Axeda is a cloud based remote access solution commonly used for devices within the healthcare industry. Successful exploitation of these vulnerabilities could result in full system access, remote code execution, read/change configuration, file system read access, log information access, and a denial-of-service condition.

Read More

5 Prevalent digital marketing Cybersecurity concerns to watch out for

Read Time:5 Minute, 46 Second

This blog was written by an independent guest blogger.

Over the past several years, cyberattacks have become increasingly more prevalent. As such, understanding cybersecurity has become increasingly important. 

Digital marketing has now become an entire industry, and as a result, there are more opportunities than before for malicious actors to carry out attacks. Marketers are now equally as vulnerable to cyber-attacks as other online professions. Therefore, marketers need to be aware of these areas where threats continue to emerge.

Here are the top five most prevalent digital marketing cybersecurity concerns that you need to watch out for:

1 – Phishing and email marketing

Email marketing campaigns are one of the most common ways marketers reach out to customers. However, email is also one of the most common tools used by bad actors to acquire data and to attack Internet users. Marketers themselves use email too, so they are also vulnerable to these types of attacks.

Recently, $1.7M worth of NFTs was stolen in a phishing attack, highlighting the need for awareness and training surrounding phishing. Many companies are reporting a rise in phishing attacks compared to before the pandemic. Phishing attacks typically involve some type of social engineering to work. Scammers usually request sensitive information while posing as a legitimate source. 

Training your team, including marketers, to scrutinize requests for information and verify the legitimacy of a request can help reduce the potential for phishing attacks to be effective. Additionally, reporting suspicious activity to the correct manager can allow your IT department to swiftly respond.

By introducing training programs and educating marketers, you can cut down on the potential for phishing attacks to target your marketing team.

2 – Fraud and social media marketing

Today, the average person spends 1 hour and 23 minutes per day on social media. That’s why companies looking for ways to recruit employees often turn to social media marketing. However, social media can also be used for fraud and deception.

Like phishing scams, social media fraud often involves people posing as someone that they are not, and then tricking users into giving up information. In many cases, users will be asked to download software which is then used to load ransomware onto the user’s machine.

Marketers are often on social media, either for personal use or for professional reasons. In either case, marketers are just as vulnerable to social media scams as anyone else. Marketers should always use strict judgment when responding to requests for information online. 

Additionally, avoiding downloading anything from social media onto business machines can be a simple, yet effective, way to protect your data. Remember to protect your privacy online when using social media.

3 – eCommerce Remote Code Execution Attacks and Other Vulnerabilities

Marketers should also be aware of potential vulnerabilities involving eCommerce platforms. This past month Adobe found itself scrambling to issue multiple patches for a vulnerability that impacted Magento Open Source and Adobe Commerce. The exploit required two different patches in order to resolve the vulnerability. 

The vulnerabilities allowed hackers to run remote code on platforms without authentication or administrative privileges. This attack underlines how eCommerce can be a particularly vulnerable area for marketers. Adobe isn’t the only platform that has run into trouble either. Shopify also experienced its own share of cyberattacks in 2020.

Marketers should consider utilizing multi-layer protection on their content delivery network (CDN). This will help prevent denial of service-type attacks. Additional monitoring of potential software vulnerabilities will also enable security holes to be patched when they become known. 

Lastly, like other areas that this article has discussed, educating marketers and users themselves can help prevent security breaches. Educating teams about two-factor authentication and stronger password policies can prevent other types of attacks from occurring on your eCommerce platforms.

4 – Brute force attacks, password vulnerabilities, and content marketing

Strong passwords and two-factor authentication are not just for eCommerce platforms. Content management systems (CMSs) are also vulnerable to brute force-type attacks. For example, WordPress has experienced a number of attacks and vulnerabilities over the years. Marketers should be aware of these vulnerabilities because they frequently have to work with CMS systems. Developing a business plan that involves how to respond to cyberattacks on your CMS systems is crucial to protecting yourself.

Outdated plugins that haven’t been kept up-to-date should be removed. Unneeded plugins should also be removed. This will help limit your potential attack vectors. WordPress has security plugins available too that can also help mitigate attacks. As discussed earlier, best password practices should be embraced. Also, you can consider investing in software that offers endpoint protection.

Develop a plan and strategy for how to protect your data. Picking the right tools and staying educated are the best ways for marketers to make sure their content management systems stay safe and protected. Remember to implement best-password practices and leverage two-factor authentication to protect logins.

5 – Customer relationship management (CRM) software and malware attacks

CRM systems can also be another potential attack vector. Customer relationship management software is essential in most businesses today. Marketers often have access to these systems for a variety of reasons. Last year, US Cellular experienced a CRM data breach that occurred because employees had downloaded malware onto their computers, which then allowed hackers to access US Cellular’s CRM system.

This attack illustrates how cybersecurity impacts marketers because marketers often have access to sensitive personal data. Unauthorized data access isn’t the only thing marketers should be worried about when it comes to CRMs. Companies looking to recruit new employees should make sure that they are trained on how to properly and securely handle sensitive customer data before beginning work.

Another major problem with malware is that it can cause you to lose access to your data. Hackers can steal your data and then erase it using malware or they can hold it hostage and require you to pay a ransom. A data backup solution can help prevent losing access to important digitally-stored information.

A good way to address the risks associated with CRM platforms is to increase security protocols. Like with other vulnerabilities, marketers need to be educated and they should avoid downloading programs from untrustworthy places. Any computing devices that are used for work should have their software installations limited. These types of protocols can help prevent unauthorized access from occurring and can prevent malware from infecting your system.

Conclusion

The most widely applicable information is that marketers need to be cognizant of where they download programs from. Hackers and other bad actors frequently utilize social engineering to trick individuals into downloading malware and ransomware. Once hackers have entered into a system using these tools they can quickly access data from across an organization. By being aware of these attack vectors and undergoing training, marketers can become more experienced in cybersecurity and can help keep their data safe.

Read More

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Read Time:34 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for Arbitrary Code Execution.

Illustrator is a vector graphics editor and design program.
Photoshop is a graphics editor.
Adobe After Effects is a digital visual effects, motion graphics, and compositing application.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Responding to heightened cyberattack risk: Focus on the basics

Read Time:33 Second

A SANS Institute webcast about Russian cyberattack escalations in Ukraine presented a couple of takeaways. The first: Don’t panic. Too often with security issues we think the worse; we may overreact and make the situation worse. Instead, focus on the basics. The second is that we need to pay more attention to network traffic.

Take care of security basics first

When reviewing your network for potential cyber threats, don’t make things worse by making misconfigurations that will create more problems. Spend time on the basics and on other projects that you probably should have worked on earlier.

To read this article in full, please click here

Read More