Read Time:4 Second
The data excludes compliance fines, ransomware costs and losses from non-operational processes
Monthly Archives: November 2022
Apple’s Device Analytics Can Identify iCloud Users
Read Time:42 Second
Researchers claim that supposedly anonymous device analytics information can identify users:
On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.
Apple has long claimed otherwise:
On Apple’s device analytics and privacy legal page, the company says no information collected from a device for analytics purposes is traceable back to a specific user. “iPhone Analytics may include details about hardware and operating system specifications, performance statistics, and data about how you use your devices and applications. None of the collected information identifies you personally,” the company claims.
Apple was just sued for tracking iOS users without their consent, even when they explicitly opt out of tracking.
USN-5734-1: FreeRDP vulnerabilities
Read Time:42 Second
It was discovered that FreeRDP incorrectly handled certain data lenghts. A
malicious server could use this issue to cause FreeRDP clients to crash,
resulting in a denial of service, or possibly obtain sensitive information.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
22.04 LTS. (CVE-2022-39282, CVE-2022-39283)
It was discovered that FreeRDP incorrectly handled certain data lenghts. A
malicious server could use this issue to cause FreeRDP clients to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
CVE-2022-39320)
It was discovered that FreeRDP incorrectly handled certain path checks. A
malicious server could use this issue to cause FreeRDP clients to read
files outside of the shared directory. (CVE-2022-39347)
CVE-2022-0222
Read Time:19 Second
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)
10 Ways to spot a phishing attempt
Read Time:6 Minute, 22 Second
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Phishing attacks are becoming more and more common, and they’re only getting more sophisticated. While there are a variety of ways to defend yourself against phishing attacks, one of the best methods is simply to be able to spot them. With that in mind, here are 10 common signs that an email or other communication may be a phishing attempt.
Calls from an unknown number
If you get a call from an unknown number, and the caller claims to be from your bank or another organization, be very careful. This is a classic phishing tactic.
The caller will try to obtain personal information from you, such as your credit card number or Social Security number. They might also try to get you to click on a link that will install malware on your computer.
Don’t give out any personal information to someone who calls you out of the blue. And if they try to get you to click on a link, don’t do it. Hang up and call the organization they claimed to be from using a number you know to be legitimate (e.g., the number on the back of your credit card or from the organization’s website).
What’s more, consider doing a reverse phone lookup on them to see where the number is actually originating from.
The message is not personalized
If you receive an email that doesn’t address you by name or refers to you as “Dear User” or “Dear Valued Customer,” be wary. Phishing emails often use generic greetings in an attempt to seem more widespread – and less suspicious – than they actually are.
That’s because they are usually sent out en masse as part of a massive automated campaign. Phishers usually just have a list of email addresses and the idea isn’t to find out the name of the person it belongs to or do any kind of in-depth personalization, but to get as many people as possible to click on the links in their message.
The sender’s email address doesn’t match the organization they’re claiming to represent
This is a pretty straightforward way to spot a phishing attempt. If you get an email purporting to be from your bank, but the email address it comes from is something like johnsmith12345@gmail.com, then it’s pretty clear that something is not right.
Organizations won’t send out official communications from a Gmail or Hotmail address. They will always use their own domain name (e.g., WellsFargo.com, PayPal.com). So, if the email you receive is coming from anything other than an organization’s official domain, it’s a huge red flag.
There are grammatical errors or typos in the email
If you receive an email that is full of grammatical errors, typos, or just generally seems to be poorly written, it’s a good indicator that it’s a phishing email.
Phishers often send out their emails quickly and without much care or attention to detail. So if an email looks like it was dashed off in a hurry, with no regard for proper spelling or grammar, it’s probably a phishing email.
Phishing scams also originate overseas, and the architects of these scams aren’t native English speakers. So another giveaway that an email might be a phishing attempt is if it contains poor grammar or strange phrasing.
The message is urgent or includes a sense of urgency
Phishers often try to create a sense of urgency in their emails in order to get people to act quickly without thinking. They might say that your account is about to be closed, or that you need to take action immediately to prevent some kind of negative consequence.
Of course, none of this is true. Phishers just want to create a sense of urgency so that you’ll click on their links without thinking. So, if an email includes language that tries to create a sense of urgency, be wary.
The email contains attachments that you weren’t expecting
If you receive an email with an attachment that you weren’t expecting, be very careful before opening it. This is another common phishing tactic.
The phisher will send you an email with an attachment that appears to be benign, such as a PDF document or an image. But when you open the attachment, it will install malware on your computer.
If you weren’t expecting an email with an attachment, be very careful before opening it. If you don’t know the sender, or if the email looks suspicious in any way, don’t open the attachment. Delete the email and move on.
The email contains threats or ultimatums
Phishers will sometimes try to intimidate their victims into taking action by including threats or ultimatums in their emails. They might say that your account will be closed if you don’t take action, or that you’ll be subject to legal action if you don’t respond.
Of course, none of this is true. Phishers just want to scare you into taking action without thinking. So, if an email includes threats or ultimatums, it’s a good indicator that it’s a phishing attempt.
The email asks for personal information
Phishers will often try to obtain personal information from their victims, such as credit card numbers, Social Security numbers, or login credentials. They might do this by asking you to fill out a form with your personal information. Or they might include a link that takes you to a fake website where you’re prompted to enter your personal information.
Never give out personal information in response to an email or click on a link that takes you to a website where you’re prompted to enter your personal information. If you need to update your account information, log in to the website directly and update it yourself. Don’t do it through an email or a link in an email.
The email is from a free email service
If an email is from a free email service like Gmail or Yahoo, that’s a red flag. While there’s nothing inherently wrong with free email services, phishers often use them to send their emails because they’re easy to create and don’t require any verification.
So if you receive an email from a free email service, be extra careful. It’s not necessarily a phishing attempt, but it’s worth taking a closer look before taking any action.
Someone with no followers or friends adds you on social media
This one is more common on social media sites like Facebook and LinkedIn. If someone with no followers or friends adds you, that’s a red flag. It’s possible that they’re just trying to build up their network, but it’s also possible that they’re a phisher.
If someone with no followers or friends adds you on social media, be careful before accepting their friend request. Take a look at their profile and see if anything looks suspicious. If you’re not sure, err on the side of caution and don’t accept their request.
Conclusion
Phishing is a serious problem, and it’s only getting worse. By understanding how phishing works and knowing what to look for, you can protect yourself from these attacks.
If you’re ever unsure about an email or a website, err on the side of caution and don’t take any action. It’s better to be safe than sorry. And if you think you might have been the victim of a phishing attack, change your passwords and run a virus scan on your computer just to be safe.
Estonian Duo Arrested for Masterminding $575m Ponzi Scheme
Know thy enemy: thinking like a hacker can boost cybersecurity strategy
Read Time:39 Second
As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they’re after.
That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it could mean deliberately disorienting them by creating scenarios that don’t match up to those expectations. “It’s about how to drive defenses by knowing how the adversaries actually behave,” says Morovitz, who is also group leader for MITRE Engage, a cyber adversary engagement framework.
Experts Warn Threat Actors May Abuse Red Team Tool Nighthawk
Credential Stuffers Steal $300K from DraftKings Customers
Alert (AA22-321A): #StopRansomware: Hive Ransomware
Read Time:2 Minute, 30 Second
FortiGuard Labs is aware of that the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released a joint advisory for Hive ransomware as part of their #StopRansomware effort. Hive ransomware is a Ransomware-as-a-Service (RaaS) consisting of developers and affiliates. It attempts to steal data, encrypt files on victims’ machines, and demand ransom recover affected files and prevent stolen data from being published to their data leak site, called “HiveLeaks,” on the DarkWeb.Why is this Significant?This is significant because Hive is a Ransomware-as-a-Service (RaaS) that, according to the advisory, has victimized more than 1,300 enterprises globally and extorted 100 million US dollars. The group has been active since June 2021 and did not only target private enterprises but also essential industries such as government organizations and healthcare services. What is Hive Ransomware?Hive is a Ransomware-as-a-Service (RaaS) consisting of two groups: developers and affiliates. Hive developers create, maintain, and update Hive ransomware and infrastructures such date leak site named “HiveLeaks” and negotiant site. Hive affiliates are responsible for finding and infecting victims, exfiltrating files, and deploying Hive ransomware to the victims’ network.The latest Hive ransomware iterations are written in the Rust programing language. Older variants are written in Go.Reported initial infection vectors include emails, exploiting vulnerabilities such as CVE-2020-12812, CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523.Hive ransomware encrypts files on victims’ machines and typically appends a “.hive” file extension to the affected files. It also drops a ransom note named “HOW_TO_DECRYPT.txt”, which instructs victims to visit a negotiation site on TOR.The advisory states that Hive ransomware is known to victimize organizations that were previously infected with Hive ransomware and recovered without paying ransom.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for recent Hive ransomware samples that we collected:W32/Filecoder_Hive.A!tr.ransomW32/Filecoder_Hive.B!tr.ransomW32/Hive.4a4e!tr.ransomW32/Hive.B0FF!tr.ransomW32/Hive.d10e!tr.ransomW32/Hive.FD38!tr.ransomW64/Filecoder.AW!tr.ransomW64/Filecoder_Hive.A!tr.ransomW64/Filecoder_Hive.B!tr.ransomW64/Hive.31ec!tr.ransomW64/Hive.6bcb!tr.ransomW64/Hive.71de!tr.ransomW64/Hive.7cec!tr.ransomW64/Hive.933c!tr.ransomW64/Hive.A!trW64/Hive.B0FF!tr.ransomW64/Hive.c2e4!tr.ransomW64/Hive.e550!tr.ransomW64/Hive.ea51!tr.ransomW32/Filecoder.507F!tr.ransomW32/Agent.0b0f!tr.ransomW32/Agent.32a5!tr.ransomW32/Agent.65e3!tr.ransomW32/Agent.69ce!tr.ransomW32/Agent.6d49!tr.ransomW32/Agent.7c49!tr.ransomW64/Agent.U!trAll network IOCs on the advisory are blocked by Webfiltering.FortiGuard Labs provides the following IPS signatures for the vulnerabilities reportedly exploited as initial infection vector by Hive threat actors:MS.Exchange.MailboxExportRequest.Arbitrary.File.Write (CVE-2021-31207)MS.Exchange.Server.Autodiscover.Remote.Code.Execution (CVE-2021-34473)MS.Exchange.Server.Common.Access.Token.Privilege.Elevation (CVE-2021-34523)