Smashing Security podcast #329: Pornhub, Barbie dolls, and can you trust a free TV?

Read Time:24 Second

Just how much do porn websites know about your sexual peccadillos? How are Barbie dolls involved in identity scams? And would you trust a completely free telly?

Oh, and Graham has some opinions to share about “Indiana Jones and the Dial of Destiny”.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Matt Davey from the “Random but Memorable” podcast.

Read More

Phony Valentines: Online Dating Scams and How to Spot Them

Read Time:8 Minute, 21 Second

Sarah didn’t see it coming.  

A single mom in her late 40s, “Sarah” was especially lonely after her divorce (name changed to protect her identity). Her teenager had convinced her to join a dating site, so she created a profile on a popular app. After a handful of dates fell flat, she found Scott (name also changed). He was charismatic, kind. “We had an instant connection,” according to Sarah.  

They spent hours on the phone sharing their deepest secrets and even started imagining a future together. But after about three months, Scott fell on hard times. At first, he needed to borrow $400 to pay for airfare to visit a dying relative, which he paid back immediately. Over the next few months, the numbers grew to $1,000 for rent and $3,000 for a business venture.  

Repayments for those loans never came, and before long, Sarah had loaned her new love over $8,500. When she pressed him for the money, Scott ghosted Sarah online, moved out of town, and she never saw him again. She didn’t share her story with many people. She didn’t report it. She was too embarrassed and humiliated and even became depressed following what she calls “the Scott scam.” Painfully, she lost her trust in others. 

Sarah isn’t alone. In the U.S. alone, about 70,000 people reported a romance scam in 2022, according to the Federal Trade Commission (FTC). Reported losses hit $1.3 billion with a median loss of $4,400. And with such statistics, those figures reflect only what was reported. How many other “Sarahs” in the U.S. got scammed and never reported it? How many worldwide? 

That’s the pain of online dating and romance scams. Financial and emotional pain gets compounded by feelings of embarrassment and humiliation. After all, the victims were looking for love and companionship. 

And that’s what scammers count on. Yet that shouldn’t stop you from a romance that springs online. With a strong heart and sharp eye, you can spot a scam and put an end to it before any damage gets done. 

How do online dating and romance scams get started?  

Dating and romance scams can start several ways. They might begin on dating apps and sites, just like in Sarah’s case. Yet they can happen elsewhere and even pop out of the blue too. Scammers will prowl around on social media, texts, and online games by pinging potential victims with an unexpected introductory message—a sort of digital opening line. In fact, the FTC reports that 40% of online dating and romance scams began with a message on social media, versus only 19% on dating apps. 

With the initial connection made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in. Often, that will involve their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization, or working in the sort of jobs that would prevent them from otherwise easily meeting up in person.  

With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:  

For a plane ticket or other travel expenses.  
For medical expenses.  
Customs fees to retrieve something.  
Gambling debts.  
A visa or other official travel documents.  

The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.  

How scammers will ask you to pay  

People who have filed fraud reports say they’ve paid their scammer in a few typical ways.   

One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.  

Another way is through gift cards. Scammers of all stripes, not only romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, when that gift card is handed over, the money on it is highly difficult to recover, if at all.  

One more common payment is through reloadable debit cards. A scammer might make an initial request for such a card and then make several follow-on requests to load it up again.   

In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch when the scam ends.  

How to avoid getting stung by an online dating or romance scam  

When it comes to meeting new people online, the FTC suggests the following:  

Never send money or gifts to someone you haven’t met in person—even if they send you money first.  
Talk to someone you trust about this new love interest. It can be easy to miss things that don’t add up. So pay attention if your friends or family are concerned.  
Take the relationship slowly. Ask questions and look for inconsistent answers.  
Try a reverse-image search of any profile pictures the person uses. If they’re linked with another name or with details that don’t match up, it’s a scam.  

Scammers, although heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They might jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, remember that some scammers might be working with several victims at once, which is yet another opportunity for them to get confused and slip up. Keep an eye out for that. Inconsistencies are the watermarks of a scam. 

Protecting yourself further from scams  

1. Lock down your privacy on social media

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.  

2. Google yourself, and then remove what you find

Have you ever googled yourself online? You’ll find personal info like your date of birth, previous addresses, names of your children and their ages, your estimated income, and more. This information is collected by data brokers and available for sell to advertisers or worse—like scammers. Sophisticated scammers use this information to profile and exploit their victims further. A Personal Data Cleanup service can help you remove this kind of personal data from the web. ​ 

3. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers might be more than a romance scammer. They could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.  

4. Go light on the details in your dating profile

To the extent that you can, provide the minimum amount of details in your dating profile. Granted, this requires a bit of a balancing act. You want to put some information out there to help find a match, yet too much can give you and your location away. Same for your profile pics. Be sure yours have a generic-looking background, rather than anything that might identify where you live, work, or go to school.  

5. Protect yourself and your devices

Online protection software can steer you clear from clicking on malicious links that a scammer might send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief might put to use. With identity theft a rather commonplace occurrence today, security software is really a must.  

Put an end to it  

If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that might feel.  

Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you might want to file a police report, which we cover in our broader article on identity theft and fraud.   

If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.   

Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact might help others from falling victim too.  

The post Phony Valentines: Online Dating Scams and How to Spot Them appeared first on McAfee Blog.

Read More

CVE-2020-23452

Read Time:11 Second

A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.

Read More

What is the difference between incident response & threat hunting?

Read Time:7 Minute, 4 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

When it comes to protecting data in an evolving threat landscape, two common strategies are at the forefront: incident response and threat hunting. While both processes can safeguard an organization’s data, their approaches, objectives, and execution differ significantly.

Understanding the differences between the two strategies is critical for organizations aiming to:

develop a comprehensive cybersecurity approach,
effectively manage incidents,
proactively detect threats, 
and build a skilled cybersecurity workforce.

Incident response vs. threat hunting: The basics

Incident response is a reactive process that typically begins when a security breach occurs. It involves a set of processes and procedures used to manage and respond to a cyberattack. The goal is to identify and respond to any unanticipated, disruptive event and limit its impact on the business, minimizing damage and recovery time. Examples of cyberattacks include network attacks such as denial of service (DoS), malware, or system intrusion, to more internal incidents like accidents, mistakes, or system or process failures.

Robust incident response requires the right team, a well-developed plan, and excellent communication.

According to the National Institute of Standards and Technology, the four crucial elements of a robust Incident Response Plan (IRP) should include:

Preparation
Detection and analysis
Containment and eradication
Post-incident recovery approach

Threat hunting, on the other hand, is about being more proactive. It systematically analyzes an organization’s security posture to identify potential threats before they become active. Threat hunting typically involves looking for threats within your environment and resources that are either compromised or have the potential to be compromised. Risks run the gamut from vulnerabilities with outdated software, insecure access control, or misconfiguration.

In most organizations, threat hunting is conducted by traditional IT security teams and even Incident Response teams. Organizations that have a security operations center (SOC) will often have that team on the frontlines.

Organizations without a SOC or dedicated security team may not be capable of performing threat hunting, but in today’s evolving threat landscape, someone needs to be responsible.

The interplay between incident response and threat hunting

First things first: incident response and threat hunting are not mutually exclusive. In fact, they complement each other as crucial elements of a well-rounded cybersecurity strategy.

Threat hunting can significantly enhance incident response. What this means is that by proactively identifying potential threats, organizations can prevent incidents from occurring in the first place. When incidents do occur, the insights gained from threat hunting can help incident response teams understand the nature of the threat faster and respond more effectively.

So it only makes sense then that incident response can boost threat hunting efforts. By analyzing incidents after they occur, organizations can gain valuable insights into the tactics, techniques, and procedures (TTPs) used by adversaries. These insights can then be used to enhance threat hunting strategies, making them more effective at identifying potential threats.

Empowering organizations through understanding

Understanding the difference between incident response and threat hunting empowers organizations to develop a more comprehensive cybersecurity approach. By knowing when to use each strategy and how they can complement each other, security teams can more effectively manage incidents, proactively detect threats, and protect their systems, data, and reputation.

This knowledge can also help organizations build a more skilled cybersecurity workforce. By training (or hiring) employees in both incident response and threat hunting, organizations can ensure they have the expertise needed to respond to a wide range of cybersecurity challenges.

EDR, XDR, and MDR: How they help with threat detection and response

The role of Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) is a critical component of both incident response and threat hunting. EDR solutions provide visibility into activities surrounding endpoints and allow companies to detect and respond to threats that might not trigger traditional prevention rules. This often leads to faster, more effective incident response.

In the context of threat hunting, EDR solutions can provide valuable insights into endpoint activities, helping organizations identify potential threats before they become active issues. This proactive approach can significantly reduce the time between intrusion and discovery, as time is the most crucial factor in the event of a breach or incident.

The role of Extended Detection and Response (XDR)

Extended Detection and Response (XDR) is an emerging category in cybersecurity that extends the capabilities of Endpoint Detection and Response (EDR). XDR not only focuses on endpoints but also integrates multiple security products into a cohesive security incident detection and response solution. This approach provides broader visibility and context, enabling security teams to detect and respond to threats across various attack vectors, including networks, cloud, endpoints, and applications.

XDR provides several benefits, including improved visibility, simplified security operations, and scalability.

Automated threat hunting is a core component of advanced EDR and XDR solutions. By automating threat hunting activities, organizations can focus their resources on incident investigation and rapid response. This can significantly enhance both incident response and threat hunting, leading to faster detection and response times and improved overall security.

The Importance of Managed Detection and Response (MDR)

Managed Detection and Response (MDR) is a service that combines technology with human expertise to detect and respond to threats in real time. MDR providers use advanced analytics, threat intelligence, and human expertise to monitor, detect, investigate, and respond to threats on behalf of their clients.

MDR services provide some key benefits for organizations that need help with threat hunting and incident response:

24/7 Monitoring and response: MDR providers monitor an organization’s environment around the clock, ensuring that threats are detected and responded to promptly, minimizing potential damage.

Access to expertise: MDR services give organizations access to a team of cybersecurity experts. This is particularly beneficial for organizations that lack the resources to build and maintain an in-house security team.

Proactive threat hunting: Unlike traditional managed security services, MDR providers proactively hunt for threats in an organization’s environment, helping to detect and mitigate threats before they can cause damage.

Cost efficiency: MDR services can be more cost-effective than building and maintaining an in-house security operations center (SOC). They provide access to advanced security capabilities without the need for significant upfront investment in technology and personnel.

The importance of centralized security visibility

Centralized security visibility is a key piece of the unified cybersecurity platform puzzle. Visibility is crucial for both incident response and threat hunting as you can’t detect or respond to things you can’t see. Essentially, visibility allows organizations to detect and respond to threats wherever they unfold, whether in cloud or on-premises environments.

It’s also important to note that centralized security visibility also simplifies compliance efforts. By consolidating security monitoring and compliance management into a single platform, organizations can more easily demonstrate compliance during audits. With more compliance rules and regulations coming into effect, the ability to reduce the time, resources, and costs associated with compliance can be a game-changer.

How AT&T Cybersecurity can help with incident response and threat hunting

In today’s increasingly complex threat landscape, you need a comprehensive, unified solution that can handle both incident response and threat hunting. USM Anywhere from AT&T Cybersecurity offers a unified platform that combines multiple security capabilities, including EDR, SIEM, network intrusion detection, File Integrity Management (FIM), vulnerability assessment, and more.

This approach provides a single pane of glass for security monitoring, reducing cost and complexity.

If you don’t have the resources to handle incident response or threat hunting internally, AT&T Cybersecurity can help. With our Incident response services, AT&T has experts who can support or supplement your team when suspected unauthorized activities are detected with a full incident management program that includes detection, triage, response, and containment and prevention planning.

Or, you can have your entire organization protected with 24×7 security monitoring from AT&T Cybersecurity Managed Extended Threat Detection and Response, powered by our award-winning USM Anywhere platform and AT&T Alien Labs™ threat intelligence.

Don’t wait for a security breach to occur before taking action. Proactively protect your organization today.

Take the next step to fortify your organization’s security.

Contact AT&T Cybersecurity today to explore how our incident response and threat hunting solutions can empower your business. Don’t wait for a security breach to occur—act now and protect your organization.

Learn more

Read More