How to Protect Yourself From a Spear Phishing Scam

Read Time:4 Minute, 9 Second

As the name implies, spear phishing attacks are highly targeted scams. They often occur in professional settings, where the scammers go after one “big phish,” such as a ranking employee with access to finances or data. From there, the scammers employ social engineering (aka manipulation) to trick the target into transferring funds to them or giving them access to sensitive company systems. Sometimes, it’s a mix of both.

Some of the most striking examples of spear phishing attacks come from the Shamoon2 attacks seen in Saudi Arabia back in 2016. Successive waves of attacks ultimately infected machines with malware and destroyed systems.

So, how did this specific spear phishing attack work, exactly? Cybercriminals targeted specific organizations in Saudi Arabia with emails that included malicious attachments in them. Then, when victims clicked and opened the attachment, they were infected, valuable company data was taken and systems were quickly wiped.

Spear phishing has been around for quite some time yet remains as effective as ever. Spear phishing’s success is based on familiarity. Usually, cybercriminals pretend to be an organization or individual that you know and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with.

For example, cybercriminals have taken advantage of tragedies in the headlines and used targeted emails claiming to be a charitable organization asking for donations. In the case of Shamoon2, the attackers lured in victims with a tempting email attachment sent from organizations the victims were likely to trust. But instead of giving to their charity of choice, or opening a seemingly harmless workplace attachment, victims then self-infect their systems with malware.

Moreover, we have seen spear phishing attacks take on an entirely new form with the advent of AI deepfakes. Now, instead of reaching out to victims via email, sophisticated scammers create deepfakes that pose as employees on video calls. All in real-time. Such was the case in Hong Kong in February 2024 where a host of deepfakes pressured a company’s finance officer into transferring $25 million to the scammers running the deepfakes.[i]

Moral of the story: spear phishing (and regular phishing) attacks can be tricky. However, fear not, there’s a lot you can do to stay on top of this threat.

For starters:

Go straight to the source.

Spear phishing attacks can be easily deceiving. In fact, cybercriminals have been able to impersonate known, credible charities or an employer’s business partners and customers. So, if you receive an email from an organization asking for donations or a partner asking you to open a file you didn’t request, a good rule of thumb is to go directly to the organization through a communications channel other than email. Go to the company’s site and do more research from there. That way, you can ensure you’re gaining accurate information and can interact with the right people, rather than cyber-attackers.

Always check for legitimacy first. Spear phishing emails rely on you—they want you to click a link, or open an attachment. But before you do anything, you always need to check an email’s content for legitimacy. Hover over a link and see if it’s going to a reliable URL. Or, if you’re unsure about an email’s content or the source it came from, do a quick Google search and look for other instances of this campaign, and what those instances could tell you about the email’s legitimacy.

Fraudsters do their research — keep your guard up.

Fraudsters select their victims carefully in these targeted attacks. They hunt down employees with access to info and funds and then do their research on them. Using public records, data broker sites, “people finder” sites, and info from social media, fraudsters collect intel on their marks. Armed with that, they can pepper their conversations with references that sound more informed, more personal, and thus more convincing. Just because what’s being said feels or sounds somewhat familiar doesn’t always mean it’s coming from a trustworthy source.

Clean up your online presence.

With that, employees can reduce the amount of personal info others can find online. Features like McAfee Personal Data Cleanup can help remove personal info from some of the riskiest data broker sites out there. I also keep tabs on those sites if more personal info appears on them later. Additionally, employees can set their social media profiles to private by limiting access to “friends and family only,” which denies fraudsters another avenue of info gathering. Using our Social Privacy Manager can make that even easier. With just a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

[i] https://metro.co.uk/2024/02/05/horrifying-deepfake-tricks-employee-giving-away-20-million-20225490/

The post How to Protect Yourself From a Spear Phishing Scam appeared first on McAfee Blog.

Read More

USN-6802-1: PostgreSQL vulnerability

Read Time:39 Second

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization
in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged
database user can use this issue to read most common values and other
statistics from CREATE STATISTICS commands of other users.

NOTE: This update will only fix fresh PostgreSQL installations. Current
PostgreSQL installations will remain vulnerable to this issue until manual
steps are performed. Please see the instructions in the changelog located
at /usr/share/doc/postgresql-*/changelog.Debian.gz after the updated
packages have been installed, or in the PostgreSQL release notes located
here:

https://www.postgresql.org/docs/16/release-16-3.html
https://www.postgresql.org/docs/15/release-15-7.html
https://www.postgresql.org/docs/14/release-14-12.html

Read More

Supply Chain Attack against Courtroom Software

Read Time:40 Second

No word on how this backdoor was installed:

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack.

The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings. Its maker, Louisville, Kentucky-based Justice AV Solutions, says its products are used in more than 10,000 courtrooms throughout the US and 11 other countries. The company has been in business for 35 years.

It’s software used by courts; we can imagine all sort of actors who want to backdoor it.

Read More

USN-6800-1: browserify-sign vulnerability

Read Time:14 Second

It was discovered that browserify-sign incorrectly handled an upper bound check
in signature verification. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a signature forgery attack.

Read More

Transitioning from On-Premise Storage to AWS Cloud: A Strategic Guide for Companies

Read Time:4 Minute, 34 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s digital world, businesses face the challenge of managing ever-expanding volumes of data efficiently and securely. Traditional on-premise storage solutions often come with limitations in scalability, flexibility, and cost-effectiveness. Recognizing these drawbacks, many companies are turning to cloud computing platforms like Amazon Web Services (AWS) to harness the power of cloud storage solutions. Transitioning from on-premise storage to AWS cloud can be a transformative journey for businesses, enabling them to streamline operations and enhance data accessibility. In this article, we will explore the steps involved in this transition and the benefits it offers to businesses.

Understanding the Need for Transition

Before exploring the transition process, it’s crucial for businesses to understand the reasons behind their decision to migrate from on-premise storage to the AWS cloud. Several factors often drive this decision:

Scalability: On-premise storage solutions have limited capacities, making it challenging for businesses to scale their storage infrastructure rapidly in response to growing amounts of data. AWS cloud offers virtually unlimited storage capacity, allowing businesses to scale up or down as needed without the hassle of physical hardware upgrades.

Flexibility: Traditional storage architectures lack the ability to adapt to changing business requirements quickly. AWS cloud provides a wide range of storage services, such as Amazon S3, Amazon EBS, and Amazon Glacier, each tailored to specific use cases. This flexibility enables businesses to choose storage solutions that best suit their needs and easily adjust them as requirements evolve.

Cost Efficiency: Maintaining on-premise storage infrastructure requires significant upfront investments in hardware, maintenance, and personnel. AWS cloud operates on a pay-as-you-go model, allowing businesses to pay only for the resources they consume. This cost-efficient approach eliminates the need for extraneous expenditures and reduces overall storage costs.

Enhanced Security and Compliance: AWS offers robust security features and compliance certifications, ensuring data stored in the cloud remains protected against threats and meets regulatory requirements. By leveraging AWS security services like AWS Identity and Access Management (IAM) and Amazon Macie, businesses can enhance data security and ensure compliance.

Strategic Steps in Transitioning to AWS Cloud

Transitioning from on-premise storage to AWS cloud requires careful planning and execution to minimize disruption to business operations. Here are strategic steps involved in the transition process:

Assessment and Planning: Begin by conducting a comprehensive assessment of your existing on-premise storage infrastructure, including data volumes, types, and access patterns. Identify workloads suitable for migration to the cloud and prioritize them based on business criticality. Develop a detailed migration plan outlining timelines, resource requirements, and potential challenges.

Data Migration Strategy: Choose the appropriate migration strategy based on your business requirements and data characteristics. AWS offers several migration options, including:

Rehosting: Migrate existing virtual machines or applications to AWS using services like AWS Server Migration Service (SMS). 
Replatforming: Optimize applications for cloud-native architectures while retaining core functionalities. 
Refactoring: Redesign applications to leverage cloud-native services and take full advantage of AWS capabilities.
Repurchasing: Replace on-premise software with equivalent Software-as-a-Service (SaaS) offerings available on AWS Marketplace.

Setting Up AWS Environment: Provision the necessary AWS resources, including compute instances, storage volumes, and networking components, to support your migrated workloads. Leverage AWS services like Amazon EC2, Amazon S3, and Amazon VPC to create a scalable and secure cloud environment.

Data Migration Execution: Execute the migration plan in phases, starting with non-critical workloads to validate the migration process before moving mission-critical data. Utilize AWS Data Migration Service (DMS) or third-party migration tools to securely transfer data from on-premise storage to AWS cloud while minimizing downtime and data loss.

Testing and Validation: Conduct thorough testing of migrated workloads to ensure functionality, performance, and data integrity meet expectations. Validate that applications operate seamlessly in the AWS cloud environment and perform any necessary optimizations.

Optimization and Governance: Continuously monitor and optimize your AWS environment to improve cost efficiency, performance, and security. Implement AWS Cost Explorer and AWS Trusted Advisor to gain insights into resource utilization, identify cost-saving opportunities, and enforce governance policies.

Training and Skill Development: Provide training and upskilling opportunities for your IT team to familiarize them with AWS services and best practices for cloud management. Encourage continuous learning to stay ahead of new AWS offerings and industry trends.

Benefits of Transitioning to AWS Cloud

Transitioning from on-premise storage to AWS cloud offers a multitude of benefits for businesses, including:

Scalability: Scale storage resources up or down to accommodate changing business needs without upfront investments in hardware.

Flexibility: Choose from a wide range of storage services and configurations to meet workload needs.

Cost Efficiency: Pay only for the resources you consume, reducing overall storage costs and eliminating the need for hardware maintenance.

Security and Compliance: Leverage AWS security features and compliance certifications to enhance data protection and meet regulatory requirements.

Conclusion

Transitioning from on-premise storage to AWS cloud represents an opportunity for businesses to modernize their IT infrastructure, improve operational efficiency, and increase cost savings. By following a systematic approach to migration and leveraging the benefits of AWS cloud services, businesses can unlock new possibilities for growth and stay competitive in today’s digital age. Embrace the journey to the cloud and empower your business to thrive in the digital world.

Read More

ZDI-24-526: (Pwn2Own) VMware Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-22267.

Read More

CyberDanube Security Research 20240528-0 | Multiple Vulnerabilities in ORing IAP-420

Read Time:15 Second

Posted by Thomas Weber via Fulldisclosure on May 29

CyberDanube Security Research 20240528-0
——————————————————————————-
title| Multiple Vulnerabilities
product| ORing IAP-420
vulnerable version| 2.01e
fixed version| –
CVE number| CVE-2024-5410, CVE-2024-5411
impact| High
homepage| https://oringnet.com/
found| 2024-01-19
by| T. Weber…

Read More