The attack is believed to have been committed by Conti ransomware gang

Read More

What’s worse than a surprise call from a law enforcement official telling you to pay a fine or be forced to serve time? Providing your personal information and paying that fine only to find out that it was all a scam. You didn’t miss jury duty; you didn’t commit a crime — you were just tricked into thinking that you did. 

Sound unbelievable? It’s more likely than you’d think. 

Who Are You Calling Criminal, Criminal? 

According to ZDNet1, the FBI released a warning about scammers impersonating government officials or law enforcement agencies to steal personal information and money from unsuspecting people. 

After acquiring phone numbers and names from real users, scammers use fake credentials from well-known law enforcement agencies to contact victims. Under the guise of these officials, scammers claim that the user’s identity was used in a crime and ask them to provide their social security number and date of birth for verification. The fraudsters will also call or text about apparently missed jury duty, missed court dates, warrants out for arrest, or other local fines that require payment to be solved. 

These criminals demand payment in multiple forms, but the most common are prepaid cards, wire transfers, and cash sent through mail or through cryptocurrency ATMs. If victims do not pay these fines or provide their personal information, the scammers in disguise will threaten them with potential prosecution or arrest. 

How to Identify Phishing Scams Over the Phone 

The FBI states that no law enforcement agency will ever contact you asking for money, but if you’re still unsure whether you’re being scammed, here are a few more phishing tips that can help: 

Confirm the source 

Unsolicited phone calls or texts are best avoided altogether or confirmed with a second source. Verify the caller’s identity with the organization they claim they represent. Ask for a name and position and make it clear you will be following up to verify their identity. 

Keep personal information private 

Do not reveal any personal or financial information over the phone, through text, or through a link provided in a text message. 

Lack of personalization 

Generic greetings that do not address you by name, especially when asking you to verify your identity or pay a fine, are a definite indicator that you may be being scammed. 

Spelling and layout 

Any strange grammar or spelling mistakes in a text message can be signs that this is someone impersonating an official agency, company, or higher-up to scam you. 

How to Identify Other Types of Phishing Scams 

Although scammers try to trick users over the phone, phishing scams can also happen over email. In addition to the tactics mentioned above, here are some extra tips on how to detect and avoid phishing emails: 

A sender address that’s just a bit off 

Cybercriminals will often impersonate well-known brands or individuals by using fraudulent email addresses with just a few alterations of letters or characters. An example is an email address that appears as “bank0famerica.con.” 

Hyperlinks 

If you receive a message or email with a link, hover over the link without clicking on it. This will allow you to see a link preview. If the URL looks suspicious or doesn’t match up with the content in the email, do not interact with it and delete the entire message. 

Attachments 

Be cautious of any attachment in an email. Scammers often use attachments as a sneaky way to deliver viruses and malware onto unsuspecting people’s devices. 

Protect Yourself From Phishing Attacks 

Phishing scams can be deceitful, especially with the added pressure of a seemingly real (but definitely fake) government official or law enforcement agency accusing you of breaking the law. However, by following the tips outlined above, you’ll be able to spot these scams from a mile away and stay safer online! 

The post What the FBI Wants You to Know About the Latest Phishing Scheme appeared first on McAfee Blog.

Read More

Finnish ministries of foreign affairs and defense forced offline earlier today by DDoS attacks

Read More

Orgs must know range of factors when managing supply chain risk, says (ISC)2’s CISO, Jon France

Read More

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey:

Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country’s largest police departments. We obtained records from eight police departments.

Of the 150 total police reports mentioning AirTags, in 50 cases women called the police because they started getting notifications that their whereabouts were being tracked by an AirTag they didn’t own. Of those, 25 could identify a man in their lives — ex-partners, husbands, bosses — who they strongly suspected planted the AirTags on their cars in order to follow and harass them. Those women reported that current and former intimate partners­ — the most likely people to harm women overall — ­are using AirTags to stalk and harass them.

Eight police departments over eight months yielded fifty cases. And that’s only where the victim (1) realized they were being tracked by someone else’s AirTag, and (2) contacted the police. That’s going to multiply out to a lot of AirTag stalking in the country, and the world.

Read More

ForAllSecure, maker of a next-generation fuzzing solution called Mayhem, announced a $2 million program Wednesday aimed at making open-source software (OSS) more secure. The company is offering developers a free copy of Mayhem and will pay them $1,000 if they integrate the software into a qualified OSS GitHub project.

“We’re on a mission to automatically find and fix the world’s exploitable bugs before attackers can succeed,” David Brumley, CEO and co-founder of ForAllSecure, said in a statement.

[ Related reading: 10 top fuzzing tools: Finding the weirdest application errors. ]

“OSS developers need help and don’t have access to the tools they need to quickly and easily find vulnerabilities,” Brumley continued. “Our Mayhem Heroes program democratizes software security testing, will make tens of thousands of OSS projects safer, and ultimately impact the security of systems used by everyone around the world.”

To read this article in full, please click here

Read More

Cloud security and compliance software company Qualys has announced the latest version of its Multi-Vector endpoint detection and response (EDR) platform, with added threat hunting and risk mitigation capabilities and a clear focus on alert prioritization and reducing the time needed to respond to threats.

“Qualys Multi-Vector EDR acts as a force multiplier for customers—ultimately allowing them to consolidate vendors and agents via the Qualys Cloud Platform.” said Hiep Dang, vice president of EDR at Qualys. “This eliminates the need to manually analyze data across multiple sources to identify potential threats, and instead, allows security teams to prioritize events and take quicker action.” 

To read this article in full, please click here

Read More