Insights

Debt Collectors May Soon Contact You By Text and Social Media. Here’s What You Should Know

Starting in November 2021, debt collectors will have text and social media as ways to contact people. This provides cyber criminals with powerful new phishing topics. It’s important to understand what they can do, and more important to know what you should and shouldn’t do to stay safe. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Debt%20Collectors%20%20v1%20%202021-02-19.pdf 


Ransomware Attackers Set Their Sights on SaaS

Ransomware has been growing by leaps and bounds as a successful tool for cyber criminals. It creates major disruptions for victims and is quickly monetized. Now instead of going after individual companies, the attackers are going after applications used by multiple clients. This significantly enlarges the number of victims with each successful attack. 

 

https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147?fbclid=IwAR2VUAMeHbzuyGpWtlZRvAsp_iyfE-XrKFt7bGeTY_CmrHsG-q00HhIKOHk  

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Pop up ads are annoying at best and often the channel for damage or theft of our information. This article details the way “ScamClub” exploited an iPhone bug to pop up the ads that appeared innocent but stole information or in a more elaborate scheme took our money with promises of big payouts. 

 

https://nakedsecurity.sophos.com/2021/02/17/scamclub-gang-outed-for-exploiting-iphone-browser-bug-to-spew-ads/?fbclid=IwAR1qwi2czd9boR-ynGTBC0ojmVWIVaylDY-GxclXIxiXyfMKHd6qUGU1eC0

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools

Microsoft 365 is one of the most widely used applications in the world. As we saw with the recent SolarWinds attack, the focus of attacks has moved to applications from individual companies. Research shows that communication between Microsoft applications can bypass security precautions and provide an avenue for attackers. 

 

https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365s-power-automate-and-ediscovery-tools-/a/d-id/1340014?fbclid=IwAR1zJ9x88awPCCqbRRYdsvLFbcu_eD1wyCfB_N8xatQTeINvtY9Y9uHoY74

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Compromised Credentials Show That Abuse Happens in Multiple Phases

The theft of user credentials has long been known as a tool for cyber criminals to gain access to a company network and resources. But recent research shows that before the attacks we see, the cyber criminals have been doing damage but in a more covert way. Then when they have capitalized on the stolen credentials for themselves, they begin to make the stolen credentials available to other cyber criminals. 

 

 

https://www.darkreading.com/attacks-breaches/compromised-credentials-show-that-abuse-happens-in-multiple-phases/d/d-id/1340179?_mc=NL_DR_EDT_DR_daily_20210217&cid=NL_DR_EDT_DR_daily_20210217&elq_mid=102170&elq_cid=34773767

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Covid and Phishing

The Covid -19 pandemic has been a nightmare for much of the world. But it has been a benefit to the cyber criminal community by providing phishing subject lines that got people to click at an alarming rate. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Covid%20and%20Phishing%20v1%20%202021-02-12.pdf

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Android App Infects Millions of Devices With a Single Update

A popular Android app called Barcode Scanner was compromised and delivered malware to the approximately 10 million people who downloaded or update the app. 

 

https://www.darkreading.com/application-security/android-app-infects-millions-of-devices-with-a-single-update/d/d-id/1340093?fbclid=IwAR2AhA7sCS2z2pYouIvdi0AjEdzKgzLvvGwV_-KtYeNxm9ETyKGtnGT6QK0

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Unemployment Fraud: As If Being Out of Work Wasn't Bad Enough

Using stolen identities cyber criminals are registering for unemployment benefits. The current estimate is that Covid-19 employment fraud cost the government over $36 billion in 2020. And if it is your identity that was stolen you would not be able to get the unemployment benefits you may be entitled to. 

 

https://www.darkreading.com/edge/theedge/unemployment-fraud-as-if-being-out-of-work-wasnt-bad-enough/b/d-id/1340088?fbclid=IwAR2Mx_NO24nnnvaElglyLRH9sy113DCSHMrHOp4uXiL5u_idZ4UXnPC7dcg

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Over 400 Valentine’s Day-Themed Phishing Campaigns Spotted Weekly

The approaching Valentine’s Day has given cyber criminals a topic of high interest. Jewelry, flowers, candy, other gifts are all topics that catch people’s eye and interest. And that gets them to click the malicious links. 

 

https://www.cxotoday.com/security/over-400-valentines-day-themed-phishing-campaigns-spotted-weekly/

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

Ransomware attacks can be devastating especially to small and medium companies. Being out of business until the systems are restored is costly, as is paying the ransom. But one company, and there probably are many more, that failed to determine how their systems were compromised. So the attackers returned and the company had to pay another ransom. 

 

https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/?ftag=TRE6a12a91&bhid=29017885593246285133005340243949&mid=13258092&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Will Quantum Computing Break Encryption?

Quantum computing is an entirely different technology for computers and runs orders of magnitude faster than the fastest conventional computers. The concern is whether that speed will render data encryption methods obsolete. This Insight looks at quantum computing and encryption. 

 

https://apscdn.nyc3.cdn.digitaloceanspaces.com/resources/pdf/insights/Will%20Quantum%20Computing%20Break%20Encryption?%20v1%202021-02-05.pdf  

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


U.K. Arrest in ‘SMS Bandits’ Phishing Service

SMS Bandits is the name for a UK based man who operated a phishing service. The service sent high volumes of messages using different topics of interest to get people to click. 

 

https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser


Interview With a Russian Cybercriminal

There has been much speculation about what happens in the hacker community. But here is an interview with a member of that community who tells some of what life is like for a hacker. 

 

https://www.darkreading.com/endpoint/interview-with-a-russian-cybercriminal/d/d-id/1340029?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Google patches an actively exploited Chrome zero-day

Google just released an update for Chrome that closes an exploited vulnerability. The new version of Chrome with the update is for Windows, Linux, and Mac computers. All users are advised to update as soon as possible.  

 

https://www.zdnet.com/article/google-patches-an-actively-exploited-chrome-zero-day/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=13257984&cid=2201587059

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.


Malicious Skimmer Code Piggybacks on Other Hackers' Code

Hackers look for any way to steal your information. Now they have a new trick, using other hackers to penetrate your systems. In a recently discovered case, the hackers were piggybacking on the malicious code of other hackers to get your data. 

 

https://www.bankinfosecurity.com/malicious-skimmer-code-piggybacks-on-other-hackers-code-a-15921?rf=2021-02-04_ENEWS_SUB_BIS__Slot1_ART15921&mkt_tok=eyJpIjoiTURJeE1UYzBNak14TVRJMSIsInQiOiJEQWZZbFRSSmphSzA2Q21JQ3o3YmhMRFM0NEdEaFdUR2diXC9CdlFwN2lkXC9kM0xBRCtxb2VGRmRkSWFyUFBjRFVYbnhNSWQ4d3BKbHdzN2NrQU4xWTZaVml4d25zTiszUzkzTUVIQ1FoTTdcLytJeHhscGFFZzFBZW12WXpUMVN0dCJ9

 

If clicking the link does not take you to the proper page, copy and paste the link into your browser.