Cybersmart Security
By Salaudeen Amao
The podcast is published every Sunday by midnight and designed to educate you on how to become cybersmart with a 15 minutes long, summary of recent tech related news and cyber events.
Subscribe to Cybersmart security on Apple Podcasts, Google Podcasts or Spotify
Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com
Cybersmart SecurityJan 23, 2022
Episode 54-CNRs-Police Disrupts Phishing Rental Platform & Students Turn to Cyberfraud;As 70,000 people allegedly duped in the UK alone
CNRs-Episode 53: LG TVs in Remote Attacks,73M AT&T Customers in Data Breach, Facebook Profiles Hijack and More...
Dangers of Misinformation; to People & country.
Link:
The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media isc.sans.edu/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396
You can find the full episode herein:
Managing Misinformation; Toyota, Axis communications and Aon deal with Cyberattacks anchor.fm/cybersmart/episodes/Managing-Misinformation-Toyota--Axis-communications-and-Aon-deal-with-Cyberattacks-e1faq2g
DC Health Exchange breach Root Cause revealed, Western Digital Hackers Request Ransom,& more.
E03-Cyber SmartTalk with Michal_Cizek-GoodAccess; First VPN Providers and the Evolution of Remote Access
Welcome to the Cyber SmartTalk, a series brought to you by the host of GetCybersmart Security Cyber News Review.
In this episode, Michal Cizek the founder of 1st VPN providers Good Access discusses how security remote accesss helps small business profit in a hypercompetitive space and a variety of other issues such as;
- The story of the first VPN providers in 2008.
- The Evolution of Remote Access
- The One mistake beginners should not make in their learning journey into cybersecurity.
- Small and Medium-scale businesses reduce cyber risks without less stress and huge costs.
- Use cases of Retail Vs Business VPN services.
- Organizational Values' role in enhancing the company's security culture.
- Culture-Driven Companies.
- Zero-Trust and Network segmentation: How it really works.
- The 2 non-technical secrets to protecting your kids from cybercriminals
You can send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
In addition, if you have an expert or colleague that you will like featured in this series, you can send an email with the subject "Persons Name-Podcast Guest Proposal"enclosed with information about the person's profile, links to their previous works or/and interviews, and possible questions or areas they wish to cover during the interview. We will be in touch afterward. Thank you for listening.
NortonlifeLock Password Breach, Fortinet's VPN weaknesses exploited & Europol TakesDown Call Centers
In this episode, Hackers used stolen credentials to beat Norton password manager, European Police(Europol) clamped down on cyber criminals that scammed Germans of over $2M. And Fortinet's experts warn of weaknesses being exploited in VPN's vulnerabilities.
The *Cybersecurity News Review series(The Midweek Edition)-CNRs* is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations.
Thank you for listening. Salahudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. New episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
1. NortonLifeLock warns that hackers breached Password Manager accounts
2. Europol takes down call centers that scammed Germans out of €2 million
3. Fortinet Technical Report
Verizon & Health Systems in Data Breach,K-8 Student Learn Cybersecurity Via Games, PoS Malware.
Excerpts-E02 - Cyber SmartTalk with Javvad Malik - The 1st Step To Protecting Our kids From Cyberbullying
E02-Cyber SmartTalk with Javvad Malik-"Building A Strong Security Culture is a Marathon, Not a Sprint"
Welcome to the Cyber SmartTalk, a series brought to you by the host of GetCybersmart Security Cyber News Review.
In this episode, Javvad Malik a seasoned cybersecurity professional with over 20 years of experience discusses how security helps a business thrive and a variety of other issues such as;
- Breaking into the cybersecurity industry the right way
- Why Jobs-related attacks always work.
- The 1st Step to protecting children from cyberbullying and cyberfraud
- What Makes an effective awareness Training
- Practical advice on building a strong security culture among employees
- The one thing most security professionals overlook
You can send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
In addition, if you have an expert or colleague that you will like featured in this series, you can send an email with the subject "Persons Name-Podcast Guest Proposal"enclosed with information about the person's profile, links to their previous works or/and interviews, and possible questions or areas they wish to cover during the interview. We will be in touch afterward.
Thank you for listening.
Excerpts-E02 - Cyber SmartTalk with Javvad Malik- The 1 reason Why Fake Job Related Attacks Works
Cyber SmartTalk Series S01E01- "Why get Cybersmart"?
The Business of Trust: CafePress in data breach cover-up, Phony Instagram mails impact insurance firm and Ubisoft hit by "cyber security incident"
In today's special 50th episode - I discuss the business of trust and restoring consumers' confidence after a "cyber security incident". Also in this episode, FTC to fine CafePress for cover-up of a massive data breach and Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
This is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations.
Thank you for listening.
Salahudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
1. FTC to fine CafePress for cover-up of massive data breach
www.bleepingcomputer.com/news/security/ftc-to-fine-cafepress-for-cover-up-of-massive-data-breach/
2. Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
3. Ubisoft Cyber Security Incident Update
news.ubisoft.com/en-gb/article/3tSsBh25mhHhlbGSy1xbRw/ubisoft-cyber-security-incident-update
On the Business of Trust
4. The Target breach of (2013), two years later
www.zdnet.com/article/the-target-breach-two-years-later/
5. Uber argument that data theft wouldn’t be a risk to users is a warning, says consumer group
www.itworldcanada.com/article/uber-argument-that-data-theft-wouldnt-be-a-risk-to-users-is-a-warning-says-consumer-group/402711
Managing Misinformation; Toyota, Axis communications and Aon deal with Cyberattacks
On today's theme - I discuss the subject of misinformation. How do you manage misinformation from cyberspace, especially on social media?
Toyota was forced to shut down production at 14 plants in Japan after a cyberattack on a third-party company. Insurance company Aon said a cyber incident impacted what it called “a limited number of systems.” And Video surveillance systems company Axis Communications said someone was able to use social engineering to get around MFA login protection and hack into the company.
This is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
- Toyota suspends domestic factory operations after suspected cyber attack
- Aon filing with the U.S. Securities and Exchange Commission
About Managing Misinformation -
- The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
- Episode 28 of Cybersmart Security podcast - Misinformation or April Fool's Joke
Attackers up "phishing" game using Docusign to steal Microsoft Outlook Logins, Manufacturing ranked most targeted in 2021
A phishing campaign directed at a major US payment company used DocuSign and a compromised third-party's email domain to scale past email security measures. Also IBM Threat report stated that 1 in 3 cyber-attacks were against the manufacturing sector in 2021.
A review of cybersecurity news from cyberspace and the key takeaways that we can learn from them as individuals or organizations.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
1. Cyberattackers leverage DocuSign to steal Microsoft Outlook logins
2. Manufacturing was the top industry targeted by ransomware last year
Three-Fifth of Cyberattacks in 2021 were malware-free,FBI warns on increased BEC scams via virtual Meetings,CISA releases list...
This is a review of recent news from cyberspace and the takeaway and lessons we can learn as individuals or as an organization.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free
FBI sees increase in use of virtual meeting platforms for BEC scams
Puma employee data breach in Kronos cyberattack and Marketing Firm leaves database open
Puma employee data breach in Kronos cyberattack and Marketing Firm leave database open A cyberattack in form of a ransomware attack against Kronos workforce management system last December has affected Puma through a data breach. Also, a marketing firm left a vast database held in an Amazon S3 bucket unsecured and open. This is a review of recent news in cyberspace and the takeaway and lessons we can learn as individuals or as an organization.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
Puma Data Breach: Sensitive Data of Employees Stolen
Report: US Marketing Platform Exposed Millions of Leads’ Data
Telco Fined €9M,Data Breach exposes PII of Airport Workers & Malicious 2FA app found on Google Play.
A Telco firm based in Greece has been fined €9M for leaking sensitive customer data back in a 2020 cyberattack, Data Breach exposes the personally identifiable information of airport security workers & malicious 2FA app titled "2FA Authenticator" found on Google Play after it was downloaded 10, 000 times. This is a review of recent news in cyberspace and the takeaway and lessons we can learn as individuals or as an organisation.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
Credentials Phishing Campaign Targets Organizations, Microsoft Warns of Consent Phishing attack, Hacker Cracks Crypto Hardware Wallet
A review of selected cybersecurity news from cyberspace and the key takeaways that we can learn from them as individuals or organizations. Over 100 people were affected by a credential phishing campaign. Microsoft has issued a warning that Office 365 users are getting emails to trick them into granting permissions via an app(Upgrade) appearing to be from a verified publisher. And a Hardware Hacker cracked a crypto wallet worth only $50k in 2018
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS
- Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA - https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
- Microsoft warns about this phishing attack that wants to read your emails - https://www.zdnet.com/article/microsoft-warns-about-this-phishing-attack-that-wants-to-read-your-emails/
- Cracking a $2 Million Crypto Wallet - https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft?scrolla=5eb6d68b7fedc32c19ef33b4
Privacy Under Threat From German Police, 2FA Bypass and Quick Thinking Saves Hospital
A review of cybersecurity news from the cyberspace including Privacy under threat after misuse of Covid contact tracing App by German Police,Box 2FA bypass opens user accounts to attack, $34.6M withdrawn in crypto.com 2FA bypass & Quick Thinking saves Florida hospital from a ransomware attack.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
- German police under fire for misuse of COVID contact tracing app https://amp.dw.com/en/german-police-under-fire-for-misuse-of-covid-contact-tracing-app/a-60393597
- Box 2FA Bypass Opens User Accounts to Attack https://threatpost.com/box-2fa-bypass-accounts-attack/177760/
- 2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
- Crypto.com confirms 483 accounts hacked, $34 million withdrawn https://www.bleepingcomputer.com/news/security/cryptocom-confirms-483-accounts-hacked-34-million-withdrawn/
- 'Lock it down and piss people off': How quick thinking stopped a ransomware attack from crippling a Florida hospital https://edition.cnn.com/2022/01/16/politics/florida-hospital-ransomware/index.html
Morgan Stanley agrees to $60M data breach settlement, FBI warns about Google Voice Authentication Scams
The US bank and financial services giant has agreed to $60M settelement to resolve a lawsuit following two data exposure incidents involving approximately 15 million current and former clients. Also, The FBI has been getting reports of people getting targeted in different locations as it surrounds malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers.
Do not share Google verification code with others.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:Morgan Stanley agrees to $60 million settlement in data breach lawsuit
FBI issues warning about Google voice authentication service scamming users
Swiss Text Messaging Firm's COO Departs...Facebook Takes Down Accounts belonging to 7 Cyber Mercenary Firms
Swiss Text Messaging Firm's COO Departs amidst Surveillance Allegation, Facebook Takes Down Accounts belonging to 7 "Cyber-Mercenary" Firms
Facebook and Social Media Users are strongly advised to take a privacy checkup, be cautious when accepting or interacting with unknown people, and review their privacy settings on their accounts.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
Swiss Exec helped Governments track phones, Malicious Free Utility Notepad++ in the wild and Poor OAuth Implementation Leads to Redirection Attacks
Swiss Company, Mitto AG is said to have operated a service that ultimately helped governments secretly surveil and track mobile phones. A hacking group known as Strongpity has made an infected version of the Notepad++ text editor app that installs malware on a victim's computer. Poor implementation of popular OAuth2.0 leads to redirection attacks that bypass most phishing detection solutions and email security solutions. Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
"Zinc" group posed as Samsung Recruiters, DNA Testing Firm In Data Breach of 2M, IKEA employees under Phishing Email attacks
North Korean linked Zinc hacker group sent fake job offers to employees at South Korean security companies that sell anti-malware solutions and more. A DNA testing Firm in Ohio has disclosed a data breach where Hackers have had access to 2.1M people's CVV code, account passwords. IKEA is fighting a phishing email system attack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails.
Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
- North Korea-linked Zinc group posed as Samsung recruiters to target security firms
- DNA testing firm discloses data breach affecting 2.1 million people
- IKEA dealing with an ongoing attack
Heating systems(HVAC) Hacks, GoDaddy Data Breach Impacts 1M, Hikvision cameras Exposed to Remote Code Execution
Heating systems(HVAC) Hacks, GoDaddy Data Breach Impacts 1M, Hikvision cameras Exposed to Remote Code Execution
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
The PerSwaysion phishing campaign, a new malware hitting e-commerce sites, & something new about ransomware gangs
The PerSwaysion phishing campaign, a new malware hitting e-commerce sites, & something new about ransomware gangs
A kit, named PerSwaysion, can give cybercriminals a way to launch a phishing campaign relatively easily and with little up-front effort. A new malware is hitting e-commerce sites. Security researchers found attackers found a vulnerability in a website plug-in and used that to upload a backdoor. This allows sites' code alteration in order to allow interception of payment card data for purchases. Ransomware gangs compete in auction sessions on cybercriminal forums for zero-day vulnerabilities in software applications. Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com
LINKS:
1.'PerSwaysion' Phishing Campaign Still Ongoing, and Pervasive
2. Linux malware agent hits eCommerce sites
3. Vulnerability Intelligence: What’s The Word In Dark Web Forums?
BOTs used to scam 2FA codes, Tesla recalls almost 12k vehicles and phone scams, and Password Spraying Attacks on the rise
Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
The Booming Underground Market for Bots That Steal Your 2FA Codes
Tesla recalls nearly 12,000 U.S. vehicles over software communication error
Phone scams: Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery
Protect your business from password sprays with Microsoft DART recommendations
Deep6 AI in Medical Data breach, 70% of Sampled WiFi Networks Cracked & Outlook Web Access Phishing
Another Medical Data Processing Firm involved data Breach. A Security researcher cracked 70% of sampled WiFi networks goes on to explain why phone numbers are bad WiFi passwords and Beware of phishing sites disguising as outlook Web access to get stolen credentials.
Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
Olympus has Fallen,Verizon Fake logo,Microsoft Digital Defence Report and Beware of free movie sites
Olympus, medical imaging firm suspends data systems in the US Canada and Latin America due to cyber attacks. In Microsoft's second annual digital defense report, the company provides insight into the changing cyber-crime landscape. Ranging from phishing to ransomware as a service. Also, beware of so-called free sites offering free downloads of recent blockbuster movies.
Listen till the end for an announcement.
Thank you for listening.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
1. Olympus US systems hit by cyberattack over the weekend 2. How cyberattacks are changing according to new Microsoft Digital Defense Report 3. Olympus suffers second cyberattack in 20214. Phishers Get Clever, Use Math Symbols for Verizon Logo
Much Ado About Legacy Systems, Really? Dumpster Diving and EA; Makers of FIFA21 in 780GB Data Breach
In this episode, the task of protecting legacy systems by organizations are discussed. Dumpster diving is a popular term in cybersecurity today. Learning how to treat data differently is crucial, whether in transit, at rest or when data is considered obsolete. Also, how we treat trash can be the difference between being a victim of identity theft or blackmail and ensuring useful info from a "dumpster" is never used against us. And Electronic Arts were in a massive data breach that resulted in source code for FIFA 21 and the Frostbite engine stolen by Hackers.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
1. Prevention Is the Only Cure: The Dangers of Legacy Systems https://beta.darkreading.com/vulnerabilities-threats/prevention-is-the-only-cure-the-dangers-of-legacy-systems
2. Hackers Steal Wealth of Data from Game Giant EA - The data includes source code for FIFA 21 and the Frostbite engine.
www.vice.com/amp/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code
3. Hackers steal source code and more from Electronic Arts in massive data breach - EA falls victim to hackers in new data breach
https://www.techspot.com/news/90020-hackers-steal-source-code-more-electronic-arts-massive.html
Start Good CyberHygiene Now!; Fix Your Passwords with a Single Tap, $40M Ransom Reportedly Paid, and More
In this episode, Start good cyber-hygiene now; the need to fix bad passwords with a password manager such as Chrome's built-in manager. The average cost of ransomware has increased, and beware of fake browser extensions. Good cyber hygiene includes user practices such as inspecting file extensions, routine checks, self-auditing and being cautious.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.
LINKS:
1. Fix your passwords in Chrome with a single tap
3. FBI's IC3 Logs 6 Million Complaints
4. One of the US's largest insurance companies reportedly paid $40 million to ransomware hackers
5. Fake Microsoft Authenticator extension discovered in Chrome Store
Wi-Fi Warnings and Anti-Ransomware Day Advice
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com
LINKS:
1. FragAttack www.fragattacks.com/
2. Anti-Ransomware Day, fuel pipelines and water utilities
www.cybersecasia.net/newsletter/anti-ransomware-day-fuel-pipelines-and-water-utilities
3. Kaspersky Report - Ransomware world in 2021: who, how and why securelist.com/ransomware-world-in-2021/102169/
4. Alert (AA21-131A) DarkSide Ransomware : Best Practices for Preventing Business Disruption from Ransomware Attacks us-cert.cisa.gov/ncas/alerts/aa21-131a
World Password Day, Malicious Office 365 Apps, and Fake Product Reviews
In this episode, how we are still very much reliant on passwords in 2021, Google plans to enforce the use of two-factor authentication for everyone who has a google account. Also, a breakdown of how Attackers Distribute Malicious Apps via Office 365 apps are discussed. Lastly, Why you should not trust that 5-star review you read about a product on Amazon as researchers found a database of documents behind a product reward scam run by vendors on Amazon.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.
LINKS:
1. World password Day- A simpler and safer future — without passwords
2. The Wages of Password Re-use: Your Money or Your Life
3. Malicious Office 365 Apps Are the Ultimate Insiders
5. Amazon Fake Reviews Scam Exposed in Data Breach
6. A further explanation about 2FA or 2SV -Episode 4 Cybersmart Security Podcast
Ransomware Costs, the Risk With Old Version Softwares,New Updates and Gamers Beware of this Fake DirectX12 Download
In this episode, the cost of ransomware has doubled over a year, the risk with using old version software(or end of life operating system like Windows 7). Update your Mac now. Also, beware of a fake Microsoft DirectX12 installer in the Wild. This malware is an information-stealing malware that attempts to harvest a victim's cookies, cryptocurrency wallets, passwords, and more in the background when installed.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.
LINKS
1. Ransomware: don’t expect a full recovery, however much you pay. https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/
2. Task Force Seeks to Disrupt Ransomware Payments
https://krebsonsecurity.com/2021/04/task-force-seeks-to-disrupt-ransomware-payments/
3. Kaspersky finds 22% of PC users still running end-of-life Windows 7 OS
https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-22-of-pc-users-still-running-end-of-life-windows-7-os#_ftn1
4. Update Your Mac Now: The ‘Worst Hack In Years’ Hits Apple Computers
https://www.forbes.com/sites/thomasbrewster/2021/04/26/update-your-mac-now-the-worst-hack-in-years-hits-apple-computers/?sh=3ee9cd855da0
5. NVIDIA Driver Downloads
https://www.nvidia.com/Download/index.aspx
6. Fake Microsoft DirectX 12 site pushes crypto-stealing malware
https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/
Misinformation or April Fool's Joke; Datascrap on Linkedln, Facebook & Clubhouse And Job Scams
Over half a billion Facebook and Linkedin user profiles were recently leaked online or put up for sale by cybercriminals. Also, about 1.3M Clubhouse user profilers were posted on a hacker forum. This may have been due to data scraping, which is allowed by Clubhouse API or app and can be accessed by "anyone".
April fool's joke by Deliveroo and Volkswagen backfires. Shouldn't inaccurate or untrue information published as a joke by some companies be classified as misinformation rather than a prank?
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.
LINKS
1. The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/
2. The joke is on Volkswagen after April Fool’s name change debacle https://www.aljazeera.com/economy/2021/3/31/bb-thejokeis-on-volkswagen-after-april-fools-name-change-debacle
3. Deliveroo April Fool's joke backfires in France
https://www.bbc.co.uk/news/world-europe-56617049
4. Security News This Week: Oh Look, LinkedIn Also Had 500M Users' Data Scraped
https://www.wired.com/story/linkedin-data-scrape-phishing-zoom-security-news/
5. “Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data
https://cybernews.com/security/not-ideal-from-a-privacy-standpoint-clubhouse-api-lets-anyone-scrape-public-user-data/
The Trust Layer Conundrum; World Backup Day, LinkedIn to Rival Clubhouse App & Crypto Scam via Apple's App store
An iPhone user lost 17.1 bitcoin worth $600,000 due to downloading a fake app on Apple's "trusted" app store.
Are technology giants really doing a lot more and not just the minimum to instil trust in the services they provide to us? I discuss the trust layer conundrum and Linkedin's plan to rival clubhouse soon.
31st March each year is #WorldBackupDay. This is a reminder to keep a backup of your most important files offsite(SSDs, Drive, USB... ) or via a reliable cloud service.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com
LINKS
1. World Backup Day Take action
As most of us have services we enjoy from Google, it is good advice to backup your data today.
You can go to this link below now. Follow the prompts and back up your data to a cloud service so that it’s in two separate locations.
takeout.google.com/?pli=1
2. LinkedIn confirms it’s working on a Clubhouse rival, too
techcrunch.com/2021/03/30/linkedin-confirms-its-working-on-a-clubhouse-rival-too/
3. He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.
www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/
4. Trezor for securing your Crypto savings
www.youtube.com/watch?v=wruL9LF8AUA
Tax & Refund Scams, $50m Ransom, Fake Clubhouse App To Avoid and The Power of Compliments & Empathy
Have you ever got carried away by compliments to the extent that you may have shared very personal information or that of someone else that you never intended initially? Scammers are exploiting the power of empathy to gain the trust of their victims. In this episode, I talk about how we can better respond to a refund claim via calls, SMS or emails and spot the scammy ones. Also mentioned is a fake clubhouse app to avoid.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.
LINKS
- IRS Impersonation - https://abnormalsecurity.com/blog/irs-impersonation/
- Fighting back against phone scammers with glitter bombs -https://grahamcluley.com/fighting-back-against-phone-scammers-with-glitter-bombs/
- Spotting scammy emails - https://www.consumer.ftc.gov/blog/2021/03/spotting-scammy-emails?utm_source=govdelivery
- YouTube Link---Glitterbomb Trap Catches Phone Scammer (who gets arrested) - https://www.youtube.com/watch?v=VrKW58MS12g
- Catching Money Mules ft. Mark Rober - https://www.youtube.com/watch?v=Xvjjpzyiig4&t=0s
- Scammer Payback - https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw
- Computer giant Acer hit by $50 million ransomware attack - https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/
- Beware Android trojan posing as Clubhouse app - https://blog.eset.ie/2021/03/19/beware-android-trojan-posing-as-clubhouse-app/
FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free
FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free
Earlier this week, the Federal Bureau of Investigations(FBI) mentioned in an alert that cybercrime actors are tricking victims via a traffic infringement phishing scheme. The TrickBot malware spread primarily by spearphishing campaigns using tailored emails that contain malicious attachments. In this episode, this malware's capabilities and how to stay a step ahead of it are discussed.
Also, an academic book publisher-Springer Nature had a misconfiguration that allowed anyone to download their books for free, and lastly, a costly mistake by an employee in the Health Dept of a county in New York State is briefly dissected in the episode.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.
LINKS:
- TrickBot Malware Alert https://us-cert.cisa.gov/ncas/alerts/aa21-076a
- Trickbot is the most prolific malware operation using COVID-19 themed lures https://securityaffairs.co/wordpress/101824/cyber-crime/trickbot-covid-19-themed-lures.html
- Error caused the world’s largest academic book publisher to give books away free -https://cybernews.com/security/error-caused-worlds-largest-academic-book-publisher-to-give-books-away-free/
- WI: 900 emails of COVID vaccination registrants accidentally shared in Walworth County -https://www.databreaches.net/wi-900-emails-of-covid-vaccination-registrants-accidentally-shared-in-walworth-county/
Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams
Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams.
Cybercriminals are once again using the Covid-19 pandemic as a smokescreen for their phishing scams. These scammers rely on the naivety of victims to gain maximum damage. According to people’s reports to the FTC and a new Data Spotlight, about $117m was lost by consumers to scams starting from social media scams in the first 6 months of 2020. Thus it is more pertinent to know ways to identify scams beginning from the social media platforms. I discuss this and more in today's episode.
I also address where the fault really lies about the SolarWinds hack. It is more an organizational issue than an individual one. Responsibility and accountability should always come from the top before it trickles down to the bottom.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com
LINKS:
- Scams will follow new COVID-19 rescue plan - https://www.consumer.ftc.gov/blog/2021/03/scams-will-follow-new-covid-19-rescue-plan
- Scams Starting on Social Media and Targeting Your Business - https://www.tripwire.com/state-of-security/security-data-protection/scams-social-media-targeting-business
- Scams that start on social media - https://www.consumer.ftc.gov/blog/2020/10/scams-start-social-media
- Threat Actors Target Victims by Promising COVID-19 Relief, Vaccines, and Variant News - https://www.proofpoint.com/us/blog/security-briefs/threat-actors-target-victims-promising-covid-19-relief-vaccines-and-variant
- SolarWinds blaming intern for leaked password is symptom of ‘security failures’ - https://www.scmagazine.com/access-control/solarwinds-blaming-intern-for-leaked-password-is-symptom-of-security-failures/
Facebook in $650M Privacy Lawsuit Settlement, 400 T-Mobile Users Affected By SIM Swap Fraud & How To Prevent A SIM Swap Attack
T-Mobile is in the news again for the fifth time in four years for a data breach; this time, 400 users were victims of a SIM Swap Fraud. The recent attacks via SIM swap fraud have brought Wireless carriers under the spotlight.
In 2021, more companies are embracing cryptocurrencies investments. Online users are buying company shares via mobile applications; it is thus crucial to ensure that accounts are kept safe from identity theft and other types of attacks.
In episode 23, I talk about protecting yourself from SIM swap attacks and keeping your crypto safe. I also comment on the verdict by a US District Judge to order Facebook to pay $650M in settlement for a privacy violation. Besides, this episode notes includes a research paper regarding vulnerable authentication challenges published in January 2020.
Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral.
LINKS:
- 1. Judge Approves $650M Facebook Privacy Lawsuit Settlement
https://www.securityweek.com/judge-approves-650m-facebook-privacy-lawsuit-settlement
- 2. T-Mobile Discloses Data Breach After SIM Swapping Attacks
https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/
- T-Mobile Notice To Customers Affected By Data Breach
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
- 3. All about SIM Hijacking and Research Done Using 5 Popular Telecom Carriers
https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html
- An Empirical Study of Wireless Carrier Authentication for SIM Swaps
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
- Study Shows The Internet Is Hugely Vulnerable To SIM Hijacking Attacks
https://www.techdirt.com/articles/20200114/06480143727/study-shows-internet-is-hugely-vulnerable-to-sim-hijacking-attacks.shtml
- 4. Stories And A Video-‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories
https://www.vice.com/en/article/j5bpg7/sim-hijacking-t-mobile-stories
- 5. Keeping Your Crypto Safe Offline - What Happens When Hackers Steal Your SIM You Learn To Keep Your Crypto Offline
https://techcrunch.com/2018/08/20/what-happens-when-hackers-steal-your-sim-you-learn-to-keep-your-crypto-offline/amp/
Fake Cryptocurrency Trading Platforms,Sim-Swapping,Novel Phishing Tactic Via Malformed URLs and 5 Ways To Begin Fullproof Privacy Protection
If you know why you should take privacy protection seriously, then taking proactive actions towards achieving foolproof security against the bad guys is the next step. In this episode, I discussed 5 ways you can start to have a sense of control over everything that connects to you. Before that, I delved into the recent charges brought against 3 North Koreans arrested for globally related cyberattacks that include fake Cryptocurrency Trading Platforms used to fool unsuspecting users to download malicious applications. How to ensure your mobile number is not ported to another sim by impersonators is also addressed.
Salaudeen Amao gives a breakdown of recent news on cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral
LINKS: US charges North Koreans in relation to global cyber attacks https://www.tripwire.com/state-of-security/featured/us-charges-north-korean-hackers-wannacry-sony-pictures-attack/ New Phishing Attack Identified: Malformed URL Prefixes https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/ Ten Hackers Arrested For String of Sim-swapping Attacks Against Celebrities https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities
Why Are Security Firms Vulnerable Too And 5 Reasons To Take Privacy Protection Seriously
.
In this episode, you will learn the 5 reasons why you should take privacy protection seriously. Before that, I talk about the SolarWinds hack and why security firms are only as strong as the weakest vendor on their books.
Salaudeen Amao gives a breakdown of recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral. LINKS.
A Second SolarWinds Hack Deepens Third-Party Software Fears
www.wired.com/story/solarwinds-hack-china-usda/
SonicWall says it was hacked using zero-days in its own products
www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/
New phishing attack uses Morse code to hide malicious URLs
www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Bluetooth Overlay Skimmer That Blocks Chip
krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/
SonicWall Is Latest Security Vendor to Disclose Cyberattack
The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.
www.darkreading.com/endpoint/sonicwall-is-latest-security-vendor-to-disclose-cyberattack/d/d-id/1339972
Remote Attacks;Beware of Fake Office 365 updates, Vishing Campaigns And The Rise In SMS-based Phishing Services
Being Cyber aware is more important now than ever before as phishing related attacks are up by over 300%. Hackers are creating phishing toolkits to harvest login credentials to gain remote access to corporate networks. The FBI has warned businesses of increased phishing voice call otherwise known as vishing. Also, security authorities in the UK and Ukraine have arrested creators of phishing toolkits called SMS bandit and U-Admin. these toolkits have features that can intercept OTP and multifactor authentication codes.
Salaudeen Amao gives a breakdown of recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.
Links quoted in this episode
https://www.proofpoint.com/us/blog/threat-protection/mobile-phishing-increases-more-300-2020-chaos-continues
https://www.databreachtoday.asia/phishing-campaign-features-fake-office-365-update-a-15869
https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/
https://krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/
https://www.bleepingcomputer.com/news/security/beware-of-this-active-uk-nhs-covid-19-vaccination-phishing-attack/
https://www.govinfosecurity.com/fbi-warns-increase-in-vishing-attacks-a-15795
Data-sharing Policies-WhatsApp,Telegram&Signal&The 1 Reason You Are Prone To Threats&Attacks in 2021
Doing Things Right;FTC on Zoom's Unfair Practices,Muslim Pro,Salaat First&The Location Data Question
Privacy, Data Protection: Why DP Regulators are Vital Now & Ways To Stay A Smart Holiday Shopper
Due Diligence, Are SMS Security Codes For 2FA Still Reliable? British Airways Fined €20M
..... Do you exercise a bit of care before entering into a contract or agreement? Investigating and checking the details of a business deal or investment in a business idea is important now than ever before so you don't get scammed. At times people are just Wolves in sheep clothing. Always do due diligence. BA were Fined 20M for keeping Customers' credit card details in plaintext sìnce 2015. All these and more in this week's episode.
—LINKS For Further Reading—1. Due Diligence That Money Can’t Buy
krebsonsecurity.com/2020/09/due-diligence-that-money-cant-buy/
—2. Having Saved Credit Card Details in Plaintext Since 2015, British Airways Is Fined £20 Million hotforsecurity.bitdefender.com/blog/having-saved-credit-card-details-in-plaintext-since-2015-british-airways-is-fined-20-million-24340.html
—3. Amazon Fires Employee For Leaking Customer Data
hotforsecurity.bitdefender.com/blog/amazon-fires-employee-for-leaking-customer-data-24417.html
If In Doubt,Don't Give It Out:Former Cisco Employee Pleads Guilty&Hackers Pose As Journalist-Part 2
....
Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.
LINKS
1. San Jose Man Pleads Guilty To Damaging Cisco’s Network
Unauthorized Access Led to Deletion of 16,000 WebEx Teams Accounts in the Fall of 2018- www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network
2. Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware
thehackernews.com/2020/08/hackers-journalist-malware.html?m=1
If In Doubt, Don't Give It Out:Tesla Saved From Ransom Attempt By Russian Hacker-Part 1
.
Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.
LINKS
Tesla employee foregoes $1M payment, works with FBI to thwart cybersecurity attack
www.teslarati.com/tesla-employee-fbi-thwarts-russian-cybersecurity-attack/
Privacy: College Tracks Students via Corona App & Ex-Uber Chief In Data Breach Cover-Up—Part 2
Say it ain't Joe?—https://www.theregister.com/2020/08/20/uber_sullivan_concealment_charges/
Fearing coronavirus, a Michigan college is tracking its students with a flawed app
And students have no way to opt out... techcrunch.com/2020/08/19/coronavirus-albion-security-flaws-app/