Scam of the Week: Black Friday & Cyber Monday Alert
"With more people than ever poised to partake in this year’s November shopping frenzy, attackers will capitalize by using the brand names of leading e-tailers to exploit users looking for Black Friday deals and coupons by creating fake mobile apps and landing pages to fool consumers into downloading malware, using compromised sites, or giving up their login credentials and credit card information."
"It's Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode. Black Friday and Cyber Monday are the busiest on-line shopping days and they are out to get rich with your money. So what to look out for?
This alert is also at the KnowBe4 blog, and has additional resource links:
Scam of the Week: SharePoint Phishing Attack on Office 365 Users
This latest attack uses several familiar aspects of O365 to lull potential victims into an assumption everything is above board.
Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending you an invite via email to open a SharePoint document. The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!
This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don't be tricked.
Whenever you're submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you.
Remember, Think Before You Click.
Check the list for your router and get the whole story here.
Twitter's 330 million users are being urged to change their passwords after some were exposed in plain text on its internal network.
An error in the way the passwords were handled meant some were stored in easily readable form, said Twitter.
The passwords should have been put through a procedure called "hashing" making them very difficult to read.
Security experts said the way Twitter handled the potential breach was "encouraging".
See whole story here - http://www.bbc.com/news/business-43995168
Twitter user @_thp shared a recent phishing scam that they received; and it’s so fiendishly clever that it’s gone viral. They wrote: "This is the most clever phishing scam I've ever encountered and for a second it almost got me." Now, that is perhaps a bit exagerated, but you have to admit it's something a lot of people will likely fall for,
See full story link below picture
Please be aware of an email phishing scam that has started in the last week.
Companies are experiencing a wave of phishing scams that target employee paychecks. Here is the scenario:
1. An employee receives from a company email account e-mail that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey.
2. The e-mail asks the employee to click a link, access a website, or answer a few questions.
3. Then it directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply e-mail receive a prompt response purporting to verify that the employee should complete the steps contained in the link.
4. The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network.
In some versions of the scam, hackers access employee e-mails to request a password change from the employer’s payroll service and then use the new log-in credentials to change direct deposit instructions."
Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams:
• Alert your workforce to this scam.
• Direct employees to forward any suspicious requests to the information technology or human resources departments, rather than replying to the e-mail.
• Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any e-mail.
For more detailed information see this link - https://blog.knowbe4.com/scam-of-the-week-wave-of-payroll-direct-deposit-phishing-attacks
Our information security team is aware of several related security bulletins for vulnerabilities identified with “speculative execution functionality” of multiple vendors’ central processing units (CPU). As of this writing, there are three known variants:
CVE-2017-5715 - Branch target injection (SPECTRE)
CVE-2017-5753 - Bounds check bypass (SPECTRE)
CVE-2017-5754 - Rogue data cache load (MELTDOWN)
Review the reference information below to become more familiar with these vulnerabilities and validate that any software applications not managed by GUTS have the latest patches applied. GUTS additionally recommends that all customers verify that all systems in use within their organizations are verified as having the latest patches applied – including desktops and laptops.
Meltdown Technical Deep Dive PDF
Spectre Technical Deep Dive PDF
VMware Security Response
CERT Vulnerability Notice
CERT Exploit Notice
Google Project Zero Analysis
Microsoft Security Notice
WIRED Magazine news article
AnandTech news article