IT Security Newsletter - 4/14/23
Zelle users targeted with social engineering tricks
Cybercriminals have been leveraging social engineering techniques to impersonate the popular US-based digital payments network Zelle and steal money from unsuspecting victims, according to Avanan. The spoofed email is cleverly crafted to look as legitimate as possible: it contains the Zelle logo, grammatically correct text, and an authentic link to the firm's web page at the bottom of the email, in the "security and privacy" footer. However, it also includes a malicious shortened link. READ MORE...
Microsoft: Phishing attack targets accountants as Tax Day approaches
Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. With the USA reaching the end of its annual tax season, accountants are scrambling to gather clients' tax documents to complete and file their tax returns. Due to this, it makes it an ideal time for threat actors to target tax preparers, hoping that they mistakenly open malicious files that they would generally be more careful with when less busy. READ MORE...
WhatsApp boosts defense against account takeover via malware
WhatsApp announced today the introduction of several new security features, one of them dubbed "Device Verification" and designed to provide better protection against account takeover (ATO) attacks. Device Verification prevents malware from using authentication keys stolen from infected mobile devices or via unofficial clients to impersonate accounts and use them to send scam and phishing messages to people in the targeted users' contact lists. READ MORE...
New Mirai Variant Employs Uncommon Tactics to Distribute Malware
RapperBot's initial infection tactic is one example of the different methods attackers are using to distribute malware. A new version of a Mirai variant called RapperBot is the latest example of malware using relatively uncommon or previously unknown infection vectors to try and spread widely. RapperBot first surfaced last year as Internet of Things (IoT) malware containing large chunks of Mirai source code but with some substantially different functionality compared with other Mirai variants. READ MORE...
To improve security, consider how the aviation industry stopped blaming pilots
Pilot turned CISO says when admitting to an error isn't seen as a failure, improvement becomes easier to achieve. To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to director of the Information Systems Audit and Control Association Serge Christiaans. READ MORE...
Organizations face an uphill battle to keep their sensitive data secure
On average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach (90%), threat (89%) and/or theft of data (80%), with 75% experiencing all three, according to Skyhigh Security. Overall, the report underscores the need to address data security gaps by investing in comprehensive data protection that provides remote workforces with a secure and productive user experience. READ MORE...
- ...in 1818, Webster's American Dictionary of the English Language is printed for the first time.
- ...in 1865, former Confederate spy and assassin John Wilkes Booth fatally shoots President Abraham Lincoln at Ford's Theatre.
- ...in 1894, Thomas Edison's Kinetoscope first appears in a New York City amusement arcade, making it the first commercial movie theater.
- ...in 1912, just before midnight in the North Atlantic, the RMS Titanic fails to divert its course from an iceberg, ruptures its hull, and begins to sink.