SecureTheVillage

Cybersecurity News of the Week

Cybersecurity News of the Week, September 1, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Corner

Rule 3 in SecureTheVillage’s How Hackable Are You Quiz & Guide is “Be Suspicious.” The four stories in Section 2 illustrate the need to always be suspicious. Fake emails. Fake phone calls. Fake text messages. Fake QR codes. Fake social media friends. Fake web sites. All designed to part us from our money.

I remember when I was learning to drive I had to learn what I needed to pay attention to. My safety and the safety of others required that I become mindful of what was going on around me. Stop signs and traffic lights. Drivers turning in front of me. Pedestrians crossing against the light. Knowing the rules of the road wasn’t enough. I had to learn the risks of the road.

Protecting ourselves and our families online requires that same mindfulness. That’s what it means to be suspicious; to always being mindful of the risks out there.

A major difference between driving safely and practicing good cyber-defense: other cars aren’t trying to hit us.

You can assume that a personal email you receive that looks like it’s from the IRS, a government agency, or your bank is a fraud. A text message that looks like it’s from a nonprofit or a political campaign? It could be legit or it might not be. If you want to donate, ignore the text and go to their website. Get a Zelle request from a “friend?” Call your friend and make sure it’s legit.

Don’t trust. Always verify.

Here’s a practice quiz from Google and Jigsaw. Practice makes perfect.

  • Can you spot when you’re being phished?: Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what’s fake?

From SecureTheVillage

  • Upcoming Events
    • A Reasonable Approach to Reasonable Security. Save the Date. October 22, 2024. SecureTheVillage’s 5th Annual Reasonable Security Summit.
  • Smaller business? Nonprofit? Take your security to the next level. Apply Now! If you’re a small business or nonprofit in the greater Los Angeles area, apply NOW for LA Cybersecure. Protect your organization with our innovative team-based learn-by-doing program with coaching and guidance that costs less than two cups of coffee a week.
  • IT Service Provider / MSP? Take your client’s security to the next level. Apply Now!  If you’re an IT service provider in the greater Los Angeles area, apply NOW for LA Cybersecure. With our innovative team-based learn-by-doing program, you’ll have both that “seat at the table” and the peace of mind that you’re providing your clients with the IT security management they need. … The LA Cybersecure Program is funded in part by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
  • Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 
  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basic controls and download our free updated 13-step guide.
  • Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cybersecurity Nonprofit of the Week … Nonprofit Cyber

Great kudos to Nonprofit Cyber. Nonprofit Cyber is a 40-member coalition of cybersecurity nonprofits focused on tangible results.  Coalition members collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. Nonprofit Cyber has compiled the Nonprofit Cyber Solutions Index, a comprehensive index of actual cybersecurity capabilities provided by the nonprofit community. In particular, the index identifies a large selection of free or low-cost cybersecurity capabilities for individuals, small businesses, and others left behind in the current environment. SecureTheVillage is a proud member of Nonprofit Cyber.

Cyber Humor

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Stories of scammers that make the point Be Suspicious.

  • Spotify Phishing Scams Are on the Rise: Here’s How You Spot One: Spotify phishing scams are rising, tricking users into fake emails to steal banking info. … To spot phishing scams, check the sender address, hover over links, and watch out for poor spelling. … Don’t rush to take immediate action on emails; avoid clicking suspicious links. … Spotify phishing scams arrive in your inbox disguised as a regular message from Spotify. They typically claim something has happened to your account, your account password, or your account payment method and that immediate action is needed. … The two most common email subjects I’ve received are “Important ! We noticed unusual activity in your Spotify account” and “Your Premium payment failed,” both designed to trick you into clicking the link in the email. I’ve included images of these Spotify phishing emails below so you can check out what they look like.
  • Scam Warning: Fake QR Codes Found On Parking Meters In Redondo Beach: Police discovered fake QR codes on about 150 parking meters that redirected people to a fraudulent website to collect payment. … The Redondo Beach Police Department said the codes lead to a website called “poybyphone” that mimics the two companies officially contracted by the city — ParkMobile and PayByPhone.
  • Her sister died. Then scammers took over her phone number and started racking up bills: A Bedford woman learned some hard lessons after scammers apparently impersonating a family member got T-Mobile to move her late sister’s number to a phone controlled by the scammers. … After recovering the cellphone of her recently deceased sister Betsy Egan, Suzy Enos discovered that scammers were able to siphon money from her sister’s bank account after T-Mobile allowed them to use Egan’s phone number on a different phone. … Enos, an IT director at a major corporation who lives in Bedford, went to battle online with the scammers and ultimately succeeded in protecting most of her sister’s assets, including the hundreds of thousands of dollars in retirement and savings accounts the scammers were in the process of stealing. … Enos eventually came to the conclusion the scammers were able to break into many of her sister’s apps and online accounts by taking over her mobile telephone number — not her physical phone, but her “line.” And to do that, the scammers posed as a family member to dupe T-Mobile, her sister’s mobile phone carrier, Enos now believes.
  • Researchers warn of text scams that send drivers fake bills for highway tolls: Cybercriminals have expanded the scope of so-called highway toll text scams in recent months, targeting people across multiple states with malicious SMS messages demanding payment for fictitious charges. … Researchers at cybersecurity firm Symantec have been tracking electronic toll collection scams across Illinois, Florida, North Carolina and Washington — noting the startling increase in messages received by residents. … Millions of Americans have signed up for their state electronic toll collection system, which texts you when you have unpaid charges to cover. Scammers now send text messages pretending to be state authorities, providing a link to a fake payment website that allows them to siphon critical personal information as well as financial data. 

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

Our enemies have been active this week.

  • Iran’s ‘Fox Kitten’ Group Aids Ransomware Attacks on US Targets: In a joint advisory, CISA and the FBI described the activity as a likely attempt by the group to monetize access to networks it already has compromised. … Iran’s state-sponsored Fox Kitten threat group is actively abetting ransomware actors in attacks against organizations in the US and other countries, the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) warned this week. … The ongoing activity appears to be an effort by the threat actor to monetize its access to victim networks across multiple sectors, including finance, defense, healthcare, and education.
  • Chinese government hackers penetrate U.S. internet providers to spy: Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says former top U.S cybersecurity official. … Chinese government-backed hackers have penetrated deep into U.S. internet service providers in recent months to spy on their users, according to people familiar with the ongoing American response and private security researchers. … The unusually aggressive and sophisticated attacks include access to at least two major U.S. providers with millions of customers as well as to several smaller providers, people familiar with the separate campaigns said.
  • North Korean hackers exploited Chrome zero-day to steal crypto: A North Korean hacking group earlier in August exploited a previously unknown bug in Chrome-based browsers to target organizations with the goal of stealing cryptocurrency, according to Microsoft.
  • US agencies warn against ransomware group behind hundreds of attacks in recent months: More than 210 organizations have dealt with ransomware attacks launched by the RansomHub group since February, according to an advisory from several U.S. cybersecurity agencies. … The FBI joined the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) in publishing an advisory on Thursday about RansomHub — which has gained prominence since hosting data stolen from UnitedHealth Group in April

Forbes has a comprehensive story on the cyber-attacks hitting our courts, including the LA Courts.

  • Cyberattacks On U.S. Courts: Vulnerabilities, Impacts, And Response Strategies: As cyber threats grow more sophisticated, U.S. courts are increasingly targeted by cybercriminals, exposing significant vulnerabilities in judicial systems. These attacks disrupt court operations and have broader implications, affecting employers who rely on public records for criminal background checks. Understanding the nature and impact of these cyberattacks underscores the urgent need to bolster cybersecurity measures within the judiciary to protect sensitive information and maintain public trust.

We have five stories on privacy this week. Two stories of security mismanagement leading to the exposure of millions of people’s sensitive. An FTC fine against a video-camera manufacturer after hackers accessed cameras in psychiatric hospitals and women’s health clinics. A landmark CA privacy bill that will soon make it easier to opt-out of data sharing in CA.  And a despicable privacy-stealing story of AI-generated fake nudes being shared on Telegram.

  • Nearly 32 million personal files with sensitive data have been exposed : Your full name, address, and partial credit card numbers may have been exposed in a data breach involving field service management business ServiceBridge. Security researcher Jeremiah Fowler’s report uncovers that nearly 32 million non-password-protected files, such as contracts, invoices, agreements, and more, were exposed. … The information was publicly accessible, with no security authorization needed, for an undisclosed amount of time, and there is no official confirmation of who may have accessed it. The files date back to 2012 and are linked to companies from Canada, numerous European countries, the U.S., and the U.K.
  • Whoops: FlightAware Exposes Sensitive Personal Data Of Millions Of Users, Pilots, And Plane Owners: Popular flight tracking app FlightAware says that they accidentally leaked the personal data of its 10,000 aircraft operators and 12 million users. According to an announcement by the company sent to users, “a configuration error” resulted in the company exposing user usernames, passwords, email addresses, names, billing addresses, telephone numbers, birth dates, aircraft ownership records, user data, and more.
  • Verkada Agrees to $2.95M Civil Penalty After Hacks: The U.S. Federal Trade Commission alleges that lax security practices allowed hackers to access sensitive video footage from Verkada’s IP-enabled security cameras. … The California cloud-based security camera company agreed to pay a $2.95 million civil penalty and implement a comprehensive security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women’s health clinics.
  • California passes landmark bill requiring easier data sharing opt outs for consumers: California legislators on Wednesday passed a bill which requires internet browsers and mobile operating systems to allow consumers to easily opt out from the sharing and selling of their private data with websites which use it for targeted advertising.  … State residents already have the right to send legally binding opt out requests — a provision established under the pioneering California Consumer Privacy Act — but browsers like Google Chrome, Safari and Edge, along with Android and iOS mobile platforms, do not currently offer tools for doing so, forcing consumers to download third-party software. … The new legislation creates an “opt-out preference signal” tool which would let citizens opt out of sharing their information by simply pushing a button to activate the signal on their internet browser, which would then send opt out requests to every website consumers visit by default.
  • ‘Anyone Can Be a Victim’: Sprawling AI Fake Nudes Crisis Hits South Korea: Discovery of a Telegram-based network creating faked pornographic images points to the nation as an epicenter of an emerging global problem. … The victims were reportedly teachers, military officers, undergraduates and elementary-school students. Across a labyrinth of Telegram group chats, anonymous users submitted photos of South Korean girls and women without their permission that were manipulated into sexually explicit images and videos viewed by hundreds of thousands. … South Korean authorities on Wednesday began an investigation to tackle faked pornographic images after a massive network was uncovered—involving hundreds of victims, many of them minors. The revelation reflected the scale of the problem facing South Korea, which according to some researchers is the source for roughly half of so-called “deepfake” porn videos spread globally. … Many countries, including the U.S., are confronting a rise in AI-generated fake nudes targeting young women and girls

This week in cybercrime.

Section 4: Helping Executives Understand Why and Know How.

One of the conclusions of a survey of technology leaders showed that organizations that connect technology investments to measurable business outcomes report 12% higher revenue growth.  Organizations can raise this number even higher by taking proactive steps to lower the impact of the inevitable cyber disruption.

  • Business leaders are losing faith in IT, according to this IBM study. Here’s why: For years, even decades, the thrust in information technology has been toward increasing sophistication and speeding up capabilities through more flexible and adaptable architectures, advanced analytics, and lately, artificial intelligence — making it all software-defined. However, businesses don’t seem to see the improvement — if anything, they are growing even more restless about the state of their IT capabilities. … Top business leaders’ confidence in the effectiveness of basic IT services is only about half of what it was 10 years ago, according to a study of 2,500 business and technology executives released by IBM’s Institute for Business Value. While AI should be improving things, generative AI has only made executives even more disgruntled with the state of IT.

Section 5:  Securing the Technology.

A critical update for IT organizations.

  • SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access: SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. … The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. … “This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.”

And a deep weakness that needs to be on every organization’s To-Do list.

  • Local Networks Go Global When Domain Names Collide: The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. … At issue is a well-known security and privacy threat called “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge

SUPPORT US

SecureTheVillage is a community-based response to the cybersecurity and privacy crisis. We are a 501c(3) nonprofit with a vision of a cybersecure global village. We invite you to join with us as together we make the vision a reality. It takes the village.

Be a CyberPartnerDonate