Security daily (21-08-2020)

FBI, CISA warn of ‘voice phishing’ campaigns

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency on Thursday warned the private sector of a “voice phishing” campaign in which cybercriminals call up corporate employees to get them to hand over login credentials. In a campaign that began in mid-July, unidentified attackers used stolen credentials to scour corporate databases for personal information they could monetize and use in other attacks, the FBI and CISA alert said. In some cases, the attackers “posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information…to gain the trust of the targeted employee,” the advisory says. The warning caps a month in which cybercriminals have been rampantly employing “vishing,” as the voice phishing technique is known, to try to steal money. The attackers who took over celebrity Twitter accounts in July to mine bitcoin did so through “vishing.” Florida police arrested a 17-year-old and […] The post FBI, CISA warn of ‘voice phishing’ campaigns appeared first on CyberScoop. (CyberScoop)

No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans

For fraudsters looking to swindle big corporations, sometimes it’s just a matter of asking. Earlier this week, the South African division of credit reporting giant Experian revealed that someone posing as a client had tricked the firm into coughing up personal information on an untold amount of South African consumers. The South African Banking Risk Information Centre (SABRIC), an association of banks focused on combating crime, put a number on the breach: up to 24 million people, and nearly 794,000 “business entities,” could be affected. Investigators have been working with banks to figure out which of their customers may have had their personal data exposed, according to SABRIC. It’s a reminder of the reams of personal data that credit monitoring firms like Experian and Equifax are sitting on, and the high stakes those firms face in protecting it. A social engineering trick, or an unpatched software flaw, can open the […] The post No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans appeared first on CyberScoop. (CyberScoop)

Outlook “mail issues” phishing – don’t fall for this scam!

We deconstruct an email phishing scam in detail so you don't have to! (Naked Security)

Using AI to fight hand-crafted Business Email Compromise

Using natural language models to identify Business Email Compromise (BEC) (Naked Security)

Become an In-Demand Web Developer with This 11-Course Bundle

The web development landscape has changed dramatically over the past ten years. Both aspiring and seasoned developers now need to know a wide range of programming languages and platforms to create truly pro-level sites from scratch, and continuing education is vital if you want to stay ahead of the curve and be competitive in this increasingly popular and lucrative field.

Still, you don't need to invest an exorbitant amount of time or money to get the skills you need to build great sites from the comfort of your own home. The 2020 Ultimate Web Developer & Design Bootcamp Bundle will get you... more (Null Byte « WonderHowTo)

Hackers Leak Alleged Internal Files Of Chinese Social Media Monitoring Firms

(News ≈ Packet Storm)

Ex-Uber CSO Charged In Covering Up Theft Of Personal Info

(News ≈ Packet Storm)

Alarm Sounded Over Malicious AWS Community AMIs

(News ≈ Packet Storm)

University Of Utah Handed $457k To Ransomware Creeps

(News ≈ Packet Storm)

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed.

Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a full-featured tool (The Hacker News)

University of Utah Pays $457K After Ransomware Attack

The university said that it paid $457,000 to retrieve a decryption key after a ransomware attack encrypted student and faculty data on its servers. (Threatpost)

Researchers Sound Alarm Over Malicious AWS Community AMIs

Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers. (Threatpost)

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. (Threatpost)

Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up

Joseph Sullivan allegedly paid off $100K to the hackers responsible for a 2016 data breach, which exposed PII of 57 million passengers and drivers. (Threatpost)


/security-daily/ 22-08-2020 23:44:22