New Russian based malware on the loose!

According to ZDNet.com, the FBI and NSA have jointly stated that there’s a new Linux based Malware being aimed at other countries, namely ones in the West like the United States.

A brief description of the malware in question:

“Drovorub is a ‘swiss-army knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote controlling the victim’s computer”

As far as protection from Drovorub is concerned, U.S. private and public companies are being warned to take this threat seriously and implement any possible measures that will protect them from this cyber threat as soon as possible.

Check out the full article here for more details.

SANS Institute breach

 

A sign of the times indeed!

A well known U.S. company that focuses on information security and cybersecurity training experienced a security breach at the hands of one of their own employees.  Long story short, the user installed a malicious Office 365 add-in which triggered the mass forwarding of many emails spread out over 28,000 accounts.  Yikes!

SANS released a statement about the breach here.  Check it out for further details.

A Windows 7 End of Service PSA courtesy of the FBI

In one of the most obvious assessments of the year, the FBI has warned stakeholders that one of the biggest threats today is the continued unsupported use of Windows 7 in many firms across the U.S.

Obviously, the current pandemic has turned the world upside down but that shouldn’t stop anyone from doing one of two things: upgrade to Windows 10 or purchase extended support licenses.  Just freaking do it! HAHA!

Aftermath of the “Epic” Twitter Hack

As a result of the Twitter hack that compromised the accounts of many high profile individuals, charges have been brought against the three individuals for their roles in the scam.

I cam across a post joking about how this appears to be the work of a North Korean but come to find out, two of the three are homegrown in the U.S. with the other residing in the U.K.

KrebsOnSecurity.com continues to follow the story and has the full update here.

The “Epic” Twitter Hack

The hacking of Twitter accounts belonging to prominent members of society has all of us asking: How in the world did something like this happen?  At surface level, you would think that it was an individual who acted upon this but come to find out, it involved an entire team of users to accomplish what happened.

Brian Krebs does an excellent job of summarizing exactly what happened and the objective that were behind it.  Check out the full scoop here at KrebsonSecurity.com and let me know what you think!

Awesome security reads!

We’ll I have to say that it appears everywhere you look, there’s some type of security hack, breach, or phishing attack occurring especially during this COVID-19 pandemic.

Lots of sites produce great content and report on the state of cybersecurity all the time but hats off to BleepingComputer.com for staying at the forefront of such threats aimed at us.

Just a few of their latest reads about Office 365 phishing the U.S. Supreme Court and Microsoft Teams, Fake U.S. Treasury emails, and more!  Enjoy!

Coronavirus fraud

Another great report found on BleepingComputer.com in that even during these challenging times, the scam artists haven’t stopped.

According to the U.S. Federal Trade Commission, an estimated $12 million has been lost as a result of Coronavirus-related scams since the beginning of this year.

Furthermore, a whopping 16,000+ fraud incidents have been reported by consumers with almost have of those reporting losses within the same time period.

It’s sad that we as consumers have to deal with this type of scam as a result of this pandemic but its just a reminder that we must not let our guard down and remain alert!  For more info, check out the article here…Stay safe and healthy!

Phone scams during COVID-19

Just came across a post from security expert Chris Krebs on his website detailing some of the best practices in response to phone scamming attempt affecting millions worldwide.

His tagline response of “Hang Up, Look Up, & Call Back” is something that all of us can embrace whether you’re a tech novice or a savvy, seasoned user but if you choose to drop the ball, you would be surprised how easily one can be taken for whatever info these scammers desire.

Check out the post here for the full story complete with a tech expert being taken advantage of!  Crazy stuff indeed!

Microsoft buys Corp.com?

At last, Microsoft has finally bit the bullet and purchased the corp.com domain.  You may be asking yourself, why is this relevant?  The answer to this goes way back in time, back to a time when computers being networked to one another was a relatively new thing to do.  Long story short, Microsoft used the corp.com name as a default name when creating your own Active Directory based domain.

Ok I admit, I’m probably not as well versed its its history as I should be but kudos goes to Brian Krebs who has kept close track of this as of late.

Check out his post about the topic here for the full scoop!

Another “End of Life” extension

Amid the COVID-19 pandemic, pressure has mounted in the tech industry to extend support for various products and services.  One major announcement having to do with email using Exchange Online is that basic authentication will be phased out in late 2021 instead of its originally scheduled October 2020 date.

Although basic authentication is much less secure than other methods available, it is obvious IT departments around the world are dealing with much more important items (including yours truly) at this time and most likely welcome this news.

Check out the full post from Microsoft here for the full scoop!