Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.
Here are the most interesting articles we’ve found this week that could be helpful to you:
Scam Of The Week – Netflix For Free
With the pervasiveness of Netflix, this particular phishing scam is extremely effective.
At the moment, there are active malware and phishing campaigns targeting Netflix users. The operations are fairly sophisticated, so it is likely this is the work of an Eastern European cybermafia.
Phishing Attacks Continue to Sneak Past Defenses
It seems like every week there is a different spin on phishing scams. Keep your guard up.
“Even though companies are taking actions, it is still one of the easiest ways in,” Angela Knox, senior director of engineering and threat research for Cloudmark
Ninety-one percent of companies encountered phishing attacks in 2015, with the lion’s share—84 percent—of companies claiming attacks successfully snuck past their security defenses, according to a survey of 300 U.S. and UK firms conducted as part of the report. A relatively simple attack—sending a message to the accounting department purportedly from the company CEO—has become quite popular, with 63 percent of companies having encountered the tactic.2
Hack Brief: Last Year’s IRS Hack Was Way Worse Than We Realized
The IRS keeps adjusting the number of accounts that got compromised in a hack last year. I have no confidence that these numbers are right. Take a look at one of our past articles for ways to protect yourself from this particular breach.
The initial IRS report indicated that 114,000 accounts had been compromised. It revised that number last August, raising it to 334,000. On Friday, the IRS added another 390,000 accounts to the pile, for a total of well over 700,000 people. There have also been a total of 500,000 targeted, but failed, attempts at access.
Wireless mice and keyboards vulnerable to MouseJack takeover
This is a rare vulnerability that can affect air gapped machines and machines without the use of the networking stack.
An attack of this nature can happen so fast that even if the victim realizes someone has accessed their machine, it’s probably too late. The implications are grave, as hackers could leverage this flaw to steal credentials and sensitive data, or infect a machine with malware that can quickly spread across a connected enterprise. “They can even bypass an air-gapped network by turning a PC into a WiFi hotspot,” said Rouland. Potential applications run the gamut from financial cybercrime to corporate spying to nation-state cyberespionage. Bastille discovered the vulnerability in products manufactured by all seven of the wireless vendors it tested — AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech and Microsoft.
