Tag Archive for: holiday

Keep your holiday season merry by guarding against cybercriminals

/in


malware

Sarah Reingewirtz / The Orange County Register via AP

U.S. Attorney Martin Estrada announces in Los Angeles on Tuesday, Aug. 29, 2023 the multinational take down operation of Qakbot malware. In their latest disruption of global cybercrime, the FBI and partners in Europe infiltrated and seized control of a major malware network that was used for more than 15 years to commit a gamut of online crimes including crippling ransomware attacks.

We hate to be the bearers of stressful or anxiety-inducing news, but there are now less than 10 days remaining in the pre-Christmas holiday shopping season. Moreover, according to the U.S. Postal Service, today is the final day to postmark greetings cards and other first-class mail in order to have it received by Dec. 25.

Now that we’ve sent you scurrying to your favorite local storefront or online shopping site, we thought it appropriate to provide a few best practices to avoid falling prey to scammers, hackers, thieves, porch pirates and other Grinches looking to take away the joy of giving this holiday season.

  • If you do your shopping online, AAA recommends taking a few basic precautions before providing your financial information to a website. Avoid using public Wi-Fi at airports or cafes that can be easily monitored by cybercriminals looking to steal your credit card number or passwords.
  • Confirm that the address (or URL) of the website you’re using is secure and begins with “https” instead of “http.” The “s” stands for secure. Often, secure websites will display a padlock in the corner of the screen next to the URL. If you don’t see the padlock, you might reconsider entering your information on the site.
  • If you see spelling errors, strange language choices or images on the website that don’t quite make sense, you should find a different company from which to purchase. This can all be signs of a “pharming” scam in which you are automatically redirected, without your consent, from a legitimate website to a copycat website designed to steal your financial information.
  • Secure your most important online accounts with strong passwords and two-factor authorization that will keep…

Source…

The SANS Holiday Hack Challenge is back! • The Register

/in


Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack Challenge is a great way of combining festive fun and learning. Who knows, the skills you acquire this holiday season might even help you foil a nefarious hacker at Yuletide next year.

That’s important because some reports reckon that Christmas and New Year is one of the most dangerous times of the year for cyber attacks, as cyber criminals ramp up their effort to exploit workers rushing to meet holiday deadlines and spend more time shopping on the internet during work hours. Phishing scams related to fake charity campaigns, Distributed Denial of Service (DDoS) attacks, and credential stuffing incidents that take advantage of staff Multi-Factor Authentication (MFA) fatigue are all favourite seasonal scams for example.

Learning how to combat those threats is essential for the cyber security practitioner. The SANS Holiday Hack Challenge is designed for everyone – regardless of skill set or experience level – and offers a prize at the end of the competition for the best of the best entries. This year’s event – Holiday Hack Challenge 2023: A Holiday Odyssey – involves tasks that cover everything from AI-assisted cybersecurity, offense, defense, and AI voice cloning to cloud and web application security, threat hunting, phishing analysis, and the identification of vulnerabilities in space mission software packages.

You can join the fun here. You’ll see a YouTube video presented by Ed Skoudis, Director of the Holiday Hack Challenge, which gives you a sneak peek as to what expect while offering some ideas, tips, and tricks that could help you win the competition. There are also some festive, cyber security-themed tunes and beats to sing along with to get you in the mood.

Click here to start playing now.

Sponsored by SANS.

Source…

Refreshed from its holiday, Emotet has gone phishing • The Register

/in


Emotet is back. After another months-long lull since a spate of attacks in November 2022, the notorious malware operation that has already survived a law enforcement takedown and various periods of inactivity began sending out malicious emails on Tuesday morning.

Researchers with cybersecurity firms Codefense and Cryptolaemus, which track Emotet activity, both reported a sudden startup in the spamming from the botnet. And Palo Alto Networks’ Unit 42 threat intelligence group tweeted about the new activity, with the researchers saying they had “also seen new #Emotet #malspam and the associated malware (inflated Word docs and inflated Emotet Dll files).”

It’s unknown why the operation has started up now after three months of no activity, or how long it will last – the previous spamming in November 2022 lasted two weeks before everything stopped, and even that was preceded by three months of quiet.

However, Emotet’s return has generated a lot of discussion in the cybersecurity world about malware that less than a year ago was ranked by Check Point as the world’s top cyberthreat.

“We are seeing [Emotet’s] Red Dawn templates that are very large coming in at over 500MB,” Cryptolaemus tweeted about the Russia-linked malware operation. “Currently seeing a decent flow of spam … Get ready because here comes fat docs from Ivan!”

An evolving threat

Emotet started life almost a decade ago as a banking trojan, but it soon evolved into a malware delivered through spear-phishing campaigns, including emails that contain malicious Microsoft Word and Excel attachments. In January 2021, law enforcement from the US, UK, Europe, and Ukraine took apart the operation’s infrastructure, but the group resurfaced 10 months later.

“The malware and actors resumed operations with a vengeance and rose back up to become one of the top malware families used in phishing attacks,” cybersecurity outfit AttackIQ wrote in a report last month.

One of Emotet’s attributes has been its flexibility in attachment types used to evade detection signatures, according to AttackIQ.

Codefense writes that the malicious emails being sent this week appear to be replying to email chains that already exist, with ZIP…

Source…

Top tips for security‑ and privacy‑enhancing holiday gifts

/in


Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny!

Thanks to a decade or more of big-name data breaches, global privacy scandals and consumer rights legislation like the GDPR, we’re all more aware of cybersecurity and privacy issues today. And now that many of us are working more from home and our personal and work lives have begun to blur, the stakes have raised somewhat. No-one wants to end up in front of HR because their reused passwords were stolen and used to hack a corporate database, for example.

Our personal data is of great value not just to advertisers and data brokers, but even more worryingly, to cybercriminals. Unfortunately, there are many ways for nefarious individuals to get hold of it. They could use phishing attacks to target us directly. They may hide info-stealing malware in mobile apps, gaming torrents or other legitimate-looking software. Or they might use previously breached data to obtain our credentials and hijack our accounts. When it comes to advertisers and data brokers, much of the data slurping and selling is done silently in the background, often thanks to third-party cookies for better ad targeting or user experience.

Understandably, many of us want to mitigate the impact of these threats. So why not give the gift of better security and privacy and help your loves ones make some practical steps towards better protecting their personal information online?

But let’s first mention something that is a must these days and surely you have it covered already: comprehensive security software. You know by now that you and your family should use a security solution from a reputable provider on all your devices. Smartphones and tablets – which have been among the most popular holiday tech gifts for a while now – also need comprehensive protection from device-, network-, web- and app-based threats. If a device is connected to the internet, then there’s a possible risk malware could find its way onto it. And once on there,…

Source…