CyberheistNews vol 2, #6



CyberheistNews Vol 2, #6







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Facebook Malware Scam Of The Week



A "worrying number" of Facebook users are sharing a link to a

malware-laden fake CNN news page reporting the U.S. has attacked Iran

and Saudi Arabia, security firm Sophos said Friday. This is a great

example of employees falling for a social engineering trick. You

could send them an email to warn them against this scam, and prevent

workstations in the office and at the house from getting infected.

More:


http://cwonline.computerworld.com/t/7843830/987374514/550432/0/









Next Version of our Security Awareness Training









We are working hard on releasing the next version of our Security

Awareness Training. The existing version focuses a lot on detecting

phishing emails and not clicking on malicious link, and while the

new version still does that, we are expanding it to more training

on other forms of Social Engineering. To get you world-class quality,

we are working with an authority in the area. We hope to release the new version in the

March/April timeframe.





Quotes of the Week









"Reality isn't the way you wish things to be, nor the way they appear to

be, but the way they actually are. You either acknowledge reality and

use it to your benefit or it will automatically work against you."
- Robert Ringer







"Governments tend not to solve problems, only to rearrange them." - Ronald Reagan









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/





Free Simulated Phishing Attack







Always been curious to find out what percentage of your employees

actually are Phish-prone™?




Did you know that almost half of all network malware infections are

caused by social engineering? Because cyber-attacks are rapidly

getting more sophisticated, the frustration level and risk continues

to mount for IT Administrators.



Take the first step now to improve your organization’s defenses against

cybercrime. Fill out the form, and you will be able to start your Free

Simulated Phishing Attack. That allows you to find out what percentage

of your users is Phish-prone. The number is usually much higher than

you think.



You will get immediate access to start the simulated attack. We call it

the 'Phishing Security Test' (PST). Sign Up For Your FREE Simulated

Phishing Attack Now:


http://www.knowbe4.com/simulated-phishing-attack/







KnowBe4






Google Reveals Android Malware 'Bouncer,' Scans All Apps







Google last week unveiled an automated system that scans Android apps

for potential malware or unauthorized behavior, a move critics have

long called the company to make. The scanning service, appropriately

codenamed "Bouncer," has been in action "a number of months," said

Hiroshi Lockheimer, the vice president of engineering for Android,

in an interview Thursday. "The interesting thing is that no one

really noticed. It didn't disrupt the end user's experience [in the

Android Market] or disrupt the developers. They didn't have to think

about it at all." They claim 40% reduction in malicious app downloads

in second half of 2011. More at Computerworld:


http://www.computerworld.com/s/article/9223949/Google_reveals_Android_malware_Bouncer_scans_all_apps?





KnowBe4






Verisign Must Reveal More about Breaches





Eric Chabrow at the healthcare infosecurity site makes a very good point.

"Verisign Inc. may have followed the letter of the law when revealing a

series of breaches in an SEC filing. But the company that assures the

flow of a hefty portion of Internet traffic should have been more

forthright to ease the minds of its various constituencies. Verisign's

SEC filing is perplexing in so many ways, and raises additional questions

that the company must answer, as companies that might have used Verisign

authentication wares need to know if they might have been compromised

because it could affect how they comply with regulations." If you are

regulated though HIPAA, PCI, SOX or any other, read this article and

the FAQ below:


http://www.healthcareinfosecurity.com/blogs.php?postID=1186





Here is an FAQ about the Verisign Data Breaches:


http://www.csoonline.com/article/699423/faq-about-the-verisign-data-breaches?



KnowBe4



Half Of Fortune 500 Firms Infected With DNS Changer. How 'bout You?





Half of all Fortune 500 companies and major U.S. government agencies own

computers infected with the "DNS Changer" malware that redirects users to

fake websites and puts organizations at risk of data theft, a security

company said today. Good read, with hints, tips and how-to's:


http://cwonline.computerworld.com/t/7840343/987374514/550278/0/



KnowBe4




Out-of-date Browsers, A Serious Liability



It's a well known fact that older versions of browsers are a security

accident waiting to happen, but it's interesting to see that large

corporations have a hard time with this. Often, legacy apps require old

browser versions to work, but what is the risk? SecurityFocus did some

research and check out these numbers:


Internet Explorer 6 has 150 Advisories and 473 known Vulnerabilities


Internet Explorer 7 has 50 Advisories and 26 known Vulnerabilities


Internet Explorer 8 has 18 Advisories and 62 known Vulnerabilities






And that is only counting the known holes, add a few more unknown

zero-day vulnerabilities for each of these version. If you have an

environment where all three are running, which is not all that uncommon

in large organizations, and your patching process now and then has

issues and updates are not occurring as they should, (which happens

more than we'd like to admit), there are a potential 561+ opportunities

to infect a system. Standardizing on the most recent version of any

browser and religiously making sure that security patches are correctly

applied is of tremendous importance.







KnowBe4






Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





The sporty 2012 Volkswagen Beetle inspires Bolt the dog to get in

shape, and an intergalactic superstar makes a surprise appearance:


http://www.flixxy.com/the-dog-strikes-back-2012-volkswagen-super-bowl-ad.htm





Toy-sized quadrotors flying in formation. This is very cool:


http://boingboing.net/2012/02/01/toy-sized-quadrotors-flying-in.html





Geekiest marriage proposals of all time:
http://www.networkworld.com/community/blog/geekiest-marriage-proposals-all-time?





"OK Go" drove down a two-mile stretch lined with 1,000 instruments in a Chevy

Sonic for their latest music video / Super Bowl 2012 ad, which took four months

to prepare and four days to shoot:
http://www.flixxy.com/ok-go-needing-getting-chevy-super-bowl.htm





Sir Elton John and The X Factor winner, Melanie Amaro, face off in a medieval

music showdown:
http://www.flixxy.com/elton-john-melanie-amaro-kings-court-super-bowl.htm





Madonna performs live at Super Bowl XLVI with Nicki Minaj, MIA, LMFAO and

Cee Lo Green:
http://www.flixxy.com/super-bowl-2012-madonna-half-time-show.htm





A compilation of some amazing innovations in the world of furniture::
http://www.flixxy.com/modern-furniture.htm





Coolest car on the block or smartest technology in the galaxy? A curious

group of intergalactic creatures check out the Chevy Volt:
http://www.flixxy.com/aliens-come-on-chevy-volt-super-bowl.htm





A family’s pet wolf takes on an unexpected role: Mama cat.


http://www.flixxy.com/wolf-aka-mama-cat.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews