CyberheistNews vol 2, #12



CyberheistNews Vol 2, #12







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Scam Of The Week: Vacation Rentals



The bad guys have found a new way to scam people, and this exploit is

something that can be applied to many different situations, so it would

be a good idea to warn your users about this. The scam goes like this:


1) The bad guys go to a Vacation Rentals By Owner site like www.VRBO.com,

where people look for, and offer vacation homes. They scrape all email

addresses of people offering rentals, and then they attack those email

accounts to find the passwords.




2) They find some passwords and take

over these email addresses, then wait for interested parties to respond.

3) They pretend to be the owner and make the victim wire money to their

own account. That money is a 100% loss for the victim and the property

owner.







The Rule for Buyers: Never wire money to anyone, don't ever use a debit

card online and ideally never send checks. You are much better protected

with a credit card, where you can dispute a fraudulent charge.

The Rule for Sellers: By all means, please use a very strong password

that is truly hard to guess or better yet a passphrase. Microsoft has

a good page with examples how to do this:




Tips-for-creating-strong-passwords-and-passphrases">http://windows.microsoft.com/en-US/windows7/

Tips-for-creating-strong-passwords-and-passphrases










Did You Know We Can Do Vulnerability Scans?











KnowBe4 offers a service that scans your network and web-apps from the outside,

and uses the same techniques as black hat hackers to find weaknesses in your

network or systems. It highlights the vulnerabilities that are exploitable

by remote attackers. KnowBe4's vulnerability scans show the low-hanging fruit

that black hats will go after, and what needs to be done to remediate these

weaknesses that might result in a compromised website or corporate network.

KnowBe4's vulnerability scans are done remotely, and will result in a clear

report with what was found and what to do about it. For more detail, check

this page and please choose 'Contact Us' if you want a quote:


http://www.knowbe4.com/products/security-consulting/









10 Scariest Hacks From Black Hat And Defcon











It's far from Halloween yet, but these hacks are interesting to

look at. Networkworld got them together in a slide show. "During the

Black Hat and Defcon conferences in Las Vegas last week, researchers

wheeled out their best new attacks on everything from browsers to

automobiles, demonstrating ingenuity and diligence in circumventing

security efforts or in some cases in exploiting systems that were

built without security in mind. Here's a handful of the ones that

deserve the most concern". Get ready to get scared. LOL:

http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html?









Quotes of the Week









"Honesty is for the most part less profitable than dishonesty." - Plato







"Acting is all about honesty. If you can fake that, you've got it made." - George Burns







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/





Stop Phishing Security Breaches







Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.





IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.





Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.





Sign Up For Your Free Email Exposure Check Now


http://www.knowbe4.com/20120228-Primary/







KnowBe4






Do You Comply With The New PCI 2.0 Standard?







Credit card fraud has skyrocketed the last 5 years. This is why the

Payment Card Industry Council has come up with the new 2.0 standard,

why compliance is mandatory, and why the enforcement now has teeth.





Are you in IT and responsible for PCI compliance? Are you an owner,

or manage people that handle credit cards? KnowBe4 is excited to

announce a new online course for you that helps with the new 2.0

standard: PCI Compliance Simplified™





Your organization accepts credit cards, so from Jan 2012 you need to be

PCI DSS 2.0 compliant. But are you following the rules? Non-compliance

could cause you to lose your merchant account. For the first time, there

is a simple course that cuts through the confusion and clearly tells

you how you can be PCI compliant.





PCI DSS 2.0 2011, the new PCI standard became available at the

beginning of 2011, and organizations must stop using the previous

version, but do you know what the changes are? There are four

different levels of merchants, with different compliance rules

applying to each. Which level are you? What is an SAQ, (Self

Assessment Questionnaire) and which one(s) do you fill out? There

are 12 main requirements with over 250 rules, but which rules

apply to you?





Check out the new PCI Simplified course now and find out!


http://www.knowbe4.com/products/pci-compliance-simplified/





PS: This course comes with a valuable bonus: After the training, you

are able to download essential references regarding being or becoming

PCI compliant, and an incredibly useful PCI-specific glossary is included!





PPS: The cost per learner is in the FAQ, and you can click on the

'Get A Quote' button to get your volume discount quote by email.


http://www.knowbe4.com/products/pci-compliance-simplified/







KnowBe4






SANS Email Dos and Don'ts





SANS announced the March issue of OUCH! This month, led by Guest Editor

Fred Kerby, they explain the Dos and Don'ts of using email. Specifically,

how people can be their own worst enemy when it comes to email such as

copying the wrong recipient with auto-complete, sending an email when

emotionally charged or not understanding the privacy limitations of

email. As such they explain in simple terms how some of email's most

common features work and how to avoid shooting yourself in the foot.

Download now and share at:


http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201203_en.pdf









KnowBe4






Fake AV Attack Targets WordPress Users





Websense detected a new wave of mass-injections of a well-known rogue

AV campaign. It targets websites that use the open source WordPress

website content management system. Websense reported that more than

200,000 web pages had been compromised, on 30,000 websites where

about 6 pages each were infected.





The injection redirects them to rogue AV sites that try to social

engineer the users to download and install a Trojan onto their

workstation. Wensense said these rogue AV sites do the known trick

of simulating a scan and reporting fake infections, using a "Windows

Security Alert" dialog box. Would not hurt to warn your users about

this once more! Link:


http://community.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx?cmpid=pr





KnowBe4










Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Have You Tried Turning It Off And On Again?" from the British sitcom

'The IT Crowd'. A riot:


http://www.flixxy.com/the-it-crowd-have-you-tried-turning-it-off-and-on-again.htm





A most hilarious and amazing mime at the "Greatest Cabaret in the World"

in Paris. This guy is goood:


http://www.flixxy.com/hilarious-and-amazing-mime.htm





Why do users make all these hard copies? IT likes High Tech, but users like

High Touch, it's the inner caveman at work as per physicist Michio Kaku:


http://online.wsj.com/article/SB10001424052970203960804577239852155894014.html





75-year-old Gennai Yanagisawa has created a 75kg (165-pound) one-man aircraft

which sets the world record for the smallest helicopter. I want one:


http://www.flixxy.com/worlds-smallest-one-man-helicopter.htm





American Idol contestant Jessica Sanchez most amazing performance of Whitney

Houston’s "I Will Always Love You":


http://www.flixxy.com/jessica-sanchez-i-will-always-love-you-american-idol.htm







Champion driver Vaughn Gittin in his 2011 Ford Mustang drift car chases

Remote Controlled Ford Mustang drift car.


http://www.csoonline.com/article/701040/how-to-sneak-into-a-security-conference?





The official NASA Space Shuttle has finally been retired. In honor of the

great achievements that came from the shuttle, German space enthusiasts

launched a weather balloon into space carrying a Lego model of the space

shuttle:


http://www.flixxy.com/lego-space-shuttle-actually-sent-to-space.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews