CyberheistNews Vol 2, #12
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Scam Of The Week: Vacation Rentals
The bad guys have found a new way to scam people, and this exploit is
something that can be applied to many different situations, so it would
be a good idea to warn your users about this. The scam goes like this:
1) The bad guys go to a Vacation Rentals By Owner site like www.VRBO.com,
where people look for, and offer vacation homes. They scrape all email
addresses of people offering rentals, and then they attack those email
accounts to find the passwords.
2) They find some passwords and take
over these email addresses, then wait for interested parties to respond.
3) They pretend to be the owner and make the victim wire money to their
own account. That money is a 100% loss for the victim and the property
owner.
The Rule for Buyers: Never wire money to anyone, don't ever use a debit
card online and ideally never send checks. You are much better protected
with a credit card, where you can dispute a fraudulent charge.
The Rule for Sellers: By all means, please use a very strong password
that is truly hard to guess or better yet a passphrase. Microsoft has
a good page with examples how to do this:
Tips-for-creating-strong-passwords-and-passphrases">http://windows.microsoft.com/en-US/windows7/
Tips-for-creating-strong-passwords-and-passphrases
Did You Know We Can Do Vulnerability Scans?
KnowBe4 offers a service that scans your network and web-apps from the outside,
and uses the same techniques as black hat hackers to find weaknesses in your
network or systems. It highlights the vulnerabilities that are exploitable
by remote attackers. KnowBe4's vulnerability scans show the low-hanging fruit
that black hats will go after, and what needs to be done to remediate these
weaknesses that might result in a compromised website or corporate network.
KnowBe4's vulnerability scans are done remotely, and will result in a clear
report with what was found and what to do about it. For more detail, check
this page and please choose 'Contact Us' if you want a quote:
http://www.knowbe4.com/products/security-consulting/
10 Scariest Hacks From Black Hat And Defcon
It's far from Halloween yet, but these hacks are interesting to
look at. Networkworld got them together in a slide show. "During the
Black Hat and Defcon conferences in Las Vegas last week, researchers
wheeled out their best new attacks on everything from browsers to
automobiles, demonstrating ingenuity and diligence in circumventing
security efforts or in some cases in exploiting systems that were
built without security in mind. Here's a handful of the ones that
deserve the most concern". Get ready to get scared. LOL:
http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html?
Quotes of the Week
"Honesty is for the most part less profitable than dishonesty." - Plato
"Acting is all about honesty. If you can fake that, you've got it made." - George Burns
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly security awareness trained.
IT Security specialists call it your phishing attack surface. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. Its often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
Do You Comply With The New PCI 2.0 Standard?
Credit card fraud has skyrocketed the last 5 years. This is why the
Payment Card Industry Council has come up with the new 2.0 standard,
why compliance is mandatory, and why the enforcement now has teeth.
Are you in IT and responsible for PCI compliance? Are you an owner,
or manage people that handle credit cards? KnowBe4 is excited to
announce a new online course for you that helps with the new 2.0
standard: PCI Compliance Simplified
Your organization accepts credit cards, so from Jan 2012 you need to be
PCI DSS 2.0 compliant. But are you following the rules? Non-compliance
could cause you to lose your merchant account. For the first time, there
is a simple course that cuts through the confusion and clearly tells
you how you can be PCI compliant.
PCI DSS 2.0 2011, the new PCI standard became available at the
beginning of 2011, and organizations must stop using the previous
version, but do you know what the changes are? There are four
different levels of merchants, with different compliance rules
applying to each. Which level are you? What is an SAQ, (Self
Assessment Questionnaire) and which one(s) do you fill out? There
are 12 main requirements with over 250 rules, but which rules
apply to you?
Check out the new PCI Simplified course now and find out!
http://www.knowbe4.com/products/pci-compliance-simplified/
PS: This course comes with a valuable bonus: After the training, you
are able to download essential references regarding being or becoming
PCI compliant, and an incredibly useful PCI-specific glossary is included!
PPS: The cost per learner is in the FAQ, and you can click on the
'Get A Quote' button to get your volume discount quote by email.
http://www.knowbe4.com/products/pci-compliance-simplified/
SANS Email Dos and Don'ts
SANS announced the March issue of OUCH! This month, led by Guest Editor
Fred Kerby, they explain the Dos and Don'ts of using email. Specifically,
how people can be their own worst enemy when it comes to email such as
copying the wrong recipient with auto-complete, sending an email when
emotionally charged or not understanding the privacy limitations of
email. As such they explain in simple terms how some of email's most
common features work and how to avoid shooting yourself in the foot.
Download now and share at:
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201203_en.pdf
Fake AV Attack Targets WordPress Users
Websense detected a new wave of mass-injections of a well-known rogue
AV campaign. It targets websites that use the open source WordPress
website content management system. Websense reported that more than
200,000 web pages had been compromised, on 30,000 websites where
about 6 pages each were infected.
The injection redirects them to rogue AV sites that try to social
engineer the users to download and install a Trojan onto their
workstation. Wensense said these rogue AV sites do the known trick
of simulating a scan and reporting fake infections, using a "Windows
Security Alert" dialog box. Would not hurt to warn your users about
this once more! Link:
http://community.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx?cmpid=pr
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Have You Tried Turning It Off And On Again?" from the British sitcom
'The IT Crowd'. A riot:
http://www.flixxy.com/the-it-crowd-have-you-tried-turning-it-off-and-on-again.htm
A most hilarious and amazing mime at the "Greatest Cabaret in the World"
in Paris. This guy is goood:
http://www.flixxy.com/hilarious-and-amazing-mime.htm
Why do users make all these hard copies? IT likes High Tech, but users like
High Touch, it's the inner caveman at work as per physicist Michio Kaku:
http://online.wsj.com/article/SB10001424052970203960804577239852155894014.html
75-year-old Gennai Yanagisawa has created a 75kg (165-pound) one-man aircraft
which sets the world record for the smallest helicopter. I want one:
http://www.flixxy.com/worlds-smallest-one-man-helicopter.htm
American Idol contestant Jessica Sanchez most amazing performance of Whitney
Houstons "I Will Always Love You":
http://www.flixxy.com/jessica-sanchez-i-will-always-love-you-american-idol.htm
Champion driver Vaughn Gittin in his 2011 Ford Mustang drift car chases
Remote Controlled Ford Mustang drift car.
http://www.csoonline.com/article/701040/how-to-sneak-into-a-security-conference?
The official NASA Space Shuttle has finally been retired. In honor of the
great achievements that came from the shuttle, German space enthusiasts
launched a weather balloon into space carrying a Lego model of the space
shuttle:
http://www.flixxy.com/lego-space-shuttle-actually-sent-to-space.htm