|
CyberheistNews Vol 3, 31
Editor's Corner
Scam Of The Week: Christian Singles
There is a raft of phishing attacks going on at the moment, coming from "cara@ChristianMingle" which of course is a spoofed email address which uses your first name in the email to make you think this is legit. They start out with "Firstname, Ready to meet your newest match from ChristianMingle?" They then go on with several lines, all like:
"meishac is 21 and lives in Hollywood, FL, USA. Want to know more or see meishas photos? Click here!"
It's obvious this is a trap and do not click on any of these links. At the least you will lose time but lots worse things can happen:
- Your PC can get infected with malware
- Your identity can be stolen
- Your bank account can be emptied
- Bad guys can download child porn to your computer which will get you SWAT-ted and jail time and more...
Do not click on links in spam or phishing emails that make you curious, remember The Seven Deadly Social Engineering Vices? Remind your users!
http://blog.knowbe4.com/bid/290552/The-Seven-Deadly-Social-Engineering-Vices
NSA Surveillance: IT Pro Survey Says What? - Security - Privacy -
The results of the KnowBe4 survey about NSA surveillance that many of you participated in was picked up by InformationWeek. They did a very good write-up and summary of the results. IT folks think very different from the average population when it gets to this! Story:
http://www.darkreading.com/messages.asp?piddl_msgthreadid=5427&piddl_msgid=187689
Related to this, the US House of Representatives this week voted down an amendment to the DoD Appropriations Act of 2014 that would have restricted the NSA's authority for bulk collection of phone record metadata. Boo. Hiss. Here is an article in WIRED with the vote count, showing how your Rep stood on this issue:
http://www.wired.com/threatlevel/2013/07/house-nsa-repeal-vote/
Does User Awareness Help? Vendors Begin To Take Sides
Tim Wilson at the Dark Reading site wrote July 23, 2013: "When all you have is a hammer, everything looks like a nail," the old saying goes. In the past, this has been especially true in cybersecurity, where technology vendors have attempted to solve virtually every problem with the one thing they have: more technology. Got a virus? Antivirus software. Data leak? Data leak prevention. If you've got a security problem, there's an app (or an appliance) for that.
"Most of these technologies overlook one of the weakest links in the security chain: the human end user. While technology continues to improve, little has been done to make the user smarter and more able to recognize potential threats. End-user awareness, though often talked about and nominally taught in most enterprises, has been largely ignored by most technology vendors -- except those that offer user training and awareness tools.
"That's why I found it interesting this week that FireEye -- a vendor that specializes in technology -- stepped forward to partner with PhishMe to promote end-user awareness training. This type of initiative is not new for other vendors that offer end-user awareness-training tools, but it is new for technology vendors such as FireEye to make a strong commitment to end-user training.
"There's still a lot of debate about the effectiveness of security-awareness training, and there are still a lot of enterprises whose training programs are extraordinarily bad. But if technology vendors continue to get on the bandwagon and get involved in end-user awareness, it could make a difference in the way such programs work -- and how they are perceived. The scales may have finally tipped in the direction of those who favor end-user training -- and want to see it done right."
And our perspective on this of course is: "Could not agree more!" KnowBe4 has partnered up with Accuvant, a $1B research driven information security partner delivering alignment between IT security and business objectives. You can now order Kevin Mitnick Security Awareness Training from your Accuvant Rep. They have all just been briefed. Here is the datasheet:
http://www.accuvant.com/sites/default/files/datasheet_labssecurityawareness_final_12-20-12.pdf
The above is just an excerpt from his whole article which you can find here:
http://www.darkreading.com/end-user/does-user-awareness-help-vendors-begin-t/240158812
Quote of the Week
"It will always be the case that much is classified that need not be classified. But that’s not the real problem. The real problem is how much is classified that needs not to be classified if we want to be a democracy." — Daniel Ellsberg, in conversation with investigative journalist Brad Friedman on KPFK/Pacifica Radio
Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here
You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/319903/CyberheistNews-Vol-3-30
|
What Is Your Security Awareness Confidence Score?
A new whitepaper from Osterman Research shows which of the 5 types of awareness training has the best results.
Well over 200 organizations were asked questions related to their awareness training, malware infiltration, and if their problems with phishing were worse, the same or getting better. Research showed that an organization's Security Awareness Confidence Score varies significantly depending on the awareness training type they use.
Download this whitepaper and find out which awareness training approach correlates with improvement of the phishing problem.
http://info.knowbe4.com/whitepaper-osterman-0
How Google Just Quietly Made Your Android Phone More Secure
JR Raphael over at ComputerWorld made a very good point: "By now, you've probably heard all about the changes introduced with Google's Android 4.3 release. But those fresh features and bits of polish are only part of the story. One of Google's biggest changes to the Android platform is actually happening outside of the operating system -- and it's affecting almost every Android device in the world.
"It's the widespread launch of a universal app-scanning system -- a system that watches your device for any new application, even one loaded directly onto the device ("sideloaded") from outside of the Google Play Store, and instantly checks the app for malicious or potentially harmful code.
"That's huge. And while we've been busy focusing on new devices and fun features, Google's been busy making sure every Android user has that system on his phone -- whether he realizes it or not." More:
http://blogs.computerworld.com/android/22552/google-android-security
Cybercrime Loss Estimates Dramatically Lower
Cybercrime said to cost US $140 billion, radically less than previous estimates. Sounds more real to me as well, and TheVerge has TheStory.
"In 2009, McAfee published a study estimating that cybercrime cost the US economy as much as $1 trillion a year. Since then, the $1 trillion annual figure has been cited by various politicians and the Obama Administration as a reason to step up the nation's online defenses and its pursuit of hackers and other web criminals. On Monday, a new study underwritten by McAfee scaled that figure back dramatically. The new study, written by the Center for Strategic and International Studies (CSIS), projects that cybercrime siphons between $20 billion and $140 billion from the US each year."
I disagree with one thing though. The Obama administration wasn't pushing for the nation's online defenses because of the cost. They themselves were spending a massive amount of money and resources in cyber attacks and -knew- that the average network is open to anyone with access to 0-day exploits - as in Stuxnet and Flame. More:
http://www.theverge.com/2013/7/23/4547506/new-study-says-cybercrime-may-cost-140-billion-annually
Black Hat: Top 20 Hack-Attack Tools
The Black Hat conference going on now in Vegas is a goldmine of tips for hacking just about anything. Turn someone else’s phone into an audio/video bug. Check. Use Dropbox as a backdoor into corporate networks. Check. Suck information out of pacemakers. Check. The Black Hat conference convening in Las Vegas this week offers hacker tools for all of those plus more. Read about all the attack tools at NetworkWorld:
http://www.networkworld.com/article/2168329/malware-cybercrime/black-hat--top-20-hack-attack-tools.html
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave: The best costumes from the San Diego Comic Book Convention 2013. Worth watching twice!:
http://www.flixxy.com/comic-con-2013-one-in-a-million.htm
Did not get into Comic-Con this year? You’re not alone. The WIRED giant robot also had trouble getting in. Luckily, web-celeb iJustine was there...
http://www.wired.com/underwire/2013/07/video-ijustine-spots-giant-robot/
Tesla Motors has kicked off production of the gorgeous Model S into overdrive, cranking out some 400 cars a week on one of the world’s most advanced automotive production lines. These robots are impressive:
http://www.wired.com/autopia/2013/07/tesla-plant-video/
The OpenSky project equipped a glider with a jet engine... w00t!
http://www.youtube.com/watch?v=ITjsttPGCx8#action=share
This useless box kit at ThinkGeek really made me laugh!:
http://www.thinkgeek.com/product/ef0b/
The Exodus recumbent motorcycle, by US company Suprine, is a 130-horsepower lay-back motorbike with a roll cage and a perspex windscreen:
http://www.youtube.com/watch?feature=player_embedded&v=qEbqLJ401Dg#action=share
The iH2GO is the ultimate in fuel cell miniaturization. It brings together the world of mobility and interactivity with solar hydrogen fuel cell model cars:
http://www.youtube.com/watch?v=EiFkBPbjFTs#at=80
The World's First Solar Family Car seats four and can drive 370 miles (600 km) before needing to recharge. The thing looks weird but I guess it works:
http://www.flixxy.com/worlds-first-solar-family-car.htm
Pilot Rainer Kamitz puts the amazing 8-foot radio-controlled 'Futura' jet through its paces at an airshow in Langenau, Germany. This thing is a murder weapon!:
http://www.flixxy.com/futura-rc-turbine-jet.htm
Professor Kliq - Wire and Flashing Lights. This is a pretty cool animation:
http://vimeo.com/65902068
|
