CyberheistNews Vol 4, 46
Editor's Corner
Scam Of The Week: Black Friday Coupon Alert
I suggest you send this reminder to your users. Feel free to change: "It's the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode. Black Friday and Cyber Monday are the busiest on-line shopping days and they are out to get rich with your money. So what to look out for?
- At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don't fall for it. Make sure the offers are from a legitimate company.
- Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don't enter anything. Think Before You Click!
- There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a "wrong transaction" and wants you to "click for refund" but instead, your device will be infected with malware.
So, especially now, the price of freedom is constant alertness and willingness to fight back. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly "off". If you think you might have been scammed, stay calm and call your credit card company, nix that card and get a new one. Happy Holidays!"
Are You Reading CyberheistNews On A Mobile Device?
People keep on telling us that we should optimize CyberheistNews for mobile, because supposedly almost half of newsletter subscribers read their email on a mobile device. So, we decided to ask YOU!
We're working on a format that should be easy to read on your iPhone, Android device or any tablet and still also look good on normal email too. We'd like to know if you would like it in a new mobile-optimized format.
This is a 30-second quick poll at SurveyMonkey. Let us know? Thanks in advance! https://www.surveymonkey.com/s/CHNlovehate
Quotes of the Week
"Your life does not get better by chance, it gets better by change." - Jim Rohn "No act of kindness, no matter how small, is ever wasted." - Aesop, (620 - 560 BC) Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe, you can do that right here
|
PCI DSS 3.0 Compliant in Half the Time at Half the Cost
It's time to get and stay PCI DSS 3.0 compliant.
Now that the new 3.0 standard goes into effect, it's a great time to start using a new tool that will save you half the time and half the cost of becoming compliant: KnowBe4 Compliance Manager 2015.
It comes with a pre-made PCI DSS 3.0 template that you can immediately use to get compliant and maintain compliance in a business-as-usual process.
Escape from Excel-hell!
Most organizations track PCI compliance using spreadsheets, MS-Word, or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Get and stay PCI DSS 3.0 compliant in half the time and at half the cost with KnowBe4 Compliance Manager™.
Get a short, live web-demo, and we will show you how easy and affordable this is! http://info.knowbe4.com/_kcm_pci_30-14-11-18
New Flavor of Ransomware Is More User Friendly
It's been more than a year since the first vicious ransomware reared its ugly head. Turns out this was a hugely successful criminal business model, and more than 10 competing copycats soon followed. Here is a whitepaper that gives you the short history of ransomware. http://info.knowbe4.com/whitepaper-ransomware-history
Some were more professionally implemented than others, but most of them use strong cryptography to grab data files from drive C and follows up with all mapped drives in alphabetical order. The latest strain has a new trick up its sleeve: it allows victims to decrypt one of the encrypted files for free, and starts out cheaper than the rest. It's "only" 200 bucks instead of 500.
The critter is called CoinVault (not to be confused with the legitimate online coin exchange service) and even has a snazzy logo. The malware authors tried to make the process as simple as possible for the victim. They must have found out that the average small business does not know what Bitcoins are, and how to get them. They went as far as adding a user-friendly button for copying the bitcoin wallet address and included a 24-hour countdown timer that lets you know how much time you have to pay the ransom until it doubles. Jeez, thanks!
Tyler Moffitt over at Webroot blogged about it and said it uses similar technology as CryptoLocker / CryptoWall, it deletes the Windows built-in Volume Snapshot Service, and uses Bitcoin for payment. The algorithm used for locking up the data is the AES-256, a more rudimentary symmetric one compared to what other cryptomalware families rely on; however, this does not make CoinVault any less dangerous.
Moffitt said: "What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I've seen which actually gives you a free decrypt. It will let you pick any single file that you need after encryption and will decrypt it for you."
"This is a really interesting feature and it gives a good insight into what the actual decryption routine is like if you find yourself actually having to pay them," Moffitt said. "I suspect that this freebie will increase the number of people who will pay."
Yeah, definitely more "user-friendly" but still a significant threat to your data if your backups are old or fail during restore.
You really need to get all your employees stepped through effective security awareness training, because these ransomware infections usually are caused by phishing attacks. Find out how affordable this is for your organization. Click here and we will email you a quote: http://info.knowbe4.com/dont-get-hit-with-ransomware?
Feds Use 'Stingrays' In Planes To Spy On Our Phone Calls
The Wall Street Journal broke the story a few days ago. The same technology that nabbed my business partner Kevin Mitnick mid-nineties is now used on most citizens in America. He commented via Twitter: "WTF? U.S. Marshals using airplanes with cellular radio spoofers to capture everyone's cellphone data. Don't worry, you can trust us." Yeah, right.
WIRED magazine had an editorial on it, and they were not amused to put it mildly. This is pretty worrisome indeed. The song comes to mind: "How long has this been going on?" and it seems it's been several years, at least since 2008. Read the WIRED article and shiver, since this kind of technology is now used by the Feds, but as we all know, when the genie is out of the bottle, a few years from now the bad guys will have this too. Yikes: http://www.wired.com/2014/11/feds-motherfng-stingrays-motherfng-planes/
The Terrifying Deals Between Silicon Valley And The Security State
The Salon site has a new article that goes into the deals Silicon Valley makes with the NSA. Here are a few paragraphs and I recommend you go down the rabbit hole and read the whole article. This is beyond scary:
"The NSA helps the companies find weaknesses in their products. But it also pays the companies not to fix some of them. Those weak spots give the agency an entry point for spying or attacking foreign governments that install the products in their intelligence agencies, their militaries, and their critical infrastructure.
Microsoft, for instance, shares zero day vulnerabilities in its products with the NSA before releasing a public alert or a software patch, according to the company and U.S. officials. Cisco, one of the world’s top network equipment makers, leaves backdoors in its routers so they can be monitored by U.S. agencies, according to a cyber security professional who trains NSA employees in defensive techniques.
And McAfee, the Internet security company, provides the NSA, the CIA, and the FBI with network traffic flows, analysis of malware, and information about hacking trends. "Companies that promise to disclose holes in their products only to the spy agencies are paid for their silence, say experts and officials who are familiar with the arrangements. More at Salon: http://www.salon.com/2014/11/16/googles_secret_nsa_alliance_the_terrifying_deals_between_silicon_valley_and_the_security_state/
It's an extract out of a book that I just bought at Amazon but have not started reading yet: @War: The Rise of the Military-Internet Complex. This, from the back cover: "A surprising, page-turning account of how the wars of the future are already being fought today. The United States military currently views cyberspace as the “fifth domain” of warfare (alongside land, air, sea, and space), and the Department of Defense, the National Security Agency, and the CIA all field teams of hackers who can, and do, launch computer virus strikes against enemy targets.
As recent revelations have shown, government agencies are joining with tech giants like Google and Facebook to collect vast amounts of information. The military has also formed a new alliance with tech and finance companies to patrol cyberspace. http://www.amazon.com/War-Rise-Military-Internet-Complex-ebook/dp/B00HP6T7V0/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
SUPER FAVE: OK, this takes the cake. 15 Big Magic Tricks In 5 Minutes. It's a world record in Stage Magic. And then he gives a bonus trick. WOW: https://www.youtube.com/embed/BCJhRfwylSI?feature=player_detailpage
Swiss Rocket Man Francois Gissy straps a rocket to a bicycle and reaches 333 km/h (207 mph) in 4.7 seconds, breaking his own previous world record. Even a Ferrari Scuderia can't keep up with it. The first minute is fun to watch! http://www.flixxy.com/rocket-powered-bicycle-world-record-0-207-mph-in-5-seconds.htm?utm_source=4
Martial-arts master Genki Sudo and his band 'World Order' present us with their amazing slow-mo choreography tour through London. These guys are really good: http://www.flixxy.com/slow-mo-choreography-tour-through-london.htm?utm_source=4
Restore Your Faith In Humanity In 4 Minutes. The world can sometimes be a cruel place. Here is to the kind-hearted: http://www.flixxy.com/restore-your-faith-in-humanity-in-4-minutes.htm?utm_source=4
See what a Boeing 757 can do when it is not loaded with cargo and 250 passengers: http://www.flixxy.com/boeing-757-low-fast-pass-and-steep-climb.htm?utm_source=4
Microsoft Tech Support Scammer Artfully Exposed on Video. This is pretty funny - it's 10 minutes, so great for a quick break. Also instructive for end users and family that you might want to warn about these scams: http://youtu.be/sz0cEo2h3f8
Watch This South Korean Robot Fly A Plane. No, really: http://youtu.be/8gnjh8uOAIs
Talking about robots, this 330 pound monster can balance on one leg: https://m.youtube.com/watch?v=UH0k2hFHzyc
Into Marketing a bit? Here are 40 brand logos with hidden messages: http://blog.hubspot.com/marketing/hidden-messages-in-famous-logos-infographic?
Motoped Survival: Black Ops edition – a fully functional zombie hunting moped. I want one! http://www.gizmag.com/motoped-pro-cruzer-survival-black-ops-moped/34730/
When her husband asks this young woman for a divorce, she has just one simple request, one that could change their future. Quite beautiful: http://www.flixxy.com/when-this-man-asked-for-divorce-his-wife-had-one-final-request.htm?utm_source=4
Classic: Zaouli de Manfla - Mask Dance of the Ivory Coast. James Brown and Michael Jackson don't even come close to this guy's dancing: http://www.flixxy.com/zaouli-de-manfla-mask-dance-of-the-ivory-coast.htm?utm_source=4
Out of the archives: the 5-wheel Caddilac. Pretty nifty actually: http://www.flixxy.com/five-wheeled-cadillac-1950.htm?utm_source=4
|