CyberheistNews Vol 7 #38
Scam of the Week: "Fake-tortion" Phishing Attacks
OK, this is a heads-up about a new aggressive form of email attack that you need to warn your employees, friends and family about. The bad guys have beta-tested and refined it in Australia, and now the first incidents have been spotted in the US.
The sophisticated attackers are targeting potential victims in an email sequence that starts with pornography and adult dating links, which are then followed up with extortion attempts.
IT security company Forcepoint says it picked up more than 33,500 such emails in August, when the testing was happening Down Under.
The scam threatens to steal users’ privacy, sequencing emails that say, “look at this”, then “we know what you just looked at”, and demand US 320 dollars payment in Bitcoin.
The email claims that a virus was installed on a porn website which recorded the victim through their webcam. “Then my software collected all your contacts from messengers, e-mails and social networks,” it says. “If I don’t receive my Bitcoins I’ll send video with you to all your contacts.”
Carl Leonard, principal security analyst at Forcepoint, said cyber-extortion was a prevalent tactic today. While it largely takes the form of ransomware, he said data exposure threats were growing in popularity.
“Cyber-blackmailing continues to prove as an effective tactic for cybercriminals to cash out on their malicious operations,” he said. “In this case, it appears that a threat actor group originally involved in adult dating scams have expanded their operations to cyber-extortion campaigns as a result of this trend.”
Company Email Addresses Specifically Targeted
Leonard said company email addresses were specifically targeted, which would have added additional pressure to potential victims “since it implies that a recipient’s work PC was infected and may therefore taint one’s professional image”.
“It is important for users to verify claims from the internet before acting on them,” he said. “Most online attacks today require a user’s mistake before actually becoming a threat. This is something that can be mitigated by addressing the weakness of the human point.” We agree.
But Leonard said the scale of this campaign suggested the scammers were bluffing about having compromising information. "If the actors did indeed possess personal details of the recipients, it seems likely they would have included elements [such as name, address or date of birth] in more targeted threat emails in order to increase their credibility.
"This led us to believe that these are simply fake extortion emails. We ended up calling it ‘fake-tortion’.”
I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:
"There is a new, sophisticated email scam you need to watch out for. Bad guys first send emails with links to inappropriate websites to business email addresses, and then follow up with extortion threats, claiming your workstation is infected and that they "know what you just looked at", and say they will send a video to all your email contacts, because they "recorded what you were watching".
If this type of scam email makes it through the spam filters into your inbox, do not click on any links, do not reply, and delete the message (or click on the Phish Alert button). Do not download any software to check your computer for viruses, but follow procedure to report these types of criminal emails. Remember: "Think Before You Click", it is more important than ever these days.
If you are a KnowBe4 customer, inoculate your users against this. In your console, go to: Phishing->Email Templates->System Templates->Controversial->I just want to help you be more cautious. You can get a campaign out to all users in less than 2 minutes.
Let's stay safe out there.
OK, this is a heads-up about a new aggressive form of email attack that you need to warn your employees, friends and family about. The bad guys have beta-tested and refined it in Australia, and now the first incidents have been spotted in the US.
The sophisticated attackers are targeting potential victims in an email sequence that starts with pornography and adult dating links, which are then followed up with extortion attempts.
IT security company Forcepoint says it picked up more than 33,500 such emails in August, when the testing was happening Down Under.
The scam threatens to steal users’ privacy, sequencing emails that say, “look at this”, then “we know what you just looked at”, and demand US 320 dollars payment in Bitcoin.
The email claims that a virus was installed on a porn website which recorded the victim through their webcam. “Then my software collected all your contacts from messengers, e-mails and social networks,” it says. “If I don’t receive my Bitcoins I’ll send video with you to all your contacts.”
Carl Leonard, principal security analyst at Forcepoint, said cyber-extortion was a prevalent tactic today. While it largely takes the form of ransomware, he said data exposure threats were growing in popularity.
“Cyber-blackmailing continues to prove as an effective tactic for cybercriminals to cash out on their malicious operations,” he said. “In this case, it appears that a threat actor group originally involved in adult dating scams have expanded their operations to cyber-extortion campaigns as a result of this trend.”
Company Email Addresses Specifically Targeted
Leonard said company email addresses were specifically targeted, which would have added additional pressure to potential victims “since it implies that a recipient’s work PC was infected and may therefore taint one’s professional image”.
“It is important for users to verify claims from the internet before acting on them,” he said. “Most online attacks today require a user’s mistake before actually becoming a threat. This is something that can be mitigated by addressing the weakness of the human point.” We agree.
But Leonard said the scale of this campaign suggested the scammers were bluffing about having compromising information. "If the actors did indeed possess personal details of the recipients, it seems likely they would have included elements [such as name, address or date of birth] in more targeted threat emails in order to increase their credibility.
"This led us to believe that these are simply fake extortion emails. We ended up calling it ‘fake-tortion’.”
I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:
"There is a new, sophisticated email scam you need to watch out for. Bad guys first send emails with links to inappropriate websites to business email addresses, and then follow up with extortion threats, claiming your workstation is infected and that they "know what you just looked at", and say they will send a video to all your email contacts, because they "recorded what you were watching".
If this type of scam email makes it through the spam filters into your inbox, do not click on any links, do not reply, and delete the message (or click on the Phish Alert button). Do not download any software to check your computer for viruses, but follow procedure to report these types of criminal emails. Remember: "Think Before You Click", it is more important than ever these days.
If you are a KnowBe4 customer, inoculate your users against this. In your console, go to: Phishing->Email Templates->System Templates->Controversial->I just want to help you be more cautious. You can get a campaign out to all users in less than 2 minutes.
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.
You Need to See This, and You Are Not Going to Like It
You and I know that your users are the weak link, things like ID10T and PEBKAC come to mind. But do you know how bad the problem really is?
Some people like to bury their head in the sand and prefer blissful ignorance, but that gives you data breaches and suddenly interrupted careers.
However, to really manage a problem, you need to see its magnitude and potential for damage. And then you can make the case for additional IT security budget, because legally, an organization must act reasonably or do what is necessary or appropriate to protect its data.
So, for a few years we have been running our Email Exposure Check (EEC), to show you email addresses that are out there for the bad guys to find. It was a good start.
But we have strapped rockets to it, and the new EEC Pro digs down much further and shows you your actual social engineering attack surface.
The new EEC Pro crawls social media information and hundreds of breach databases for each email address of your domain. Fully automated.
The results are often scary as heck. IT pros that ran it emailed me back with: "Yikes, what do I do about this?"
We have answers to that question, but first you need to run your EEC Pro.
So, I urge you to this right now. Fill out the form, and in less than 5 minutes you get a detailed report how bad things look in PDF format and downloadable CSV. No need to talk to anyone.
You are not going to like it. But it's the start to improve things, often an eye-opening discovery, and fantastic ammo to get more budget.
What is your social engineering attack surface? GET YOUR EEC PRO REPORT NOW:
https://info.knowbe4.com/email-exposure-check-pro-chn
You and I know that your users are the weak link, things like ID10T and PEBKAC come to mind. But do you know how bad the problem really is?
Some people like to bury their head in the sand and prefer blissful ignorance, but that gives you data breaches and suddenly interrupted careers.
However, to really manage a problem, you need to see its magnitude and potential for damage. And then you can make the case for additional IT security budget, because legally, an organization must act reasonably or do what is necessary or appropriate to protect its data.
So, for a few years we have been running our Email Exposure Check (EEC), to show you email addresses that are out there for the bad guys to find. It was a good start.
But we have strapped rockets to it, and the new EEC Pro digs down much further and shows you your actual social engineering attack surface.
The new EEC Pro crawls social media information and hundreds of breach databases for each email address of your domain. Fully automated.
The results are often scary as heck. IT pros that ran it emailed me back with: "Yikes, what do I do about this?"
We have answers to that question, but first you need to run your EEC Pro.
So, I urge you to this right now. Fill out the form, and in less than 5 minutes you get a detailed report how bad things look in PDF format and downloadable CSV. No need to talk to anyone.
You are not going to like it. But it's the start to improve things, often an eye-opening discovery, and fantastic ammo to get more budget.
What is your social engineering attack surface? GET YOUR EEC PRO REPORT NOW:
https://info.knowbe4.com/email-exposure-check-pro-chn
From the Editor's Corner
OK, as a matter of policy, I do not mix business with either politics or religion. However, when Geo-politics are causing direct cybersecurity threats, you cannot deny reality either. Morgan Freeman's 2-minute message about Putin is correct.
I have been saying the same thing here for years. Please watch it from the Geo-politics perspective, *not* as my opinion on the US presidency, or as an endorsement of the InvestigateRussia site that he promotes. The data in the message is correct and illustrated with video:
https://twitter.com/RedTRaccoon/status/911582890726760449/video/1
OK, as a matter of policy, I do not mix business with either politics or religion. However, when Geo-politics are causing direct cybersecurity threats, you cannot deny reality either. Morgan Freeman's 2-minute message about Putin is correct.
I have been saying the same thing here for years. Please watch it from the Geo-politics perspective, *not* as my opinion on the US presidency, or as an endorsement of the InvestigateRussia site that he promotes. The data in the message is correct and illustrated with video:
https://twitter.com/RedTRaccoon/status/911582890726760449/video/1
Live Webinar: Your Organization Through the Eyes of an Attacker
Attackers follow a number of paths as they search for entry-points into your organization. In this webinar, we'll show you easy ways to stalk and attack your organization to improve security. This will be a practical session providing a high-level overview of the theory/practices used, and then showing you how to simulate those same tactics using both complimentary and subscription-based aspects of KnowBe4’s platform.
Join security awareness expert Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and former Gartner Research Analyst for this 30-minute webinar “Your Organization Through the Eyes of an Attacker” on
Tuesday, September 26, 2017, at 2:00 PM EDT.
Perry will cover these topics:
https://register.gotowebinar.com/register/8084556552263745539
Attackers follow a number of paths as they search for entry-points into your organization. In this webinar, we'll show you easy ways to stalk and attack your organization to improve security. This will be a practical session providing a high-level overview of the theory/practices used, and then showing you how to simulate those same tactics using both complimentary and subscription-based aspects of KnowBe4’s platform.
Join security awareness expert Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and former Gartner Research Analyst for this 30-minute webinar “Your Organization Through the Eyes of an Attacker” on
Tuesday, September 26, 2017, at 2:00 PM EDT.
Perry will cover these topics:
- Understanding the attacker's workflow
- Selecting targets and entry points
- How to create your own 'Red Team' activities using KnowBe4 as part of a penetration testing initiative and/or to promote a culture of security awareness
https://register.gotowebinar.com/register/8084556552263745539
Quotes of the Week
"Luck is what happens when preparedness meets opportunity." - Seneca, Roman philosopher
"Those that say your dreams are ridiculous have given up on theirs." - Grant Cardone
Thanks for reading CyberheistNews
"Those that say your dreams are ridiculous have given up on theirs." - Grant Cardone
Thanks for reading CyberheistNews
Security News
Running Out of Time to Meet the NIST 800-171 Deadline?
There has been a lot of buzz with current customers having to adhere to NIST 800-171. This applies if your organization has DoD contracts such as Boeing, Lockheed etc.
Your compliance with the Framework, which is protecting unclassified information, is due on December 31, 2017.
While you might not be able to actually meet that deadline, we can help you implement an action plan to begin working towards those goals and begin putting some controls in place.
Here is a new way to get audits done in half the time and half the cost.
Over the last 4 years, KnowBe4 has developed KCM, KnowBe4 Compliance Manager, a cloud-based service which consolidates your audit management and regulatory compliance tasks into simple automated workflows that prevent overlap and eliminate gaps.
See how you can get audits done in half the time at half the cost: Check out the new KCM page and request a demo:
https://www.knowbe4.com/products/compliance-manager-software
There has been a lot of buzz with current customers having to adhere to NIST 800-171. This applies if your organization has DoD contracts such as Boeing, Lockheed etc.
Your compliance with the Framework, which is protecting unclassified information, is due on December 31, 2017.
While you might not be able to actually meet that deadline, we can help you implement an action plan to begin working towards those goals and begin putting some controls in place.
Here is a new way to get audits done in half the time and half the cost.
- Are you dealing with the problem of managing (multiple) compliance requirements, but careless end-users cause all kinds of problems?
- Need to satisfy auditors that all controls are in place, but you have a lack of time and management support?
- Have to produce all the evidence regularly, but the duplication of effort and keeping track of everything in a spreadsheet or wordprocessor is a pain?
- Are regular audits for PCI, HIPAA, SOX or any other regulation taking up too much of your time?
Over the last 4 years, KnowBe4 has developed KCM, KnowBe4 Compliance Manager, a cloud-based service which consolidates your audit management and regulatory compliance tasks into simple automated workflows that prevent overlap and eliminate gaps.
See how you can get audits done in half the time at half the cost: Check out the new KCM page and request a demo:
https://www.knowbe4.com/products/compliance-manager-software
Iranian APT33 Uses Spear Phishing Promoting Top Paying Jobs in Saudi Arabia
The Iranian group known as APT33 is believed to be behind a cyberespionage campaign targeting aerospace, petrochemical and energy sector firms located in the United States, Saudi Arabia and South Korea.
The group’s latest attack leverages a dropper called DropShot that is tied to the StoneDrill wiper malware—a variant of the infamous Shamoon 2, according to a report released Wednesday by FireEye.
The malware is being distributed via spear phishing campaigns that includes advertisements for jobs at Saudi Arabian aviation companies and Western organizations, researchers said. Emails include recruitment themed lures that contain links to malicious HTML application (.hta) files, researchers said:
https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/
The Iranian group known as APT33 is believed to be behind a cyberespionage campaign targeting aerospace, petrochemical and energy sector firms located in the United States, Saudi Arabia and South Korea.
The group’s latest attack leverages a dropper called DropShot that is tied to the StoneDrill wiper malware—a variant of the infamous Shamoon 2, according to a report released Wednesday by FireEye.
The malware is being distributed via spear phishing campaigns that includes advertisements for jobs at Saudi Arabian aviation companies and Western organizations, researchers said. Emails include recruitment themed lures that contain links to malicious HTML application (.hta) files, researchers said:
https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/
What It Means to Have a Culture of Cybersecurity
Reg Harnish, at Forbes Technology Council wrote an article that is very relevant to your mission and focuses on the human side of ITsec. Excellent ammo and here is an excerpt:
Awareness Education
"Your employees are your No. 1 defense against a cyberattack. Likewise, they are also your biggest vulnerability, so the need to effectively educate, train and test them cannot be overstated. Too many companies think an annual cyber training class or stocking up on security technology will protect their organizations. This couldn't be further from the truth."
"Effective education changes behavior and true change can’t be accomplished overnight. A regularly scheduled training session should be on the books. While every job title may require specific training, the fundamentals of all training programs should include solid password practices, email and cloud security standards, safe internet browsing, proper social media behavior, and mobile device security measures.
"It should also be noted that throwing policies and procedures at employees is not enough. A proper training program teaches the “why.” Why is it important to know what a phishing email looks like? Why is enabling two-factor authentication a necessity? What is the purpose of having secure passwords and a password manager? Driving home the why will help employees understand the big picture and increase the chances of a significant behavioral change." Full article:
https://www.forbes.com/sites/forbestechcouncil/2017/09/21/what-it-means-to-have-a-culture-of-cybersecurity/2/#3fb979de68b3
Reg Harnish, at Forbes Technology Council wrote an article that is very relevant to your mission and focuses on the human side of ITsec. Excellent ammo and here is an excerpt:
Awareness Education
"Your employees are your No. 1 defense against a cyberattack. Likewise, they are also your biggest vulnerability, so the need to effectively educate, train and test them cannot be overstated. Too many companies think an annual cyber training class or stocking up on security technology will protect their organizations. This couldn't be further from the truth."
"Effective education changes behavior and true change can’t be accomplished overnight. A regularly scheduled training session should be on the books. While every job title may require specific training, the fundamentals of all training programs should include solid password practices, email and cloud security standards, safe internet browsing, proper social media behavior, and mobile device security measures.
"It should also be noted that throwing policies and procedures at employees is not enough. A proper training program teaches the “why.” Why is it important to know what a phishing email looks like? Why is enabling two-factor authentication a necessity? What is the purpose of having secure passwords and a password manager? Driving home the why will help employees understand the big picture and increase the chances of a significant behavioral change." Full article:
https://www.forbes.com/sites/forbestechcouncil/2017/09/21/what-it-means-to-have-a-culture-of-cybersecurity/2/#3fb979de68b3
10 Approaches You Can Take to Shield Yourself Against Ransomware Attacks
And another article at Forbes, where members of their Technology Council share their preferred ways to protect data and prevent becoming a ransomware victim:
https://www.forbes.com/sites/forbestechcouncil/2017/09/18/10-approaches-you-can-take-to-shield-yourself-against-ransomware-attacks/
And another article at Forbes, where members of their Technology Council share their preferred ways to protect data and prevent becoming a ransomware victim:
- Engage With Ethical Hackers to Find Your Security Vulnerabilities Before the Bad Actors Do
- Train Your Employees
- Frequently Backup and Automate Quarantining
- Practice a Least-Privilege Approach
- Always Install System Updates
- Implement a Plan for Continuous Operations
- Have a Response in Place to Handle Attacks as They Happen
- Use Software-Defined Storage With Continuous Data Protection
- Don't Be an Easy Target
- Follow These Key Steps
https://www.forbes.com/sites/forbestechcouncil/2017/09/18/10-approaches-you-can-take-to-shield-yourself-against-ransomware-attacks/
SMBs Paid 301 Million to Criminal Ransomware Hackers Last Year
Small- and medium-sized businesses (SMBs) paid ransomware hackers 301 million in 2016 to decrypt critical files—and 99% predict that these attacks will continue to rise in the next two years, according to Datto's State of the Channel Ransomware Report, released Thursday.
Some 97% of the 1,700 managed service providers (MSPs) surveyed reported that ransomware is becoming more and more frequent for their SMB partners. About 5% of all SMBs fell victim to a ransomware attack in the past year, the report found. And most of the financial strain caused by these attacks is not due to the ransom itself, but the resulting downtime and data loss.
"No single defense solution is guaranteed to prevent a ransomware attack," said Dale Shulmistra, president of Invenio IT, in the press release. "The most effective means for business protection from ransomware is a backup and disaster recovery (BDR) solution, followed by cybersecurity training."
http://www.techrepublic.com/article/report-smbs-paid-301m-to-ransomware-hackers-last-year/
Small- and medium-sized businesses (SMBs) paid ransomware hackers 301 million in 2016 to decrypt critical files—and 99% predict that these attacks will continue to rise in the next two years, according to Datto's State of the Channel Ransomware Report, released Thursday.
Some 97% of the 1,700 managed service providers (MSPs) surveyed reported that ransomware is becoming more and more frequent for their SMB partners. About 5% of all SMBs fell victim to a ransomware attack in the past year, the report found. And most of the financial strain caused by these attacks is not due to the ransom itself, but the resulting downtime and data loss.
"No single defense solution is guaranteed to prevent a ransomware attack," said Dale Shulmistra, president of Invenio IT, in the press release. "The most effective means for business protection from ransomware is a backup and disaster recovery (BDR) solution, followed by cybersecurity training."
http://www.techrepublic.com/article/report-smbs-paid-301m-to-ransomware-hackers-last-year/
Increased Awareness Is the Best Cure for Health Care Security Risks
So how can health care organizations defend their networks and devices against cyberattacks? Regulations and policies can put a dent in security efforts, but the true cure for health care insecurity is increased awareness.
All employees from the top down need to be educated about health care security risks as they relate to the medical services they provide. This requires proper investment in terms of both knowledge and technology.
Excellent article and great budget ammo at SecurityIntelligence:
https://securityintelligence.com/increased-awareness-is-the-best-cure-for-health-care-security-risks/
So how can health care organizations defend their networks and devices against cyberattacks? Regulations and policies can put a dent in security efforts, but the true cure for health care insecurity is increased awareness.
All employees from the top down need to be educated about health care security risks as they relate to the medical services they provide. This requires proper investment in terms of both knowledge and technology.
Excellent article and great budget ammo at SecurityIntelligence:
https://securityintelligence.com/increased-awareness-is-the-best-cure-for-health-care-security-risks/
Report: Phishing Attacks on the Rise, Executives and IT Workers Most Likely to Fall Victim
Phishing attacks are on the rise, and employees at all levels of the enterprise are falling victim, according to Intermedia's 2017 Data Vulnerability Report, released on Wednesday.
Entry-level employees—commonly blamed for cyber breaches—are not the only ones at fault, the report found: 34% of executives/owners and 25% of IT workers themselves report being victims of a phishing email, more often than any group of office workers.
In response, companies are increasingly offering cybersecurity trainings to employees: 70% of office workers surveyed said that their organization regularly communicates with employees about cyber threats as a means of prevention, according to the report.
These trainings appear to be working, as 86% of office workers said that they feel confident in their ability to detect phishing emails. However, 21% of employees report that they fell victim to one of these email attacks. Gen X employees (23%) as well as Baby Boomer employees (23%) were more likely to say they had faced a phishing attack than millennial workers (17%).
More at TechRepublic:
http://www.techrepublic.com/article/report-phishing-attacks-on-the-rise-executives-and-it-workers-most-likely-to-fall-victim/
Phishing attacks are on the rise, and employees at all levels of the enterprise are falling victim, according to Intermedia's 2017 Data Vulnerability Report, released on Wednesday.
Entry-level employees—commonly blamed for cyber breaches—are not the only ones at fault, the report found: 34% of executives/owners and 25% of IT workers themselves report being victims of a phishing email, more often than any group of office workers.
In response, companies are increasingly offering cybersecurity trainings to employees: 70% of office workers surveyed said that their organization regularly communicates with employees about cyber threats as a means of prevention, according to the report.
These trainings appear to be working, as 86% of office workers said that they feel confident in their ability to detect phishing emails. However, 21% of employees report that they fell victim to one of these email attacks. Gen X employees (23%) as well as Baby Boomer employees (23%) were more likely to say they had faced a phishing attack than millennial workers (17%).
More at TechRepublic:
http://www.techrepublic.com/article/report-phishing-attacks-on-the-rise-executives-and-it-workers-most-likely-to-fall-victim/
Interesting News Items This Week
Equifax or Equiphish? In yet another security stumble, Equifax appears to be training recipients to fall for phishing scams:
https://krebsonsecurity.com/2017/09/equifax-or-equiphish/
Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs:
http://www.hackbusters.com/news/stories/1985561-google-experiment-tests-top-5-browsers-finds-safari-riddled-with-security-bugs
FTP use is way down but still represents an insecure threat:
http://securityaffairs.co/wordpress/63119/security/chrome-ftp-unsecure.html
When it Comes to Phishing the Best Defense is Education:
https://www.thesslstore.com/blog/comes-phishing-best-defense-education/
Threat Report Says 1 in 50 iOS Apps Could Leak Data:
http://go.zimperium.com/threat_report_q2_2017
Here’s a nice collection of infographics and stats for the security industry. The web site CBTS has grabbed these and gives attribution at the bottom:
http://info.cbts.net/hs-fs/hubfs/NaaS/Cincinnati-Bell-Network-as-a-Service.png?t=1505753035795&width=1000&name=Cincinnati-Bell-Network-as-a-Service.png
1.9 Billion Data Records Exposed in First Half of 2017:
http://www.hackbusters.com/news/stories/1977926-1-9-billion-data-records-exposed-in-first-half-of-2017
ISPs May Be Helping Hackers to Infect you with FinFisher Spyware:
http://www.hackbusters.com/news/stories/1982207-isps-may-be-helping-hackers-to-infect-you-with-finfisher-spyware
The ISO has decided not to approve two NSA-designed block encryption algorithms:
https://www.schneier.com/blog/archives/2017/09/iso_rejects_nsa.html
Equifax or Equiphish? In yet another security stumble, Equifax appears to be training recipients to fall for phishing scams:
https://krebsonsecurity.com/2017/09/equifax-or-equiphish/
Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs:
http://www.hackbusters.com/news/stories/1985561-google-experiment-tests-top-5-browsers-finds-safari-riddled-with-security-bugs
FTP use is way down but still represents an insecure threat:
http://securityaffairs.co/wordpress/63119/security/chrome-ftp-unsecure.html
When it Comes to Phishing the Best Defense is Education:
https://www.thesslstore.com/blog/comes-phishing-best-defense-education/
Threat Report Says 1 in 50 iOS Apps Could Leak Data:
http://go.zimperium.com/threat_report_q2_2017
Here’s a nice collection of infographics and stats for the security industry. The web site CBTS has grabbed these and gives attribution at the bottom:
http://info.cbts.net/hs-fs/hubfs/NaaS/Cincinnati-Bell-Network-as-a-Service.png?t=1505753035795&width=1000&name=Cincinnati-Bell-Network-as-a-Service.png
1.9 Billion Data Records Exposed in First Half of 2017:
http://www.hackbusters.com/news/stories/1977926-1-9-billion-data-records-exposed-in-first-half-of-2017
ISPs May Be Helping Hackers to Infect you with FinFisher Spyware:
http://www.hackbusters.com/news/stories/1982207-isps-may-be-helping-hackers-to-infect-you-with-finfisher-spyware
The ISO has decided not to approve two NSA-designed block encryption algorithms:
https://www.schneier.com/blog/archives/2017/09/iso_rejects_nsa.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Best Of The Week. Awesome people doing gymnastics, mountain biking, freerunning, martial arts, dancing, skating, hoola-hoop, skateboarding, and more:
http://www.flixxy.com/people-are-awesome-best-of-the-week-35.htm?utm_source=4
- Billionaire Paul Allen’s Stratolaunch space venture fires up its engines – all six of ’em:
https://www.geekwire.com/2017/billionaire-paul-allens-stratolaunch-space-venture-fires-engines-six-em/
- Tesla Model S P100D crushes all competition in Motor Trend’s “World Greatest Drag Race”:
https://electrek.co/2017/09/21/tesla-model-s-p100d-crushes-all-competition-in-motor-trends-world-greatest-drag-race/
- This artificial soft muscle weighs 13 grams but carries a kilo!:
https://m.youtube.com/watch?v=1J47difr3oo
- Want a robot to walk like you? Don't expect it to look human. Great short video at WIRED:
https://www.wired.com/story/want-a-robot-to-walk-like-you-dont-expect-it-to-look-human/
- It's a bird. It's a plane. It's robo bird!
https://twitter.com/evankirstel/status/911246262153940994/video/1
- A Hacker's Magic Trick:
https://www.youtube.com/watch?v=p1Ovttle_3M
- A short history of the exploit kit. This is a worthwhile 5-minute read!:
https://medium.com/threat-intel/exploit-kits-cybersecurity-3ca6aa283b52
- The 14 most badass motorcycles from science fiction movies:
https://www.digitaltrends.com/cars/badass-motorcycles-from-science-fiction-movies/ - From the archives: Japanese synchronized precision walking, performed by students of the Nippon Sports Science University:
http://www.flixxy.com/precision-walking-in-japan.htm?utm_source=4