by Carceron | Feb 10, 2022 | Techminutes
There is a new phishing campaign to keep a watchful eye on according to email security firm INKY. It’s a particularly fiendish one. The attackers have designed an email template that does an admirable job of imitating the look and feel of emails sent from the US Department of Labor. These are being sent out to recipients asking them to submit bids for an ongoing DOL project with the specifics of the project varying from one email to the next. The emails are professionally and meticulously arranged. Thanks to some clever spoofing they appear to come from an actual Department of Labor server. Naturally they do not come from the DOL, and there are no ongoing projects that require the Department of Labor to blindly spam out emails seeking bids. Nonetheless, an unwary recipient could easily be taken in by the scam and click the “Bid” button embedded in the email. That button is of course masking a malicious link which will take the email recipient to one of the phishing sites controlled by the scammers. Like the emails themselves, these spoofed sites look completely legitimate. A comparison of the HTML and CSS on the scam sites with the actual Department of Labor reveals that they have identical code behind them which is clear evidence that the scammers scraped those sites and used the code to create their own copies. What’s different is the fact that the scam site includes a pop-up message that is there seemingly to guide the email recipient through the bidding process. What it’s really doing is moving the potential victim closer to giving up...
by Carceron | Feb 8, 2022 | Techminutes
Cisco recently discovered a critical security flaw in their Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS. The vulnerability allowed an attacker to execute code arbitrarily and gain root-level access on any device suffering from the vulnerability which is being tracked as CVE-2022-20649. The good news is that Cisco responded with blistering speed and this issue has already been patched. Based on the best intelligence currently available, there were no examples of this exploit having been used ‘in the wild’ so the company was able to catch and correct it before hackers got wind of it and started taking advantage of the flaw. The company explained how the flaw could be used in a recent blog post, which read in part as follows: “A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.” They still could so if your company uses Cisco RCM for StarOS 21.25.3 or below you’ll want to grab the 21.25.4 version at your earliest opportunity. Kudos to Cisco for their rapid response here. It’s still early in the year so we’re bound to see several other issues like this but when they occur if every company responds the way Cisco did here it stands to be a good year indeed. Of course, that’s unlikely to happen but...
by Carceron | Feb 7, 2022 | Techminutes
The WP HTML Mail plugin has been installed on more than 20,000 websites. If you’ve built a WordPress site for your business and you use that plugin, be aware that you are at risk. A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site’s registered users. The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others. The plugin isn’t as wildly popular as many others and doesn’t boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye. The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021). As of now the plugin’s developer has released a patch that addresses the issue. If you use the plugin check your version number. If you’re using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site. The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site. Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that. Here’s...
by Carceron | Feb 6, 2022 | Techminutes
When Apple first released iOS 15 they posted a promise on their website. That promise was: “If you’re using iOS or iPadOS 14.5 or later, you might now see the option to choose between two software update versions. This option allows you to choose between updating to the latest version of iOS or iPadOS 15 as soon as it’s released, or continuing on iOS or iPadOS 14 while still getting important security updates for a period of time.” Although the promise specifically states “for a period of time” many users assumed it would be forever or at least indefinitely. It isn’t and Apple just pulled the plug on iOS 14 support. There won’t be any more. In some ways that’s disappointing but it’s not really a surprise. It is disappointing because most companies continue offering support to older products for a full year at least and in Apple’s case it hasn’t been that long. On the other hand, it is not surprising because it’s clear that Apple really wants people to upgrade to iOS 15. If it gets a little too heavy-handed to make that happen the company has now demonstrated a willingness to do so. Unfortunately, based on Apple’s own statistics fully 30 percent of their user base is running iOS 14. That means by pulling the plug they’re essentially leaving about a third of their user base to fend for themselves in terms of security updates they’re no longer getting. Yes this will provide a powerful incentive for them to upgrade but given Apple’s reputation, that seems a bit out of character. At the root the issue...
by Carceron | Feb 5, 2022 | Techminutes
Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web. Have you ever wondered which agencies, companies or brands are the most imitated by these attackers? Whether you have or not it should come as no surprise that someone is tracking that. Security firm Checkpoint is tracking it to be precise. Quite often Microsoft tops the list but this year they’ve been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping. Here is the list of the top ten for this year from their report: DHL (impersonated in 23 percent of all phishing attacks, globally) Microsoft (20 percent) WhatsApp (11 percent) Google (10 percent) LinkedIn (8 percent) Amazon (4 percent) FedEx (3 percent) Roblox (3 percent) Paypal (2 percent) Apple (2 percent) The specific lure used in each of these cases varies wildly. For instance, when a scammer spoofs a shipping company the email is typically some variation of “we’re trying to deliver a package to you but are having problems, press this button for more information.” While PayPal scams typically go the route of “Your account has been temporarily suspended. Please click here to verify your information.” Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of “click here to claim your free Chromebook.” Now that you are armed with a list of the most often imitated...
(770) 424-3393
Atlanta, GA 