Last week's announcement of the “Incidentals” series drew some questions from regular readers concerned over the phrase “Subscriber exclusive content”.
I have no intention of transitioning the newsletter to a paid subscription service and all posts, including the Incidentals will remain free to all subscribers. A LOT of readers just browse to the Substack site each week to read the issue rather than hitting the subscribe button. My effort is to find a way to deliver unique content to only the subscribers in an effort to induce non-subscribers to join.
Donations are not accepted, nor is there a Patreon page, nor a Buy-Me-A-Coffee account. The Tw/oB newsletter is a creative outlet and is not intended to make money. I have never served an ad or accepted a fee for product placement, and I intend to keep it that way. I do have a Buy-Me-A-Beer account and you can pay up at the lobby bar of the next conference!
And now some things that matter:
The Federal Financial Institutions Examinations Council (FFIEC) released an updated “Cybersecurity Resource Guide for Financial Institutions”. The document is designed to assist FI’s meet cybersecurity control objectives and preparing for cyber incidents. My apologies for just getting to this fantastic resource that was released in September.
https://www.ffiec.gov/press/pdf/FFIECCybersecurityResourceGuide2022ApprovedRev.pdf
I maintain a curated tools page that will assist you with investigations. Keep it pinned to your bookmark bar for quick access.
https://start.me/p/jjo29z/matt-s-osint-page
Preying on Fear
Many seniors are only financially solvent because of their monthly social security check and treat those payments like their lives depend on it. Because they do! Inky reports on an uptick in phishing attacks designed to prey on senior citizens and exploit their fear of the current economic downturn. The article documents the effort threat actors put into crafting the subject line of the email - literally the bait to get the target to open the email. https://www.inky.com/en/blog/fresh-phish-a-new-social-security-phishing-scam-preys-upon-our-biggest-worries
They fell for the first scam
The FBI issued a public service announcement through the Internet Crime Complaint Center (IC3) warning college debtors that scammers are now targeting their efforts to get relief from the first fraud. The FBI warns of the potential for “fraudulent websites, e-mails, texts, or phone scams aiming to defraud individuals seeking federal student loan forgiveness” as part of the 2022 Student Loan Debt Relief Plan. https://www.ic3.gov/Media/Y2022/PSA221018
Who would hire her
The fact that this New Jersey woman was arrested for stealing “tens-of-thousands” of dollars from her employer isn’t even the bad part of the story. In 2009, this gem claimed she and her daughter had been kidnapped when they were actually traveling to the Walt Disney World Resort in Orlando, Florida. She called 911, claimed a car driven by two Black men rear-ended her and the men stuffed her and her daughter in the car's trunk, from where she was making her call for help. She was eventually located in Florida at the Disney resort. Sweeten served nine months in prison for the hoax and related financial frauds. Yes, everyone deserves a second chance. BUT who hires this woman and gives her unfettered control of the checkbook? https://www.pennlive.com/nation-world/2022/10/woman-who-faked-kidnapping-went-to-disney-faces-new-fraud-charges.html
DDOS is the modern shakedown
During the peak of the mafia era, most new business owners and shopkeepers would get a visit from the local family henchman who would say something like “Nice shop you have here. It would be a shame if you had a fire.” To which the shop owner would incredulously ask “why would we have a fire?”. The strongman would pointedly suggest “Funny things happen around here, but my friends offer fire insurance to make sure a fire doesn’t happen”. The naive shopkeeper would quickly get the message and end up paying for “fire insurance” each week.
Those controlling DDOS botnets are no different than the gangsters of the early 20th century. “Nice e-commerce site you have here. Sure would be a shame if it went down on Black Friday”.
Security Boulevard does a nice job documenting DDOS threat landscape with a monthly report: https://securityboulevard.com/2022/10/the-global-ddos-threat-landscape-october-2022/
Mandatory Reading
If you only have time to read only thing this week - read this.
https://www.propublica.org/article/fbi-ransomware-hunting-team-cybercrime
The Rest…
Time to update your iPhone (again). https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-used-in-attacks-against-iphones-ipads/
Former congressional candidate sentenced to prison for Covid-19 relief fraud. https://www.justice.gov/opa/pr/former-congressional-candidate-sentenced-wire-fraud-and-falsification-records
Nearly half of San Franciscans have been the victim of a theft. https://sfstandard.com/criminal-justice/nearly-half-of-san-franciscans-have-been-victims-of-theft-new-poll-says/
Digital Shadows Q3 ransomware report. It’s not getting better. https://www.digitalshadows.com/blog-and-research/ransomware-in-q3-2022/
Cool Job
Security Director - Live Nation Entertainment https://livenation.wd1.myworkdayjobs.com/LNExternalSite/job/Philadelphia-PA-USA/LN-Concerts--Security-Director---Venue-Nation_JR-53138
Cool Tool
Convert, crop or resize an image right from the browser. https://image.pagenflow.com
SWIFT code finder - https://www.theswiftcodes.com/
I’m seriously considering a reMarkable Tablet and would like to hear from anyone who has experience using one.
Thank You for opening this weeks email and reading Issue 101. There is an immense demand for your attention and I appreciate you allocated me a bit of it. Please consider sharing the newsletter with a colleague.
Matt
“STOP SHRINKING TO FIT PLACES YOU’VE OUTGROWN.”