I don’t like fictional content. I don’t read it and I don’t invest my time watching it, SpongeBob and the original Bourne series aside.
Even with my dislike for fantasy, it’s no small feat that I had never watched “It’s a Wonderful Life”. Somehow I managed to avoid this supposed required viewing while growing up and decided against it once I was old enough to make my own decisions.
This week, I sat down and watched the 75 year-old movie. It’s good. So good, in fact, that it left me sorrowful that our content Overlords no longer make such wholesome, and hopeful, television shows and movies.
It also left me disappointed in myself. Maybe I should make some time in my life for fiction.
Keeping with the theme of disappointment. Oh Lastpass, why doth ye fail thee?
Lastpass finally released a full disclosure (maybe) mea culpa acknowledging that bad guys do have our password vaults. I’ve read varying interpretations on what that means and it seems to depend on the strength of your vault password. Mine was strong, but I still spent about 2 hours changing all of my passwords. You probably should too.
No Artificial Intelligence here
I have never used any form of artificial intelligence to assist in writing this newsletter. Each week, every word, sentence, and paragraph, is painfully typed out by yours truly. So really, there is no regular intelligence here either. Anyways, as artificial intelligence and AI software authoring services like ChatGPT become more popular, you’ll be seeing more computer generating content. Will you be able to tell the difference? This MIT article explores the problems AI generated text pose and how researchers are working to differentiate it from human authored text. Clearly, there will never be confusion here at Tw/oB. https://www.technologyreview.com/2022/12/19/1065596/how-to-spot-ai-generated-text/?mc_cid=6fc6b1a96f
Serving up fraud
The FBI issued a released concerning criminals purchasing ads with search engines to promote their fraudulent schemes. Those using search engines to find services or software are being served ads that lead to fictitious websites appearing to be those of the legitimate services being sought. The identified sites are being used to steal log-in credentials, serve up malware, and facilitate cryptocurrency scams. https://www.ic3.gov/Media/Y2022/PSA221221
Get some Threat Intel
Recorded Future released their 2022 Adversary Infrastructure Report and it is required reading for anyone that values threat intelligence to secure their networks. As expected, Cobalt Strike dominates the scene. It’s notable that some much malware and command and control (C2) infrastructure is hosted on American based servers by American companies. https://www.recordedfuture.com/2022-adversary-infrastructure-report?mc_cid=6fc6b1a96f
Cloud security…Please
McGraw Hill, one of the largest educational publishers in the United States, left two Amazon S3 databases exposed and leaked 22 TB’s of data. Twenty-Two TERA-BYTES. Researchers believe over 100,000 students could be exposed to attacks based on the information lost from these leaky buckets. Anyone who acquired the data now has the names, emails, student-ID’s, grades, course schedule, ect… of students from American universities such as Michigan, Johns Hopkins, Illinois, and UCLA. The cloud was supposed to be the answer! https://www.hackread.com/american-online-ed-platform-22tb-data-leak/
The FCC files a warranty claim
Remember those robocalls you received last summer selling extended warranties on your vehicles? The Federal Communication Commission (FCC) does and they just proposed a 300 million dollar fine against the company that unleashed the campaign on us. The FCC claims the company made 77 million calls per day over a three month period. https://www.autoblog.com/2022/12/24/car-warranty-robocall-fcc-investigation-fine/?guccounter=1
The Rest…
Identity Theft broken down by age group. https://www.forbes.com/advisor/personal-finance/identity-theft-by-age-group/
Man steals over $86,000 from Ronald McDonald house charities through a fake check scam. https://news.yahoo.com/man-accused-stealing-thousands-ronald-041704956.html
Couple claim they have been scammed out of $100,000 dollars. Yes, gift cards. https://www.pennlive.com/news/2022/12/two-people-say-theyve-been-scammed-out-of-more-than-100k-police.html
Cool Job
Go some place warm - Financial Crime Investigator, State of Florida. https://jobs.myflorida.com/job/TAMPA-FINANCIAL-CRIME-INVESTIGATOR-I-43061941-FL-33637/970137600/
Cool Tool
Virus Total cheat sheet. https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html
Keep up on the latest phish sites. https://phishtank.com/
Irrelevant
Why do bees die after they sting you? https://www.subanima.org/bees/
Super long read for those of us that geek out over data
Cloudflare 2022 Year-In-Review https://blog.cloudflare.com/radar-2022-year-in-review/
Thank You for being a Threats Without Borders reader and helping the newsletter have a great 2022. Please consider sharing so we can grow even more in 2023.
Happy New Year and here’s to a new year doing the same old habits!
Matt
“IF YOU HAVE SOMETHING GOOD TO SAY ABOUT SOMEONE, SAY IT. THEY MIGHT NEED IT” - someone who needs it.