A few issues ago, I made a joke about being too ugly to make Youtube videos. Well, I made one! Screen recording only so you’re spared from my ugly mug.
A group of researchers released their findings of a novel way to exploit VirusTotal to collect stolen user credentials. I read their report, read it again, and still don’t exactly understand what they did to get the data. BUT, I do know that we shouldn’t throw the baby away with the bathwater. VirusTotal is a fantastic tool that provides us a quick, easy, and free, way to keep safe from bad things on the Internet.
So I made a video showing what VT is and how you can use it. (*VT is no substitute for common sense and discernment.)
I sacrificed
Proofpoint and the Ponemon Institute teamed up to publish the “2022 Cost of Insider Threats Global Report”. It’s a really well written report filled with pertinent information and some appealing graphics. Proofpoint required a registration to get the report URL. I donated my information and will field the sales call so you can read the report in peace. https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-the-cost-of-insider-threats-ponemon-report.pdf
It’s that time again
Yes, it is tax season which means a tax related scam will be hitting your email inbox soon. Not a big deal for the readers of this newsletter who know better, but dangerous for everyone else. Dangerous? Yes. It always amazing me how many people actually fall for tax themed phishing emails. I guess that’s why the bad guys keep using them. https://nakedsecurity.sophos.com/2022/01/25/tax-scam-emails-are-alive-and-well-as-us-tax-season-starts/
To much to digest
I’m going to devote some more time to this one and I hope to write more on it later. It’s a lot of data to digest. F-Secure conducted a large-scale email phishing study, seeking to explore why phishing continues to be the paramount access method of malicious cyber actors. 82,402 individuals from four organizations participated in the study. https://www.f-secure.com/content/dam/press/en/media-library/reports/to-click-or-not-to-click.pdf
They forecast more fraud
In another forecast, that didn’t require me giving up a phone number and email address, KPMG released their “2022 KPMG Fraud Outlook” report. They introduced their “KPMG Threat Loop” which describes the interrelatedness of “cyber, compliance, and fraud”. Is it accurate? Does it make sense? It doesn’t matter, it’s buzz worthy! Awesome, another term for Zoom call buzzword bingo. https://assets.kpmg/content/dam/kpmg/xx/pdf/2022/01/fraud-survey.pdf
The rest…
Woman plants Apple air-tag into her belongings and catches moving company in a big lie. https://www.washingtonpost.com/technology/2022/01/24/apple-airtag-helped-woman-catch-movers-lie/
Two-factor authentication app available on the Google Play store came with a secret add-on - a banking trojan. And ten-thousand devices found out. https://arstechnica.com/information-technology/2022/01/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan/
NFT’s - a “huge mess of theft and fraud”. Who would have thunk? https://www.theguardian.com/global/2022/jan/29/huge-mess-of-theft-artists-sound-alarm-theft-nfts-proliferates
Cool Tools
Know everything about anywhere: http://betterknowyourarea.com/
Remove the background from an image: https://www.remove.bg/
Cool Job
“Focus is repeatedly saying no to almost everything” - someone better at saying NO than me.
Irrelevant
Watch Seinfeld online - 24/7 - for free.
Registration is open for the 2022 Keystone Konnection Training Conference which is the annual event that brings together the Delaware Valley and Pittsburgh chapters of the IAFCI. The agenda is still under construction but it’s sure to be a great time of training and networking.
Don’t let the name dissuade you from attending :)
Homophones are hard
Weald - A heavily wooded area. A wild or uncultivated area.
Wheeled - being equipped with wheels
Thank You for opening this weeks email. Please consider sharing with your colleagues to help us grow. See you next Tuesday.
Matt
Bonus geeky long read
Long-read you should definitely take the time to read: https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/