XSolutions On Security vol 6

XSolutions scours the internet and brings you the cybersecurity news you need to know to protect your business.

Our mission: “Deliver true Managed IT Services by putting people first. Because, there is no time, for downtime.”

If It Can Happen To The FBI–It Can Happen To You

On November 14, 2021, hackers attacked the FBI, compromising an email server. A software misconfiguration was the main cause.

The FBI stated that they remediated the incident but have not released more details.

Lesson: If attackers can get at the FBI, they can get at your company. It’s time to harden your own company’s cyber defenses–systems and human.

Proof Of Vaccination Attacks On The Rise

KnowBe4 reports that, as more and more localities require proof of vaccinations, there has been a significant rise in corresponding phishing attacks. For example, 35% of U.S. citizens and 22% of U.K. residents have been phished.

Folks, the same thing is happening here in the U.S. as Federal and States mandate vaccinations and restrict unvaccinated residents from participating in many events; proof of vaccination scams are becoming a hacker staple.

In particular, watch out for Covid-19 vaccination apps as bogus emails flood inboxes prompting people to click links to download apps. Also, social media scams are exploding, so watch for scam apps being offered through popular sites.

Many scam vaccination-proof apps ask for personal info, banking details, and credit card data. Unfortunately, this information sets you up for identity theft scams.

To see how these scams play out, read our blog post: It’s Great That You’re Vaccinated, But Please Don’t Do This!

Another Microsoft Exploit — Better Patch Your Systems!

A few days ago, we mentioned CVE-2021-42321 that affected on-premise versions of Exchange Server 2013, 2016, and 2019. Now, the Herjavec Group identified another actively exploited vulnerability.

CVE-2021-42292 for Microsoft Excel. The hacker group, MSTIC, has exploited this vulnerability in both Windows and Mac OSX versions of Excel. Once clicked, using an infected file as bait allows an attacker with no privileges to be granted total read and write access to all resources.

A patch is available for Windows but not yet for Mac.

Users and administrators are advised to update their systems as soon as possible.

ALERT – Bogus Customer Complaint Campaign

A recent KnowBe4 post reveals a campaign that is currently underway featuring a fake customer complaint phish with a link to an infected website.

The emails appear to come from a manager within the target’s company, with a PDF attached. When opened, the PDF brings the target to a malicious web page, and the victim is tricked into downloading malware.

The report didn’t mention the type of malware, but cybercriminals can use a variety of viruses, including ransomware.

The best defense is to make sure your staff is trained on recognizing the signs of a phishing attack (i.e., using pressure to open attachments or click links, misspellings, links that don’t go to company pages, etc.). A Security Awareness Training program is worth its weight in gold!

Don’t have a Security Awareness program? Email us at [email protected].