An Uber incident, WeTransfer used to spread malware and much more!
/
RSS Feed
Share
Link
Embed
In this episode, Erich and Javvad speak about the Uber breach, using WeTransfer to spread malware, UK folks fear that their kids will turn to cybercrime due to the rising cost-of-living, and more.
Log4j Still a Problem, Credential Stuffing Yeilds 200k Accounts and more!
/
RSS Feed
Share
Link
Embed
This week, Javvad and Erich discuss the campaign the Lazarus group is using against US energy companies, surveillance camera access for sale, and how credential stuffing compromised almost 200k accounts at North Face. All this and more!
Stealthy Coinminers, Ransomware Victims List Over Doubles and More!
/
RSS Feed
Share
Link
Embed
In this episode, Javvad and Erich discussa crafty coinminer malware that lays dormant for a while, Okta credential thefts, a huge increase in potential victims of a ransomware attack, and a possible device that allows bad actors to simulate swipes and taps on phones from under a table.
I work in the interesting field of cybersecurity and have for quite some time. Throughout the years, I have found myself increasingly skeptical about people and organizations. It could just be my old age, after all my goal in retirement is to spend my days sitting on my front porch telling kids to get off my lawn, but it could be something else. In this line of work, I hear about scams and see the ugly side of the digital world quite often, and I think it has impacted me.
Recently, my wife and I decided to buy some land. We have been looking for years, but had quit looking due to prices. Then, this opportunity just showed up out of nowhere (well on Facebook Marketplace), and next thing I know, we are making an offer. The people we bought the property from will still be our neighbors and he is a retired real estate pro, so the decision to do the sale without realtors on both sides made sense financially, however I was still nervous about it. His daughter, a current realtor, was kind enough to write up contracts and point us at a good title company, so it wasn’t like we were totally blind here. Over the course of a couple of weeks while we worked through some financial stuff, we spent some weekends doing some clean up at the property with the sellers permission and we got to know each other pretty well. In the back of my mind, I still had this gut-wrenching fear that things would go wrong.
When it was time to close, we met up with the title folk and signed the papers, then we had to transfer funds. Now this was a cash deal, so it was a matter of wiring money from our bank accounts to the title company, however I have heard so many stories about wire transfer fraud, that I was nearly sick with nerves when it came time to do the transfers.
I have no reason not to trust the seller. I looked up his name on the next-door property and the one we were buying, and they were the same (another scam is selling property you don’t own). I’ve seen his ID and I know that he lives in that house, yet I am still nervous almost to the point of paralysis while we wait for the property deed to be recorded and show up officially online (this can take several weeks right now).
So, what is the point of this story? Well, it’s this, it is not bad to be cautious these days as scams are everywhere. There are many that originate on social media and it is important to apply reason when looking at things, however it is important not to let paranoia steal the joy from what should be a happy event. Do your due diligence and remember that deals that seem too good to be true, are.
2 tips for Facebook Marketplace:
Ads that include an alternate email address to contact, often saying something like ‘This is my parents, which I listed for them’ followed by that other email address, is usually fake. They are simply getting you to communicate off Facebook. Ads that have unrealistic prices, are fake. They want to open a conversation with you and will often attempt to get you to leave a deposit, or will tell you they are sending a code from Google Voice to prove you are ‘not a scammer’. The code is actually from Google Voice, but is being used so they can associate a Google Voice phone number with your cell phone, and use it for scams.
Extreme low price, vacation mode and an alternative email address. This one has it all
They have clearly taken over this account and are spamming all across the country as quickly as possible. Facebook can track when you glanced at an advertisement and feed you ads for years, but can’t seem to figure this trick out
Ads that have unrealistic prices, are fake. They want to open a conversation with you and will often attempt to get you to leave a deposit, or will tell you they are sending a code from Google Voice to prove you are ‘not a scammer’. The code is actually from Google Voice, but is being used so they can associate a Google Voice phone number with your cell phone, and use it for scams. These also seem to favor lines such as ‘just serviced 3 days ago’ and ‘no rust, no dents, original paint, no accidents and clean title’, almost verbatim across ads
This is only about $10k under blue book, and has nothing at all wrong with it, it was just serviced after all. Totally not legit.
Same pattern on spamming across the country from a taken over legitimate account.
On the Road, Twitter is a Mess, French Hospital Down, and More
/
RSS Feed
Share
Link
Embed
In this episode, Erich is on the road in Dallas for the Podcast Movement conference, but him and Javvad still take the time out to discuss some major stories on cybersecurity this week.
FEMA Warns Systems Vulnerable, $190MIL in Crypto Stolen and Macros Cause Havok
/
RSS Feed
Share
Link
Embed
Erich and Javvad discuss a crypto currency theft of around $190mil, FEMA warns about patching emergency alerts systems and macros have become a top way to spread ransomware, plus more stories of the week.
Fake Cisco gear, Microsoft warns about MFA resistant phish, and more!
/
RSS Feed
Share
Link
Embed
In this episode, Javvad and Erich discuss a Florida man charged with selling fake Cisco gear, a phish designed to get around MFA, ransomware gangs allow searching of dumped data and Google updates their password manager.
