Making Sense of Security

Securing your Digital World.

Making Sense of Security

How to Find Out Who Someone is Texting

MSoS Logo

Do you want to know how to find out who someone is texting? This is often the case when people are worried about someone they care about. For example, your child spending too much time on their phone can be a red alert. We never know who they are in contact with and what are the intentions of the person. Similarly, many people also get suspicions (reasonable) when their partner or their spouse is spending too much time on the phone texting with someone. Through this guide, you can finally find the answer to this question once and for Read more…


[Heads Up] The Chinese Have Likely Hacked Your Exchange Email Server

What if Chinese state-sponsored hackers have owned your OWA using several brand-new zero-day vulns? On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. The Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide, at least 30,000 in America — with each victim system representing approximately one organization that uses Exchange to process email. The truth is, if you are running an OWA server exposed Read more…


Attention Android Users: This Free VPN App Leaked the Data of 21 Million Users

Attention Android Users: This Free VPN App Leaked the Data of 21 Million Users To live our digital lives to the fullest, we rely on a variety of technologies to support our online activities. And while some apps and devices are meant to make certain tasks more convenient or provide us with greater security, others simply offer a false sense of security and could potentially lead to online misfortune. One such platform is SuperVPN. While users may applaud themselves for using a VPN to protect their privacy, this Android app is unfortunately spilling their secrets without their knowledge. Let’s Read more…


The Fastest Route to SASE

Shortcuts aren’t always the fastest or safest route from Point A to Point B. Providing faster “direct to cloud” access for your users to critical applications and cloud services can certainly improve productivity and reduce costs, but cutting corners on security can come with huge consequences. The Secure Access Service Edge (SASE) framework shows how to achieve digital transformation without compromising security, but organizations still face a number of difficult choices in how they go about it. Now, McAfee can help your organization take the shortest, fastest, and most secure path to SASE with its MVISION Unified Cloud Edge Read more…


Self-Validation: 3 Ways To Validate And Love Yourself

As more of us are struggling to attain society’s view of perfection, self-validation is becoming a hotter topic. But self-love and being your own biggest fan don’t happen overnight. What I’ve found is that you have to practice self-validation mindfully before you can genuinely begin to love yourself. Here are three ways to validate and love yourself. 1. Stop Comparing Yourself to Others I’ve put this one first because it’s perhaps the most important aspect of self-validation. It also happens to be the most difficult aspect, and it is an area that requires concerted effort, day after day. When Read more…


How To Stop the Negative Thoughts From Spiraling In Your Mind

You started your day well but suddenly, something unexpected or untoward happens, and you are entirely out of your funk. One bad thought leads to another like a domino effect, and before you know it, you feel terrible and have no idea why you think or feel the way you do. You have no clue how to stop the negative thoughts that echo in your mind. The Negative Thought Spiral Negative thoughts could stem from something as trivial as looking at something or someone on social media to a showdown between you and your manager on Teams, and these Read more…


How Does Ransomware Spread Globally?

Ransomware is a type of malware that involves encrypting a company’s or individual’s useful data or blocking users from accessing their computer systems in exchange for a given amount of money. Cybercriminals are always on the look-out for creatives means for getting a hold of your data so that they can have them at ransom. Every day you hear of someone’s account being hacked. But, how does ransomware spread? You ask yourself. It is a common question that most people ask and wonder, especially when the attack strikes. This article delves into seven common ways through which Ransomware has Read more…


Think Your Cyber Insurance is Going to Cover that $6 Million in Cyber Fraud? Think Again.

The latest tale of an organization falling victim to a business email compromise attack on their credit card processor highlights how very specific the scenario needs to be to see a payout.


1 in 4 Business Email Compromise Attacks Use Lookalike Domains to Trick Victims

The latest Data on BEC scams shows how the bad guys are using a mix of gmail accounts, increases in stolen wire transfers, and a shift to payroll diversions to trick you out of your money.


Phishing Attacks Continue to Impersonate Trusted Brands to Deceive Potential Victims

The use of impersonation in phishing attacks helps to establish credibility and a sense of ease. New data shows exactly how the bad guys are using this tactic to their advantage.


Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, VEC has been around for some time and now seems to be going mainstream.


Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals.


Someone Hacked The Four Top Russian Cybercrime Forums In One Month

Intrepid investigative cyber security reporter Brian Krebs has some interesting news. He said: “Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.


24 Self-Reflection Questions To Get You To Rethink About Life

“Oh no, Oh no! AHHHHHHH!” These were the only words I could manage as my car spun out of control, hydroplaning across multiple lanes of the slick freeway. It was one of those moments you see in the movies where your life flashes before your eyes, and you instantly begin the process of asking yourself a slew of self-reflection questions. I was driving back from a children’s birthday party with my wife and two very young daughters on board. My girls were strapped tightly in their car seats and sleeping peacefully. My wife had just told me to be Read more…


10 Best Self-Help Podcasts To Listen To Right Now

If you’re not getting the time you’d like to for reading, I hear you. With the pressures to achieve at work at an all-time high, the constant demands of the executive team, daily ongoings of your family, significant other or friends, birthdays, Zoom calls, and not to mention your burning desire to be the best you can be, it can be hard to fit it all in. This is in fact an understatement! In fact, it’s surprising to think that we have time to do anything else, and it can almost feel like we know what to do but Read more…


[ALERT] New Stanford Research: 88% Of Data Breaches Are Caused By Human Error

A brand new report confirms what we have been saying for many years now. About 9 out 10 data breaches are caused by your users.


Most Phishing Emails Are After Credentials

57% of phishing emails in 2020 were designed for stealing credentials, according to Cofense’s most recent Annual State of Phishing Report. Meanwhile, just 12% of phishing attacks last year were used for delivering malware. Cofense believes this is because credential phishing emails are better at bypassing email security filters than emails with malicious attachments or download links. Likewise, conversational phishing attacks, like business email compromise (BEC), have grown more popular.


Let’s Commit To Protect Our Privacy This Year

Let’s Commit To Protect Our Privacy This Year How our new identity & privacy app can help By this point in the year you may have already broken some of your New Year’s resolutions, but here’s one to keep: better protecting your online privacy. After all, we are likely to continue to spend more time online in 2021, whether it be for working, learning, or shopping. This makes taking some preventative steps to shield our identity information more important than ever. That’s why McAfee has been working on a new identity and privacy app for safeguarding your personal information, and we’d love for you to try it if Read more…


How To Grind And Store Your Coffee Beans the Right Way

For many people, coffee is one of life’s great pleasures. It provides a natural mood uplift as well as helping to boost our energy. It also tastes pretty good too! With the shift to working from home caused by the coronavirus pandemic, lots of us have had to forget about Starbucks and instead turn to making coffee at home. But done properly, this can be a cheap and convenient alternative to the high street coffee stores. In this article, we’ll show you exactly how to store and grind coffee beans for the best possible lifespan and flavor. With our Read more…


7 Ways To Expand Your Horizon And Push For New Frontiers

Do you ever have the desire to step out of your comfort zone and seek new experiences? This longing to diversify our life can happen at times when we feel especially stuck, whether it’s our career, daily routine, or relationships. We often want to look beyond our current situation and strive for new goals. It might feel intimidating to branch out, so here are seven ways to expand your horizon and push for new frontiers. 1. Pinpoint Where You Are Complacent in Life The first step to expanding your horizon is to assess where you have become stagnant in Read more…


How To Relax Quickly When You Are Addicted To Work

You’ve finally reached the end of your workday—a day that started with you skimming hours from sleep to get a jump-start on your to-do list. It continued with you eating lunch at your desk to avoid losing momentum, ignoring calls from family and friends to fend off feelings of guilt about not working, and adding new projects to your plate after finishing up others. You’ve managed to reject anything that resembles a break so you can stay firmly focused on your work performance and success. Now, you’re exhausted. And, let’s be honest: you’re also addicted to working. There’s some Read more…


POTRAZ Warns of Phishing Scams

The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) has issued a warning regarding an increase in email and SMS phishing attacks, the Chronicle reports. Dr. Gift Machengete, director general of POTRAZ, stated that users should avoid opening attachments or clicking on links in unsolicited emails and text messages.


Don’t Let Tax Fraud Ruin Your IRS Refund

Don’t Let Tax Fraud Ruin Your IRS Refund Here’s how to lock down your data this tax season Tax season is always a high time for scams that put our money and information at risk. But this year securing your data may be more important than ever, due to a spike in unemployment fraud. Millions of Americans have lost their jobs over the course of the pandemic, and states have seen a surge in unemployment applications, including fake claims using stolen information. In California, authorities report that between $10 billion and $30 billion was recently paid in fraudulent unemployment claims, Read more…


Who loves tax season besides accountants? Hackers

Who loves tax season besides accountants? Hackers  It’s tax time in the United States, and even if you’re pretty sure you did everything right, you’re worried. Did I file correctly? Did I claim the right deductions? Will I get audited? Unfortunately, tax season brings out scammers eager to take advantage of your anxiety. The tax scam landscape First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly. Still, wariness of the IRS and intricate tax laws Read more…


How to Spot, and Prevent, the Tax Scams That Target Elders

tax scams that target seniors

How to Spot, and Prevent, the Tax Scams That Target Elders Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure. What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile. Also according to the FBI, elders may be less able or willing to Read more…


Hacking Proprietary Protocols with Sharks and Pandas

The human race commonly fears what it doesn’t understand.  In a time of war, this fear is even greater if one side understands a weapon or technology that the other side does not.  There is a constant war which plagues cybersecurity; perhaps not only in cybersecurity, but in the world all around us is a battle between good and evil.  In cyber security if the “evil” side understands or pays more attention to a technology than the “good” side, we see a spike in cyber-attacks. This course of events demands that both offensively and defensively minded “good guys” band Read more…


4 Effective Ways To Improve Your Work Performance Greatly

Peak performance in the workplace is essential for company growth and high-levels of productivity, but what’s easy to do is also easy not to do.  Searching “work performance” in Google pulls up 4,180,000,000 results in less than one second. To say that work performance is a buzzword is a complete understatement. Everyone and their mother are interested in finding the latest gadgets and hacks to optimize their workplace productivity and output. Companies are caught between a rock and a hard place as they attempt to navigate the uncharted waters of working from home while keeping their employee productivity levels Read more…


10 Actionable Tips To Make Tough Decisions in Life

You make decisions every day, from what you’ll eat for lunch to the route you’ll drive through on your way to work. But when you consider the phrase “tough decisions,” your mind probably wanders to bigger choices, like accepting a job offer, buying a home, or asking for a raise. Tough decisions in life can be even grander in scale including those related to health or caring for a loved one. Planning for a safe, healthy, and financially secure future may be your definition of tough decisions. But everyone is different. What you consider a tough decision may be Read more…


CyberheistNews Vol 11 #09 [Heads Up] New Ryuk Ransomware Strain Now Worms Itself To All Your Windows LAN Devices


Universal Health Services Becomes Next Victim of Ryuk Ransomware, Costing $67 Million

Fortune 500 hospital and health care service provider Universal Health Services (UHS) recently became victim to Ryuk ransomware in September 2020.


By Their Poor Idiomatic Control Shall Ye Know Them

A new phishing campaign is impersonating Zoom in order to steal users’ Outlook credentials, according to researchers at GreatHorn. The attackers are using phishing URLs that spoof Zoom’s domain, and that also include the name of the targeted users’ organizations.


Hacking Multifactor Authentication: An IT Pro’s Lessons Learned After Testing 150 MFA Products

Multi-Factor Authentication (MFA) can be a highly effective way to safeguard your organization’s data, but that doesn’t mean it’s unhackable. And nobody knows that better than award-winning author and Data-Driven Defense Evangelist at KnowBe4, Roger Grimes. While researching his most recent book Hacking Multifactor Authentication, Roger tested over 150 MFA solutions. And he wants to share what he learned with you!


[HEADS UP] New Dutch Data Breach Report Warns of Explosive Increase in Cyber Attacks and Stolen Personal Data

The Dutch Data Protection Authority (AP) recently measured the number of reports of data theft in 2020 and the number of attacks skyrocketed. The report documented that it increased no less than 30% in 2020 compared to the year prior.


New York State Education Department Warns of Phishing Campaign

The New York State Education Department (NYSED) released an advisory warning that scammers are impersonating its employees in an attempt to steal social security numbers and money. The scammers are calling medical professionals and informing them that they need to send a payment in order to keep their license.


Phishing Attacks Double in 2020 While Carrying the Highest Month of Attacks on Record

The latest data from the Anti-Phishing Working Group (AWPG) shows massive gains in phishing attacks in Q4 of last year, quantifying the growth and setting the expectation of what’s to come in 2021.


UK Police Arrest SIM-Swapping Gang Responsible for the Theft of Over $100 Million in Cryptocurrency

This month the UK’s National Crime Agency (NCA) arrested eight suspects who targeted famous sports stars and musicians in the US and stole from victim’s bank accounts and crypto wallets.


Microsoft Dominates as the Most Impersonated Brand in Phishing Attacks

New data from phishing detection vendor Inky highlights which brands are most often used by cybercriminals in phishing attacks that will give them the edge needed for a successful phish.


[Heads Up] New Ryuk Ransomware Strain Now Worms Itself To All Your Windows LAN Devices

A new Ryuk strain has a worm-like feature that allows it to spread to all other devices on victims’ local networks. It was discovered by the French CERT, their national cyber-security agency while investigating an attack in early 2021. “Through the use of scheduled tasks, the malware propagates itself – machine to machine – within the Windows domain,” ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) said in a report (PDF). “Once launched, it will thus spread itself on every reachable machine on which Windows RPC accesses are possible.”


AI Panel Urges US to Boost Tech Skills Amid China’s Rise

Read the original article: AI Panel Urges US to Boost Tech Skills Amid China’s Rise read more   Become a supporter of IT Security News and help us remove the ads. Read the original article: AI Panel Urges US to Boost Tech Skills Amid China’s Rise The post AI Panel Urges US to Boost Tech Skills Amid China’s Rise first appeared on IT Security News.


Apple Lobbying Against Arizona Bill That Would Let Developers Use Third-Party Payment Options

Read the original article: Apple Lobbying Against Arizona Bill That Would Let Developers Use Third-Party Payment Options Arizona is considering legislation that would prevent developers from being forced to use Apple’s in-app purchase options, and as the bill heads to the Arizona Senate, Apple and Google are lobbying heavily against it. As outlined by Protocol, Apple has been working against the bill since last month. Apple lobbyist Rob Didiron began fighting the legislation before it had been formally introduced, with Apple also hiring additional lobbyists and sending lawyers to Arizona. “We went through a very difficult weekend where Apple Read more…


Was Jan. 6 an Intelligence Failure, a Police Failure or Both?

Read the original article: Was Jan. 6 an Intelligence Failure, a Police Failure or Both? A police officer checks his watch on Jan. 6, 2021 prior to the Capitol breach in Washington, D.C. (Elvert Barnes, https://flic.kr/p/2kqc3v6; CC BY-SA 2.0, https://creativecommons.org/licenses/by-sa/2.0/) Weeks after the attack on the Capitol Building, Congress is getting underway with a serious effort to understand just what happened on Jan. 6. The work began in earnest last week and will continue this week—starting Tuesday, Mar. 2, when FBI Director Chris Wray will testify before the Senate Judiciary Committee on the insurrection, domestic terrorism and other threats.  Read more…


Register Here for U.S. Cyber Command’s Annual Legal Conference

Read the original article: Register Here for U.S. Cyber Command’s Annual Legal Conference U.S. Cyber Command is hosting its annual legal conference this Thursday (March 4th), and all are welcome to (virtually) attend.  Advance registration is required.  You can register here. The schedule is as follows: 10:00 – 10:30: General Paul Nakasone, U.S. Army, Commander, U.S. Cyber Command 10:30 – 11:15: Dr. James Lewis, Center for Strategic and International Studies 11:25 – 12:10: Commander Robin Crabtree, U.S. Navy, Office of the Staff Judge Advocate, U.S. Central Command 12:15 – 13:15: Professor Bobby Chesney, University of Texas at Austin School Read more…


GyanSys hires Anand Aboti as Chief Business Officer

Read the original article: GyanSys hires Anand Aboti as Chief Business Officer GyanSys has hired Anand Aboti as the company’s first Chief Business Officer. Aboti will be responsible for driving global business growth, expanding referenceable customer success, and strengthening alliances with strategic partners including SAP, Salesforce, and Microsoft. Aboti brings 25 years of experience in the IT services industry and deep expertise with helping customers realize strong ROI on transformation efforts. He has developed high-performance sales and account management teams and has led large enterprise programs in … More → The post GyanSys hires Anand Aboti as Chief Business Read more…


Hal Lonas joins Trulioo as CTO

Read the original article: Hal Lonas joins Trulioo as CTO Trulioo announced the appointment of Hal Lonas as its chief technology officer. Lonas joins Trulioo’s senior leadership team to help accelerate the company’s next stage of growth and innovation. He is a recognized innovator in cloud security and machine learning, and a long-standing champion of automation technology. “We’re excited to welcome Hal to the Trulioo team and look forward to his deep technical expertise, developed over decades of leadership,” said Steve Munford, President and CEO … More → The post Hal Lonas joins Trulioo as CTO appeared first on Read more…


Axonius raises $100M to expand, innovate, and fuel market growth

Read the original article: Axonius raises $100M to expand, innovate, and fuel market growth Axonius announced it has raised $100 million in Series D funding, led by Stripes, a leading New York-based growth equity firm, as well as participation from existing investors Bessemer Venture Partners (BVP), OpenView, Lightspeed, and Vertex. Ken Fox, founder and partner at Stripes, will join the Axonius board of directors. This latest round follows a 2020 investment of $58 million, increasing total funding to $195 million at a greater than $1 billion valuation. “It’s always … More → The post Axonius raises $100M to expand, Read more…


Supporting the Women Hit Hardest by the Pandemic

Supporting the Women Hit Hardest by the Pandemic Only 57% of women in the U.S. are working or looking for work right now—the lowest rate since 1988. That telling data point is just one of several that illustrate a stark contrast in these stark times: of the millions who’ve seen their employment affected by the pandemic, women have been hardest hit. According to the U.S. Bureau of Labor Statistics (BLS), some 2.3 million women left the workforce between the start of the pandemic and January 2021. Meanwhile, the BLS statistic for the number of men who left the U.S. Read more…


6 Steps to Help Your Family Restore Digital Balance in Stressful Times

6 Steps to Help Your Family Restore Digital Balance in Stressful Times Editor’s Note: This is part II in a series on helping families protect their mental and digital health in times of chronic stress. The content is not intended to be a substitute for professional advice or treatment. Over the past year of remote life, technology has become both a lifeline and a life sucker. We’ve witnessed technology author amazing moments of human connection impossible just a few decades ago. At the same time, we’ve also seen isolation and disconnection quietly settle in alongside those wins. As discussed Read more…


SOC Health Check: Prescribing XDR for Enterprises 

It is near-certain the need for security across the enterprise will never cease – only increase if year-over-year trends are any indication. We constantly see headlines with repetitive buzzwords and phrases calling attention to the complexity of today’s security operations center (SOC) with calls to action to reimagine and modernize the SOC. We’re no different here at McAfee in believing this to be true.    In order for this to happen, however, we need to update our thinking when it comes to the SOC.    Today’s SOC truly serves as an organization’s cybersecurity brain. Breaking it down, the brain and SOC are both the Read more…


Babuk Ransomware

Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Using MVISION Insights, McAfee was able to plot the telemetry of targets, revealing that the group is currently targeting the transportation, healthcare, plastic, electronics, and agricultural sectors across multiple geographies. Figure 1. Infection map (source: MVISION Insights) Coverage and Protection Advice McAfee’s EPP solution covers Babuk ransomware with an array Read more…


Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use

On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.  As we disclosed the findings to Agora in April 2020, this lengthy disclosure timeline represents a nonstandard process for McAfee but was a joint agreement with the vendor to allow sufficient time for the development and release of a secure SDK. The release of the SDK mitigating the vulnerability took place on December 17th, 2020. Given the implications of snooping and spying on video and audio calls, we felt it was important to provide Agora the extended disclosure Read more…


How To Find a Mentor And Make The Relationship Work

One of the fastest shortcuts to success in anything is to learn from someone who’s already done it. No matter what your goals are—from starting a business to inventing a new technology, from becoming a better public speaker to getting a promotion—there’s someone out there who’s done some variation of it. They’ve already faced the trials and tribulations of that journey. They have the connections. They’ve gained experience and wisdom. They know the pitfalls and challenges, and they know the shortcuts. If you want a higher chance of success, find a mentor. Pick up a biography of any successful Read more…