A scam aimed at verified Twitter users, a ransomware warning from the FBI, and more
Welcome to Cyber Security Today. It’s Monday December 6th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Twitter subscribers who have a blue identity verification checkmark on their accounts are being targeted by an email scam. The goal is to steal their login credentials. The checkmark is a vital indication that the tweet from an account belongs to the named person and not an impersonator. But according to the Bleeping Computer news service people with verified accounts are getting email messages claiming their verified status will be lost unless their account is updated. An ‘Update Here” button the victim clicks on supposedly leads to a Twitter login page. But it’s a fake. Sharp people would know by checking the address of the email sender that it’s a fake. Those hovering their mouse over the update button would know something’s odd because the website linked to the button doesn’t go to Twitter.
It’s no coincidence that this email scam started last week, just after Twitter began removing blue checkmarks from some verified accounts because of some alleged irregularities. As a result a lot of people are wondering if their accounts will be involved.
At least 49 organizations have been hit by a ransomware gang that calls itself Cuba. That’s according to the FBI, which last week issued a warning about the strain. According to a report by BlackBerry, the Cuba strain first appeared in the middle of last year. When the malware’s encryption executes the scrambled files end with the extension “.cuba”. The FBI says those behind the Cuba ransomware use phishing emails, leverage Microsoft Exchange vulnerabilities or hack into Microsoft Remote Desktop Protocol as ways to get initial IT network access. So far Cuba ransomware threat actors have received at least $50 million in ransom payments. The FBI urges organizations to take the standard precautions against ransomware — and most cyber attacks. That includes requiring all users to have strong passwords with multifactor authentication. Employees shouldn’t have the ability to use the same password on multiple internal accounts. Only those who need it should have access to administrative accounts. All software should have the latest security patches installed as soon as they are released. In addition command-line and scripting activities and permissions should be disabled. Privilege escalation and lateral movement often depend on software utilities that run from the command line. If threat actors are not able to run these tools, they will have difficulty escalating privileges and/or moving laterally.
Because most of my listeners are in Canada and the U.S. I try to focus on what’s going on in North America. But sometimes I warn about scams going on elsewhere in the world because they might be transferred here. One of them is in Italy targeting Android phone users. Victims get an SMS text message supposedly from their bank urging them to install an anti-virus or anti-spam app for better protection. Clicking on the link takes the victim to a web page that looks like the bank’s website. A link is there to the supposed anti-spam app. But the whole thing is a scam to get the victim’s bank password. Regardless of whether this scam comes to North America always be suspicious of text messages that ask you to download software, especially if after downloading you have to enter a password for an account like your email, social media or your bank.
For years there have been complaints that law enforcement agencies and governments that buy the Pegasus spyware made by an Israeli company called the NSO Group isn’t only being used against crooks. In the latest controversy, the Reuters news agency said Apple has warned at least nine employees of the U.S. State Department that their mobile devices had been hacked. These staffers were either based in Uganda or were focused on matters concerning Uganda. As a result of the news report the NSO Group said it canceled the account of an unnamed customer. This comes as the U.S. government has placed the NSO group on a list of firms American companies are restricted from doing licenced business with. It also comes as Apple launched a lawsuit against NSO Group, alleging it helped customers break into the iOS operating system.
Finally, here’s another reason why you have to keep your Chrome, Firefox, Edge or other browsers regularly updated: Researchers in Germany have discovered 14 new types of cross-leak attacks that can be used against web browsers. By leveraging vulnerabilities attackers can steal data like passwords and credit card numbers.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.