Security Director Alert: Employees Are Packing

This media advice to employees may lead to corporate espionage. BOLO

Worried About Losing Your Job? Pack a Digital Go Bag

It’s now more common for layoffs to happen through account lockouts. Every employee needs to download their most important files from work, and update them periodically.

What Is a Digital Go Bag?
A digital go bag or virtual go bag is an electronic version of a traditional go bag—a bag you pack ahead of time that has everything you need in case you have to leave in a hurry—and it's meant specifically for work. If you got laid off or fired without notice, what documents and information would you most want to keep hold of? 

How to Make a Digital Go Bag
First, identify the documents you want to take with you. Second, decide how often you need to download the items in order to keep your go bag up to date. Some, like performance reviews and tax documents, might only be updated once per year. Others, such as emails between you and your supervisor, might pile up quickly enough that you decide to download them quarterly. more

NYC woman found a phone buried in her lawn...

 — and police say it’s a new tactic thieves use to spy on homeowners.

Warning As 26 Billion Records Leak: Dropbox, LinkedIn, Twitter Named

via Rob Kleeger, Digital4nx Group, Ltd.

Hold on tight because we've got some major news for you. Brace yourselves for the 'Mother of all breaches' (MOAB) - a breach so massive it's making waves in the cybersecurity world!

Security researchers have just uncovered a mind-boggling database with over 26 billion records, compromising billions of accounts worldwide. Yep, you read that right! This treasure trove of data has been collected from big shots like LinkedIn, Twitter, Adobe, and many more.

Can you believe it? This jaw-dropping database is made up of a whopping 3,800 folders, which means these records were gathered over time to create a mind-blowing 12 Terabyte database. Talk about a digital goldmine! 

Now, here's the important part: some major players have been affected, including Twitter/X (281 million records), LinkedIn (251 million records), Evite (179 million records), and Adobe (153 million records). It's a serious situation, folks.

We don't want you to panic, but it's crucial to take immediate action to protect yourself. 

Here's what you need to do:
1️⃣ Change your passwords for ALL online accounts, especially those linked to the affected organizations.
2️⃣ Enable two-factor authentication wherever possible. Double the security, double the peace of mind! 
3️⃣ Stay on high alert for any suspicious emails, messages, or calls asking for personal information. Don't fall for their tricks!
4️⃣ Keep a close eye on your financial accounts and credit reports. If you spot any unauthorized activity, act fast!
The breach reminds me of this movie clip for some reason... 

CISA & FBI Release Chinese Drone Awareness Paper

Cybersecurity Guidance: Chinese-Manufactured UAS is a Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) resource that raises awareness on the threats posed by Chinese-manufactured UAS and provides UAS cybersecurity recommendations that reduce risks to networks and sensitive information. This guidance also provides additional resources to augment an organization’s preparedness, response, and resilience.

"The People’s Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China. The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities."  more  / download

Security Alert: Unsolicited Smartwatches Received by Mail

Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.

These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords...

What to do if you receive one of these devices:

• DO NOT turn the device on.
• Report it to your local counterintelligence, security manager, or through our Submit a Tip - Report a Crime reporting portal. more

Security Director Alert: Check for Spyware When Execs Travel

Smartphone, laptop, etc. device check service for traveling users.  

Detect Pegasus and other 0-click and 1-click spywares. Check before and after executives enter high-risk countries to determine their exposure and perform remediation. Prevent introducing foreign threats to your network. Service is a ZecOps product. more

Alert: Apple iOS 14.8 Security Update Spikes Spyware Flaw

 Apple on Monday released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The tech giant's security note for iOS 14.8 and iPadOS 14.8 says: "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." Apple also released WatchOS 7.6.2, MacOS Big Sur 11.6 and a security update for MacOS Catalina to address the vulnerability. 

The fix, earlier reported by The New York Times, stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. more

Breaking: Billions of Online Trading Broker Records Have Been Leaked

Researchers at WizCase have discovered a massive data leak that belongs to FBS, a Cyprus-based online trading broker used by millions of traders in over 190 countries. 

The leak includes sensitive personally identifiable information (PII), financial information, government documents, numbers, and even passwords in plaintext form...

The consequences for the exposed individuals are grave, ranging from identity theft and banking fraud to scams, phishing, blackmailing, and even business espionage. The details that have been exposed are just too revealing, and mitigating the risks now is very complicated – if at all possible.

If you were using FBS, you should reset all your passwords, enable 2FA and monitor your bank account activity closely. more

Privacy Alert - Scammers Pretending to be COVID-19 Contact Tracers

Be aware of scammers pretending to be COVID-19 contact tracers.
Legitimate contact tracers will never ask for your Medicare Number or financial information. If someone calls and asks for personal information, like your Medicare Number, hang up and report it to 1-800-MEDICARE. medicare.gov & more

NSA Tells Mobile Users Beware of Find-My-Phone

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

And don't forget to limit ad tracking. Advisory contains a host of recommendations.

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.” more

Novel Eavesdropping Attack or The Bright Spy

The usual way of eavesdropping with a glass over the wall has come a long way: bugs in the wall, hacking weak passwords, wiretaps, and more. Now, as if there weren't enough ways of being an audio spy, the good old light bulb has become a nemesis to be feared: Any light bulb in a room that is visible from the window can be used to spy on your conversations from afar.

A team of researchers at the Ben-Gurion University of the Negev in Israel has found that the vibration patterns in a light bulb can enable us to recover full conversations from hundreds of feet away.

But how can that be possible? The thing about the hanging bulb is that it acts both as a diaphragm and transducer. Apparently, these two, sound waves cascading on its surface and it converting air pressure from sound to small changes in light, means it is a useful gadget for intruders.

The paper states, "We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time." more

Eavesdropping Vulnerability: Cisco SPA100 - Update Firmware

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

...if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild. more

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin

IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available

Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.

It also issued a slew of additional patches addressing other flaws in its products.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.

“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more

The Credit Card that Pays for Itself

Confidential Conference Planning

• You can say no cell phones allowed in the meeting.
  
• You can prohibit brief cases and backpacks.
  
• You can scan participants for surveillance devices.

But, you probably won't think about having them leave their wallets outside the door, or checking the books on the shelf.


We would. This is just one of the many things we think about at Murray Associates.

Warshipping - The Next Corporate Espionage Headache

Hackers looking to gain access to your Wi-Fi network don’t necessarily have to lurk around your home or office, warns IBM X-Force Red.

Instead, writes Charles Henderson, global head of that security unit, they could simply ship you a package with a tiny, concealed device they can remotely control.

“In fact, they could ship multiple devices to their target location thanks to low build cost,” Henderson writes. “The device, a 3G-enabled, remotely controlled system, can be tucked into the bottom of a packaging box or stuffed in a toy (a device no bigger than the palm of your hand) and delivered right into the hands or desk of an intended victim.”...

Scheduled TSCM inspections find electronic surveillance items like this. Dead or alive.

Such a device could even set up a rogue wireless network of its own to sniff login credentials to use on the real target network, according to the post. Devices made for the technique, which IBM has dubbed warshipping, can be built for under $100, the company says.

To avoid such attacks, Henderson’s team recommends companies set up policies to inspect and isolate packages and potentially discourage employees from getting personal shipments at work. more

Security Director Alert: Check for These Bug-Like Products at Your Location

Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs.

Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. “The most notable aspect of the vulnerabilities is what you can do simply by using the programs that get shipped on the device,” Brendan Scarvell, senior security consultant at Trustwave SpiderLabs, told Threatpost in an interview.

“This includes playing audio through the speakers, recording conversations through the microphone, activating cameras and taking photos, installing custom software/malware etc. This is pretty bad for places such boardrooms or executive offices where confidential conversations frequently happen. more

Many common office products have information security vulnerabilities. A Technical Surveillance Countermeasures (TSCM) survey, conducted by a competent consultant, will discover them for you.

Security Director Alert: Mirai Botnet Targets Corporate Presentation Systems

A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers...

Click to enlarge.

Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues. 

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack. more

In addition to checking for electronic eavesdropping devices and general information security loopholes, make sure your TSCM technicians examine IoT device settings.

Facilities Manager Alert: Your Smart Building May Start Doing Dumb Things

Researchers at enterprise security vendor ForeScout have warned that malware specifically targeting smart buildings is an inevitable next step given the rapidly expanding attack surface that building automation systems expose.

The operational technology researchers at ForeScout should know: they created proof-of-concept malware that revealed smart building vulnerabilities every business should be concerned about.

...just yesterday, Tenable Research revealed it had discovered several zero-day vulnerabilities in a premises access control system used by Fortune 500 companies. Among the many attack scenarios these vulnerabilities could facilitate was 'unfettered access to the badge system database' which in turn meant an ability to create fraudulent access badges and disable building locks. more

Samsung's Galaxy S7 Alert - Meltdown

Samsung's Galaxy S7 smartphones have a security flaw that could allow hackers to spy on tens of millions of users.

The smartphone, owned by more than 30 million people, contains a compromised microchip which would enable cybercriminals to exploit a flaw called Meltdown.

Meltdown was uncovered earlier this year and only affects chips designed by Intel. It is believed to have existed in devices dating back 20 years, but was disclosed to chip makers Intel, ARM and AMD in 2017.

Potentially, it could allow hackers to bypass the barrier in hardware between applications and a computer’s memory, allowing them to steal passwords. more