News for August 15, 2022

Unpatched Vulnerabilities High Value Targets
by Artie Kaye

When it is recommended to patch, patch.  The process may take a few minutes to a few hours depending on what is being done, but it potentially saves days of work recovering.  Researchers at Kaspersky have released a report detailing what they’ve found regarding flaws and exploits.  Microsoft Office was the most active vector in the second quarter of 2022, accounting for 82% of all recorded attacks.  The exploits they recorded were flaws already discovered and patched in previous months, some dating back to 2017.  Hackers will go after unprotected systems leveraging any advantage they can get.  Don’t help them access your data, regularly update your programs.

Callback Phishing
by Artie Kaye

One of the oldest forms of scam is on the rise again:  Phone scams.  A target is contacted via phone or email about an upcoming charge related to a service commonly used, or security problems related to their accounts.  No hyperlinks, the sending email address looks official as a no-reply address, just a phone number to call to work things out.  The number directs to a call center that’s designed to persuade the victim into giving over information or installing malware on their machine.  If this sounds familiar it has been done with popup adverts for years.  Once they are in your system, they’ll take everything they can that’s worth of any value to them.  Depending on the group running the scam, your data could then be ransomed or deleted.

Always be cautious when getting a phone call, an email, or a message on social media that is discussing payments or security.  If a phone number is left to call, check it against the official number for the service being mentioned.  Call the number on the official website if you’re really concerned.  These scams continue to be a successful avenue for criminals, so practice caution.

Twilio Data Breach
by Artie Kaye

Communications company Twilio discovered a hack in the first week of August.  New information is released every few days since as to what data was affected in the breach.  The attackers gained access through SMS phishing, allowing them to login as an employee.  They first reported that about 125 customers had their data accessed for a short period of time.  1900 Signal users account information was also affected, in particular the linked phone number.  This did not give access to message history or contact lists.  Users Signal believes are affected will be asked to reregister their devices. 

CloudFlare was hit with a similar attack but had stronger security measures in place which prevented a full breach.

SOVA Android Malware
by Artie Kaye

A malware that was announced in 2021 is being seen in the world.  SOVA targets banking information on Android devices.  New releases have been made over the months each adding new features including gesture capturing, login overlays, and in version 5 ransomware will be part of the functions.  It is designed to steal your financial data, your login credentials, your crypto wallet information.  Infected installs masquerade as existing products and apps.  Double check any app before installing.  Maintain a backup of your phone’s data.  If you want to read the technical aspects of what the program does please check the Cleafy link below.