Holiday Phishing, Google Solutions for Cobalt Strike, Software Updates, and How to Keep Your Accounts Safe
Holiday-Based Phishing Campaign
by Artie Kaye
Emails promising deals with well-known retailers have increased in the past few months. These will mimic actual advertisements to offer discounts or free items, but in reality, the links will take the user to persuasive fake websites that do nothing but collect personal information. They leverage credibility by citing a holiday sale, offering time-limited deals that expire within minutes, and offering falsified testimonials. They take advantage of legitimate websites and services. These attacks are currently aimed at the US.
Pay attention to the email you receive. If you don’t normally get advertisements from a particular source, don’t trust them. Even with trusted email, you should double-check URLs or go to a company’s website directly by typing in the official web address. Hover your mouse cursor over buttons and hyperlinks without clicking on them to preview the actual destination address. Never enter personal information without checking the validity of the source. Please stay safe this holiday season!
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Google Offers Solution to Cobalt Strike Abuse
by Artie Kaye
Cobalt Strike is a tool developed to allow the simulation of a data breach without causing any damage. The program’s functionality has led many threat actors to adopt using it as an attack vector. Older software versions were found to be used frequently in these instances. Using this information Google’s researchers produced a list of YARA Rules to flag or monitor all but the current version of Cobalt Strike. The goal is to disable the use of the software as a means of exploitation.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Opinion: Authentication
by Artie Kaye
Many websites and apps these days require authentication or single sign-on to gain access. For example, we can use a social media or Google account to log into a third-party product. Because these entities are trusted, it makes our lives easier. Instead of making a new account for everything, we use an existing one. This will link your activities and data to the account used to sign in. In some cases, if we lose access to these accounts, we lose access to what is linked to them. We can lose access to accounts in many ways: Being compromised by a hacker or phisher, having it deleted, cloud or infrastructure failure, etc.
Ensuring you still have your information is essential. If allowed by the services and sites you use, setting up an alternate sign-in method can safeguard against losing access if your main account is no longer viable. Backing up important data, conversations, and appointments regularly is a good practice. It is highly recommended to use a password manager.
Atlassian Patches Bitbucket and Crowd
by Artie Kaye
Two critical vulnerabilities were addressed recently by Atlassian. The flaws are not present in all versions of the software. Bitbucket versions 7.0 to 7.21 and 8.0 to 8.4, and Crowd version 3.0.0 or later need to be patched to remove the exploits.
The flaws are listed as CVE-2022-43781 and CVE-2022-43782.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Firefox Update 107
by Artie Kaye
Mozilla has upgraded its browser this month, addressing numerous flaws. If you’re using Firefox and don’t have automatic updates set up, you can update by opening the drop-down menu, clicking on help, then clicking on About Firefox. Keeping your browser up-to-date helps protect you.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)