How cyber criminals are targeting Amazon Prime Day shoppers

Kicking off on July 12th, the annual Amazon shopping extravaganza, as always, is promised to be bigger and better with more cash savings and offers on goods. Online shoppers are already on the hunt for one-time offers or once-a-year deals and are closely monitoring the web for upcoming surprises. Clearly tracking this trend, cybercriminals are also sharpening their own upcoming surprises and gearing up to exploit the excitement of shoppers.

Highlights:

* This year, during the first few days of July, Check Point Research (CPR) has already witnessed a 37% increase in daily Amazon-related phishing attacks compared to the daily average in June

* Last year during the month of Amazon Prime Day (June 2021) we witnessed an 86% increase in phishing emails relating to the occasion, and a 16% increase in phishing URLs compared to the previous month

*( During June 2022, there were almost 1,900 new domains related to the term “amazon” of which 9.5% were found to be risky – either malicious or suspicious

* CPR provides examples of malicious impersonations of Amazon Customer Service, as well as a log-in page for Amazon Japan

Kicking off on July 12th, the annual Amazon shopping extravaganza, as always, is promised to be bigger and better with more cash savings and offers on goods.

Online shoppers are already on the hunt for one-time offers or once-a-year deals and are closely monitoring the web for upcoming surprises.

Clearly tracking this trend, cybercriminals are also sharpening their own upcoming surprises and gearing up to exploit the excitement of shoppers. Of course, Amazon-related phishing occurs all year long, and the company is often in the top imitated brands yet there is always an increase in activity around Prime Day. CPR is closely monitoring for cyber threats related to the day, both in the weeks leading to it and during the event itself, and has already found alarming signs of malicious phishing campaigns and … Learn more: https://bit.ly/3nMKFEd

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally, and that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

F5 Labs Investigates MaliBot

While tracking the mobile banking trojan FluBot, F5 Labs recently discovered a new strain of Android malware which we have dubbed “MaliBot”. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant.

TLDR: Never install phone apps from SMS links or 3rd party sites, rather only from the official app stores.

While tracking the mobile banking trojan FluBot, F5 Labs recently discovered a new strain of Android malware which we have dubbed “MaliBot”. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant. Some of MaliBot’s key characteristics include:

* MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, and occasionally assumes some other guises, such as “MySocialSecurity” and “Chrome”

* MaliBot is focused on stealing financial information, credentials, crypto wallets, and personal data (PII), and also targets financial institutions in Italy and Spain

* Malibot is capable of stealing and bypassing multi-factor (2FA/MFA) codes

* It includes the ability to remotely control infected devices using a VNC server implementation

This article is a deep dive into the tactics and techniques this malware strain employs to steal personal data and evade detection. Learn more: https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot

Contact us today: https://wehealcomputers.com; We ensure your systems are secure, running optimally, and that you have help when needed! Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files

Ransomware attacks have traditionally targeted data across endpoints or network drives. Until now, IT and security teams felt that cloud drives would be more resilient to ransomware attacks. After all, the now-familiar “AutoSave” feature along with versioning and the good old recycle bin for files should have been sufficient as backups. However, that may not be the case for much longer.

Microsoft 365 data not backed up? Contact us today: https://wehealcomputers.com; We ensure your systems are secure, running optimally, and that you have help when needed! Includes Document Backups! #ITservices #TechSupport #ComputerHelp #CyberSecurity

Ransomware attacks have traditionally targeted data across endpoints or network drives. Until now, IT and security teams felt that cloud drives would be more resilient to ransomware attacks. After all, the now-familiar “AutoSave” feature along with versioning and the good old recycle bin for files should have been sufficient as backups. However, that may not be the case for much longer.

Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker.

Our research focused on two of the most popular enterprise cloud apps – SharePoint Online and OneDrive within the Microsoft 365 and Office 365 suites and shows that ransomware actors can now … Learn more: https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality

How to add your calendar to outgoing email in Microsoft Outlook

You can share your Microsoft Outlook calendar with people inside and outside of your organization.

Have you ever spent a lot of back-and-forth time either leaving voicemails or sending several emails trying to pick a time to meet with someone? By the time you pick a good time for you, the other person has already scheduled that time with someone else. It’s tedious and useless, because you can actually send your Microsoft Outlook calendar to someone outside your organization, and the recipient doesn’t need to use Outlook to view your calendar.

In this tutorial, I’ll show you several ways to fine-tune your availability when sending your calendar to someone outside your organization. That way, the recipient sees only what you want them to see. This isn’t an alternative to … Learn more: https://www.techrepublic.com/article/add-calendar-outgoing-microsoft-outlook/

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

When it comes to securing their organizations, leaders need to focus on the human in the loop.

Today we’re launching the 2022 edition of our Human Factor report. Drawing on insights and data from our products and researchers, it tells the story of a year when cybersecurity jumped from the tech page to the front page.

Today we’re launching the 2022 edition of our Human Factor report. Drawing on insights and data from our products and researchers, it tells the story of a year when cybersecurity jumped from the tech page to the front page. As usual, we’ll explore all of this from a people-centric point of view, looking at the lures attackers used to bypass defenses and persuade victims to download or click on something they shouldn’t.

The threats we detected, mitigated and resolved for Proofpoint customers in 2021 are the core of our analysis. Together they make up one of the largest datasets in cybersecurity. And as attackers continue to probe for new access points, we’ve expanded our coverage of mobile and cloud threats.

Learn more: https://www.proofpoint.com/us/blog/email-and-cloud-threats/2022-human-factor-report-explores-year-headline-making-attacks

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Microsoft announces performance enhancements for Teams

Over the past year we’ve delivered enhancements to Teams that improve its overall interaction responsiveness time and creates a more fluid experience for the user. Investments have included transitioning from Angular framework to React, upgrading Electron (a framework for building desktop applications), reducing re-rendering, and making incremental improvements to the code.

Over the past year we’ve delivered enhancements to Teams that improve its overall interaction responsiveness time and creates a more fluid experience for the user. Investments have included transitioning from Angular framework to React, upgrading Electron (a framework for building desktop applications), reducing re-rendering, and making incremental improvements to the code. Our desktop, framework, and performance teams made several foundational improvements and our messaging and calling/meeting teams partnered to optimize the code for targeted user experiences we identified as important to the overall experience.

To gauge our progress, we recently looked at anonymized data from the 95th percentile of all desktop users in the world (meaning that 95 percent of the time the experience is better than this metric). We tend to focus on the 95th percentile because it includes users on low end devices, users on low bandwidth networks, and incorporate other edge cases that can impact the user experience.

The data showed notable improvements in messaging and meeting experiences as seen … Learn more: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/performance-enhancements-to-microsoft-teams-lead-to-faster/ba-p/3460419

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

New phishing technique lures users with fake chatbot

Phishing website links are commonly delivered via email to their respective targets. Once clicked, these websites often show a single webpage that outright asks for sensitive information like account login credentials, credit card details, and other personally identifiable information (PII). Recently, we have encountered an interesting phishing website containing an interactive component in it: a chatbot.

Phishing website links are commonly delivered via email to their respective targets. Once clicked, these websites often show a single webpage that outright asks for sensitive information like account login credentials, credit card details, and other personally identifiable information (PII).

Recently, we have encountered an interesting phishing website containing an interactive component in it: a chatbot. Unlike a lot of phishing websites, this one establishes a conversation first, and bit-by-bit guides the victim to the actual phishing pages.

Although the phishing method is quite unique, it still uses email as the delivery channel. A deeper inspection of the email header shows that the “From” header is missing the email address component, which is a red flag already.

Clicking the “Please follow our instructions” will open a browser and direct the recipient to a downloadable PDF file. There are two ways that this file will redirect the recipient to the actual phishing site. The first is through the “Fix delivery” button, and the second one is by copying an alternative URL from the file.

Either of the two methods will redirect the user to the same website, and this is where the actual phishing starts.

The Phishing Link Chain

The first stop is the chatbot-like page that tries to engage and establish trust with the victim. We say “chatbot-like” because it is not an actual chatbot. The application already has predefined responses based on the limited options given.

The first part of the engagement simply confirms the tracking number of the supposedly ordered item.

By clicking the “yes” option, the program will try to engage at a higher level with the victim by showing the picture of the item and asking for the preferred delivery address (i.e., home or office address).

To gain even more confidence and trust from the target, a CAPTCHA is presented right after the victim clicks the “Schedule delivery” button. Learn more: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/interactive-phishing-using-chatbot-like-web-applications-to-harvest-information/

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

(Ensure your Chrome and Android devices stay up to date w/patches!):

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, and details campaigns targeting Android users with five distinct 0-day vulnerabilities:

CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003 in Chrome

CVE-2021-1048 in Android

We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below. Consistent with findings from CitizenLab, we assess likely government-backed actors purchasing these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.

The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem. Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.

Seven of the nine 0-days TAG discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to … Learn more: https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Vulnerabilities found in Bluetooth Low Energy puts millions of cars & mobile devices at risk

NCC Group uncovers Bluetooth Low Energy (BLE) vulnerability that puts millions of cars, mobile devices and locking systems at risk

NCC Group has conducted the world’s first link layer relay attack on Bluetooth Low Energy (BLE), the standard protocol used for sharing data between devices that has been adopted by companies for proximity authentication to unlock millions of vehicles, residential smart locks, commercial building access control systems, smartphones, smart watches, laptops and more.

Their research shows that systems that people rely on to guard their cars, homes and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware — in effect, a car can be hacked from the other side of the world.

Through the research, they demonstrate, as proof of concept, that a link layer relay attack conclusively defeats existing applications of BLE-based proximity authentication and prove that very popular products are currently using insecure BLE proximity authentication in critical applications. By forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.

“What makes this powerful is not only that we can convince a Bluetooth device that we are near it—even from hundreds of miles away—but that we can do it even when the vendor has taken defensive mitigations like encryption and latency bounding to theoretically protect these communications from attackers at a distance,” said NCC Group Principal Security Consultant and Researcher, Sultan Qasim Khan, who conducted this research. “All it takes is 10 seconds—and these exploits can be repeated endlessly.

“This research circumvents typical countermeasures against remote adversarial vehicle unlocking, and changes the way engineers and consumers alike need to think about the security of Bluetooth Low Energy communications,” he added. “It’s not a good idea to trade security for convenience— we need better safeguards against such attacks.

Recommendations

This is not a traditional bug that can be fixed with a simple software patch, nor an error in the Bluetooth specification. In fact, this research illustrates the … Learn more: https://newsroom.nccgroup.com/news/ncc-group-uncovers-bluetooth-low-energy-ble-vulnerability-that-puts-millions-of-cars-mobile-devices-and-locking-systems-at-risk-447952

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Learn how to backup and recover files on your Mac using Time Machine

Learn how to create a backup of the files on your Mac.

Use Time Machine, the built-in backup feature of your Mac, to automatically back up your personal data, including apps, music, photos, email, and documents. Having a backup allows you to recover files that you later delete or can’t access.

𝗖𝗿𝗲𝗮𝘁𝗲 𝗮 𝗧𝗶𝗺𝗲 𝗠𝗮𝗰𝗵𝗶𝗻𝗲 𝗯𝗮𝗰𝗸𝘂𝗽:

1. Connect an external storage device, such as a USB or Thunderbolt drive. Learn more about backup disks that you can use with Time Machine.

2. Open Time Machine preferences from the Time Machine menu in the menu bar. Or choose Apple menu > System Preferences, then click Time Machine.

3. Click Select Backup Disk

4. Select the name of your disk, then click Use Disk. Time Machine immediately begins making periodic backups—automatically and without further action by you.

If you want to start a backup manually, without waiting for the next automatic backup, choose … Learn more: https://support.apple.com/en-us/HT201250

Contact us today: https://wehealcomputers.com; Keeping computers secure, running optimally and ensuring you have help when needed. Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

%d bloggers like this: