Insights

A New Approach to Cyberattacks

AI systems are helping companies and individuals in many ways. However, they have their problems. Cyberattackers are using AI systems to create more successful attacks. Now they have found ways to corrupt the AI systems themselves to provide inaccurate or skewed results. 

 

Another AI attack method


Smishers Stand Up Fake Phone Tower to Blast Malicious Texts

Smishing is similar to phishing but uses text messages to lure victims rather than voice calls. Cell phone carriers have implemented precautions similar to what are used to means of blocking users from sending huge amounts of texts in smishing campaigns. To avoid these safeguards attackers put up their own cell tower to send the smishing messages.  

 

Attackers set up own cell tower


New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Phishing is the primary means for attackers to compromise systems and steal confidential information. This campaign by attackers lures people in with new job opportunities and then installs a backdoor providing ongoing access to systems. 

 

Job seekers targeted


Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

This bug is rated 9.8 out of 10 on the CVSS scale meaning it is very serious. Exploiting this bug is simple and can result in complete takeover of a server. However, while this is the only vulnerability that Microsoft rates as critical, there are others that require prompt attention. Install all the fixes as soon as possible. 

 

Many serious vulnerabilities


Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation

Pixel is a popular product line from Google. Here, warnings were issued about serious vulnerabilities in the product software some of which are already under attack. Install the updates as soon as possible. 

 

Pixel under attack


AI Search May Be Artificial Stupidity

AI is being applied to more and more tasks. However, experience is showing that it may not be well suited to everything. This Insight looks at the persistent problems in AI and the challenges with Google’s new AI service called AI Overviews.

 

AI - Artificial Stupidity???


Don't Engage: FBI Warns of Work-From-Home Scam Texts

New scams arrive by phone or text offering well-paying work-from-home jobs. But you have to pay to get them or pay to get more assignments. That is a big red flag! Be very careful no matter how enticing they may sound. 

 

Another work-from-home scam

 

 


RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks

Another ransomware attacker is using a number of commercial tools to find vulnerable targets and then use other tools to exploit a known vulnerability. 

 

Ransomware gets more devious


Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments

A new ransomware strain is going after accounts in the VMWare ESXi environment that have administrative privileges. It will only execute in those accounts. This shows attackers are getting more focused on targets and successful at hitting them. 

 

Ransomware gets more targeted


Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover

Cox business services revealed they had fixed an issue that allowed attackers to take over customer modems and then execute commands with the same authority as a Cox technical team. 

 

Cox Modem takeover


Why Cyber Risk Assessment Is Important

Cyber risk is often not taken as seriously as other business risks. This Insight examines why and provides steps to take to improve the situation and protect your business. 

 

Cyber risk is business risk


Attackers Target Check Point VPNs to Access Corporate Networks

Virtual Private Networks, VPN are used to protect against insecure networks like WiFi. Cyber attackers exploited a vulnerability in a Check Point VPN to gain access to enterprise networks. 

 

VPN compromised


Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals

North Korea used many tricks and even created a fake video gaming company to conceal and distribute malware. Be very careful. 

 

Fake gaming company for malware


Shady 'Merry-Go-Round' Ad Fraud Network Leaves Orgs Hemorrhaging Cash

A Merry-Go-Round in this case is not a fun carnival ride but a devious way to direct hundreds of millions of ads a day to infected sites. 

 

Bad ads to bad sites


YouTube Becomes Latest Battlefront for Phishing, Deepfakes

YouTube is a very popular video platform. But it is now being used by cyber attackers for phishing and deepfakes. Be very careful!  

 

YouTube used for cybercrime