Tag Archives: Phishing

Double Phishing Scam – Daily Security Byte EP. 279

A new double phishing scam is targeting ISPs and pirates. Watch Friday’s video to learn how attackers are tricking ISPs into making their phishing emails look even more legitimate. 

(Episode Runtime: 3:33

Direct YouTube Link: https://www.youtube.com/watch?v=QDY7pRvJ4Bc

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Two Phishing Breaches – Daily Security Byte EP. 208

This week, two different organization’s in two different industry verticals suffered security incidents that either lost them tons of money, or tons of time. What do they both have in common, and what can we learn from them? Watch today’s video to find out!

(Episode Runtime: 3:26)

Direct YouTube Link: https://www.youtube.com/watch?v=crBB4CU-cTs

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard 2016 Security Predictions: #1 Ransomware

At the end of each year, WatchGuard’s security team and I like to spend some time imagining what the threat landscape might look like the upcoming year. This not only gives us the opportunity to analyze the security trends we’ve followed over the past year, but also allows us to creatively extrapolate what might happen next. Though our predictions don’t always hit dead on, they’re based on very real security trends, which means they can help you prepare your defenses for 2016’s upcoming threats.

This year, I’ve come up with ten predictions covering a wide variety of security threats and trends that will impact many organizations. As 2015 comes to a close, let’s explore some of the new security threats we may see in the coming year. I’ll release one prediction a day for the next ten business days. Here’s the first of WatchGuard’s top ten new security predictions for 2016.

WatchGuard Security Prediction #1 – Ransomware Comes Looking for Your Droids

The first prediction focuses on ransomware, which has really taken off over the past three years. Ransomware has evolved from relatively feeble policeware variants like Reveton to extremely effective cryptoware samples like Cryptolocker and Cryptowall.

Prediction video link: https://www.youtube.com/embed/5SVYwyDWQ9U

Unfortunately, these new strains of file encrypting malware are so good at their evil jobs that many victims have paid the ransoms. FBI agents have even gone on record recommending victims pay up.  Our acquiescence to this cyber ransom will only ensure that victims continue paying up in 2016. Proving to cyber criminals that this practice works, so expect them to up the stakes and continue refining their cryptoware techniques next year.

We expect the evolution in two main categories:

  • Targeting of wider platforms – Right now, ransomware primarily targets Windows victims. We’ve seen Mac, Linux, and Android samples, but those haven’t had much success yet. Next year, we expect this will change, and that cyber criminals will make very effective ransomware for alternate platforms; especially for Android mobile devices and Mac laptops.
  • Refinement of the extortion techniques – Now that cybercriminals have figured out victims are willing to pay for lost files, we suspect they’ll start to develop nasty new methods to tighten the screws on victims. Next year, expect them to target specific business files or other critical information. For instance, in the past they’ve encrypted web server files to temporarily take down a web server. Yet, imagine if they targeted password managers, thus preventing you from logging on to anything, or worse yet, if they targeted the SCADA systems used to run critical infrastructure. We also think they’ll up their psychological pressure by threatening to release your embarrassing files to the public or by harming your reputation in some other way.

In short, Crypto ransomware will get even worse in 2016, and will become more effective at stealing millions from Android and Mac users as well.  Visit our WatchGuard security predictions site to see a new daily security prediction over the next ten days.

— Corey Nachreiner, CISSP (@SecAdept)

Black Friday Security Tips – Daily Security Byte EP. 181

To deal hunters, Black Friday and Cyber Monday have become even more exciting than the Thanksgiving holiday that spawned them. Unfortunately, cyber criminals understand our weakness for deals, and use the time themselves to increase their phishing and web scam campaigns. Watch today’s video for some quick tips on how you might avoid any Black Friday related cyber attacks.

Show note: This is the last show this week since WatchGuard will be out on a long holiday weekend. Have a happy Thanksgiving!

(Episode Runtime: 3:00)

Direct YouTube Link: https://www.youtube.com/watch?v=vhEgt81-QIE

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

TalkTalk Hacked by Teenager? – Daily Security Byte EP. 166

Last week, TalkTalk’s suffered a data breach for the third time this year. It took awhile for the details to surface, but it looks like the attackers exploited a SQL injection flaw in TalkTalk’s website to steal 4M customers’ personally identifying information. Watch today’s information to learn the latest news about this breach, and what you should do if you’re a victim.

(Episode Runtime: 3:32)

Direct YouTube Link: https://www.youtube.com/watch?v=IQhwPq24khk

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Political Trojans, WordPress 0day, and Tool Fails- WSWiR Episode 150

Another week, another flood of security news. Do you find yourself falling behind of the latest InfoSec news? Than this weekly video should help you catch up.

This week’s video covers the latest on the White House breach, a new security tool that got hacked a day later, and an old trojan that has received some politically-motivated updates. Press play to learn about all that and more; and don’t forget the references to other stories below.

As an aside, I’m experimenting with the timing of this weekly blog post. While I will continue to post the weekly video on Friday, I will schedule this blog post the Monday after. If you’d rather see the video on Friday, be sure to subscribe to the YouTube channel.

(Episode Runtime: 10:12)

Direct YouTube Link: https://www.youtube.com/watch?v=EmIr30YlLDA

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Password Alert Fail – Daily Security Byte EP.73

Yesterday, I recommended a free Google Chrome extension that could help spot phishing attacks, but today a security researcher has already figured out how to bypass it. Press play to learn what he did, and whether or not this extension is still worthwhile.

 

(Episode Runtime: 1:24)

Direct YouTube Link: https://www.youtube.com/watch?v=TdzYtcmLpao

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Prevent Phishing with Password Alert – Daily Security Byte EP.72

In today’s extra short daily vlog I recommend a free security tool rather than cover the InfoSec news. If you use Chrome, watch the video to learn how Password Alert can inform you of phishing attempts.

 

(Episode Runtime: 1:02)

Direct YouTube Link: https://www.youtube.com/watch?v=gYuJN8H6Dog

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

APT Spy vs. Spy – Daily Security Byte EP.67

Kaspersky researchers have found two advanced threat actor groups trying to hack one another. Today’s video talks about this spy vs spy phish off, and shares what we can learn from it. Watch the video, but be sure to check out Kaspersky report for all the interesting technical details.

 

(Episode Runtime: 3:12)

Direct YouTube Link: https://www.youtube.com/watch?v=4qTo3gB89GU

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

%d bloggers like this: