Office 365 will help admins find impersonation attack targets

In addition to the nation state warning we mentioned on yesterday’s podcast, Microsoft is also going to make it easier for Defender for Office 365 customers to identify impersonation-based phishing attacks including intentionally misspelled email addresses and domain names. Security admins will be able to use new filters dubbed Impersonated user and Impersonated domain together with the Threat Explorer and real-time detections to detect organization users and domains targeted in impersonation attacks. The new information will be available for security team admins via the Impersonation insight pages as well as on a newly added Email Entity page and will be more widely available to end users by the end of February.

(Bleeping Computer)

U.S. agencies publish ransomware factsheet

The National Cyber Investigative Joint Task Force (NCIJTF) on Friday released a joint-sealed ransomware factsheet detailing common attack techniques and means to ensure prevention and mitigation. Developed by ransomware experts from more than 15 government agencies, it is intended to help increase awareness of ransomware. Its suggestions include the standards: using multi-factor authentication, ensuring that systems are always updated and patched, keeping backups. A paragraph from the FBI says that ransomware victims should not pay the ransom, but rather should report attacks, to help track ransomware operators.

(SecurityWeek)

Europol busts international cybercriminal group

The group was responsible for defrauding U.S. banks to the tune of $14.4 Million. The project, dubbed “Operation SECRETO,” was led by the Spanish National Police and the U.S. Secret Service, and it busted the group, formed of Greek nationals, who were involved in fraud and money laundering operations. The group established shell companies in the U.S. and made fraudulent transactions to and from these companies using debit and credit cards. Over 50 financial institutions in the U.S. were victimized by these operations.

(CISOMag)

Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing

The study, published in the peer-reviewed Journal of Medical Internet Research found that wearable hardware like the Apple Watch can effectively predict a positive COVID-19 diagnosis up to a week before current PCR-based nasal swab tests. The researchers focused on heart rate variability (HRV), which is a key indicator of strain on a person’s nervous system and combined this with patients’ self-reported symptoms. The study is ongoing and will expand to examine what else wearables like the Apple Watch can tell about other impacts of COVID-19 including the relationships between sleep and physical activity and the disease.

(TechCrunch)

Thanks to our episode sponsor Altitude Networks

Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You’re a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Check it out at AltitudeNetworks.com and be sure your sensitive data stays when your employee leaves!

Adobe fixes critical vulnerabilities in Reader and other products

Adobe has released 50 security updates – several recognized as critical – including one to address an actively exploited vulnerability in Adobe Reader. The Adobe Reader bug is a buffer overflow bug that would allow a malicious website to perform remote code execution on the vulnerable computer. Other critical bugs were in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. Adobe advises customers to update to the latest versions as soon as possible by going to Help > Check for Updates.

(Bleeping Computer)

Safer Internet Day 2021 broadens its scope

Yesterday, February 9, was Safer Internet Day, a day meant to focus on creating a safer cyberspace. Safer Internet Day came into existence in 2012 as a joint project of the U.S. DHS and the European Commission and was originally aimed at young people. This year, the focus expanded to include work-from-home, security awareness training from CISOs, and social engineering.

(CISOMag)

Author of uPanel phishing kit arrested in Ukraine

Ukrainian police have arrested a 39-year-old man on accusations of developing and advertising one of the most advanced and widely used phishing toolkits of the underground hacking scene. The unnamed suspect was the author of a phishing tool named uPanel, sometimes also referred to as U-Admin. Officials believe it was used in phishing operations that caused tens of millions of US dollars in losses to financial institutions in Australia, Spain, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, the US, and the UK. Australian law enforcement said that more than 50% of all phishing attacks that targeted Australian users in 2019 were carried out using uPanel.

(ZDNet)

Florida water hack raises concerns about TeamViewer

The now infamous story of the hacker who tried to poison the water supply of a town in Florida is now drawing attention to the enormously popular remote access app TeamViewer, which has 200 million users worldwide. Security experts say that despite its convenience it is also a potential nightmare. It has become ubiquitous in industrial control systems environments, but the fact that it lets users “hop over” secure VPNs, multi-factor authentication and secure internal log-ins, supports a culture in which, “someone either chose to do this for convenience with knowledge of the risks or they were ignorant of the risk and thought it wouldn’t be found.”

(Vice.com)