Normally, the bigger the fanfare around security issues, the smaller the threat, but in this case the opposite may be true. In fact, when I first heard of this issue, I really didn’t think too much of it.
There has been a lot of noise about a recent ‘major’ security bug called Badlock. It feels an awful lot like HeartBleed with its own logo and a cool looking website.
The national vulnerability database is tracking this issue here. They give this issue a ‘Medium’ score which should be taken seriously but falls short of a maximum score of 10.
Spoiler alert: this vulnerability is already fixed in a patch from Microsoft – MS16-047.
Several customers have reported receiving fraudulent emails of a specific type recently. Please read the following so you can be on the lookout for these types of emails.
Here’s The Deal
The email will appear to come from your CEO/President/someone high up in your company. It will appear to have come from their actual email address and will be a very plain email, no attachments, nothing special, stating that they need to get a wire transfer out to a client or vendor. These emails are usually being sent to someone in the company who is in charge of money; apparently they are doing their research beforehand.
Big news, folks. This week, two deeply researched reports by Verizon and Symantec Corp are being released and what they have found about cyber security breaches is as follows;
“The vast majority of hacking attacks are successful because employees click on links in tainted emails, companies fail to apply patches to known software flaws, or technicians do not configure systems properly.”
We wanted to give you an update on a recent email scam we have been receiving reports of so you can be on the lookout.
While this is an old technique we are seeing a big resurgence of this in the last week or so. Doing some poking around we found that Cisco Security has detected a major uptick in these types of fraudulent emails since February 13, 2015 (just in time for stressed husbands expecting last minute flower deliveries perhaps?)
Seems like news of major cyber-attacks comes so regularly now that it mostly falls on deaf ears.
Just last week there was a major outbreak during which criminals hijacked ads on AOL’s advertising network and served up malware to visitors of such sites as Huffington Post, WeatherBug and GameZone among others. The attack was spotted and “fixed” within two days (an eternity when exposing millions to malware).
Of all the people to finally bring cloud security to the fore front, I never would have guessed it would be Jennifer Lawrence, but since she unintentionally “exposed” this issue, I’ll take a swing at separating fact from fiction.
Since the very beginning there has been a slight uneasiness with turning over important data to some esoteric technology. When pressed, cloud providers hem and haw about security and a layers approach but never really give you a straight answer as to who is ultimately responsible for the security of your data.
Even Apple, from whom the risqué images leaked stood firm that “None of the cases we have investigated has resulted from any breach of Apple’s systems including iCloud or Find my iPhone.” Basically; “It’s not our fault.”
We wanted to give everyone a heads up about this crazy thing that’s going around. Several of our customers have been called by “fake” Microsoft employees recently.
Apparently, this scam has been around for a while but it looks like it’s making a comeback.
Here’s how it works; these “cyber criminals” are calling on businesses and pretending to be from Microsoft Support or Windows Support.