Insights

Fake Information Is Getting Harder to Detect

Think you can spot fake information and not click on bad links? Most people believe they can. But experience shows most people can’t identify fake information. Cybercriminals are using AI to make things even harder to detect. Fake information is a powerful force in phishing.

 

Fake information is not easy to detect


A million SMS two-factor authentication codes were intercepted; here’s what to do

Two factor authentication is intended to make things safer than a password alone. However, the TFA codes sent by SMS, also called text messages, are not very safe. Over a million were captured. 

 

TFA by SMS not secure


Social media is now the top news source in the U.S.

Social Media has now topped television and other news sources as the most popular source of news. This obviously affects many companies that advertise on TV. But more worrisome is how easy it is to create fake SM accounts for people and bots and how successful they are at influencing public opinion, even by with completely false information.   

 

Social Media new top news source


Google pins weekend outage on "unexercised" feature

Some of Google’s cloud servers were knocked out last weekend affecting their own customers. Google attributed the downed services to new features which were not tested thoroughly before being released. 

 

Incomplete testing = Google outage


Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

GitHub is a repository used by countless developers for tools and common code. Attackers have launched a complex attack corrupting repositories and offering free pen testing tools to get developers to download the infected files. The corrupt files deliver malware giving attackers the ability to do data exfiltration, remote access, and long-term persistence on the compromised systems.

 

GitHub corruption delivers malware


Cyber Cash Scams

Cybercriminals like cash as much as any legitimate business. It is immediate and can’t be stopped like a check or a chargeback filed like with a credit card. This Insight looks at some of the current cash scams. 

 

 

Cash scams abound    


SAP patches zero day rated 10.0 in NetWeaver

A new zero day vulnerability has been found in NetWeaver. It was assigned a CVSS score of 10 out of 10 meaning very dangerous.  Be sure to install the patch as soon as possible. 

 

NetWeaver zero-day, patch now!


Microsoft Office 365 MFA targeted by ‘SessionShark’ phishing kit

MFA, Multi-Factor Authentication, is supposed to provide additional security beyond a username and password. But cybercriminals claim to have found a way around the M365 MFA and avoid detection. It is being sold as a tool to attackers.  

 

Microsoft MFA bypass


Xfinity Scam Might Explain Similar Scams

Callers pretending to be from your mobile phone service provider offer special savings plans. They have enough information about your account to gain credibility. All you have to do is pay the money in advance which will be refunded as the special offer gets validated. Of course it was a scam. 

 

Scam callers have much private information


OpenAI hits rewind on a ChatGPT feature after users notice strange behavior

AI companies are racing to enhance their systems to gain more users and customers. But the rush to release features doesn’t always help. ChatGPT company OpenAI had to remove a feature after numerous reports of unexpected and unwanted behavior. 

 

ChatGPT update undo