Insights

Cyber Cash Scams

Cybercriminals like cash as much as any legitimate business. It is immediate and can’t be stopped like a check or a chargeback filed like with a credit card. This Insight looks at some of the current cash scams. 

 

 

Cash scams abound    


SAP patches zero day rated 10.0 in NetWeaver

A new zero day vulnerability has been found in NetWeaver. It was assigned a CVSS score of 10 out of 10 meaning very dangerous.  Be sure to install the patch as soon as possible. 

 

NetWeaver zero-day, patch now!


Microsoft Office 365 MFA targeted by ‘SessionShark’ phishing kit

MFA, Multi-Factor Authentication, is supposed to provide additional security beyond a username and password. But cybercriminals claim to have found a way around the M365 MFA and avoid detection. It is being sold as a tool to attackers.  

 

Microsoft MFA bypass


Xfinity Scam Might Explain Similar Scams

Callers pretending to be from your mobile phone service provider offer special savings plans. They have enough information about your account to gain credibility. All you have to do is pay the money in advance which will be refunded as the special offer gets validated. Of course it was a scam. 

 

Scam callers have much private information


OpenAI hits rewind on a ChatGPT feature after users notice strange behavior

AI companies are racing to enhance their systems to gain more users and customers. But the rush to release features doesn’t always help. ChatGPT company OpenAI had to remove a feature after numerous reports of unexpected and unwanted behavior. 

 

ChatGPT update undo


SMEs – A Growing Cyber Target

Small – Medium Enterprises often think they are too small to be of interest to cyber attackers. But this is far from the case. They have long been targets and interest in them is growing. This Insight looks at why and what to do to be safer. 

 

SMEs are big targets for cybercriminals

 


Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credential

Cyber attackers have found they can send phishing emails from real Google sites. The fact that the emails do originate from a Google site makes people trust them and more apt to click that link or follow the instructions.  

 

Message is from Google site but still a scam


State-sponsored hackers embrace ClickFix social engineering tactic

ClickFix is a hacking technique that displays a message saying a download or other install didn’t work. It requests that you run a script fix the problem. But all that does is install malware. It is an effective technique that is being used by state sponsored North Korean cyber groups.    

 

Problem message may be a scam


4 in 10 Americans Have Lost Money to Fraud, AARP Survey Finds

Fraud is more pervasive and widespread than many like to admit. New research shows that 40% of Americans have suffered financial losses due to fraud. The number may be higher as many people hesitate to report it for fear of being embarrassed. 

 

Financial fraud is pervasive


Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

Darcula is a phishing-as-a-service provider. This means they provide all the materials and technology needed to go into the phishing business. Now they have enhanced their toolkit with AI to make the phishing emails even more believable and harder to identify. 

 

AI enhanced phishing service