Archive for January 9, 2023

New Research: Hackers Leverage Facebook Copyright Infringement Notices to Steal Credentials

Posted in Commentary with tags on January 9, 2023 by itnerd

As the world rings in the New Year and embraces evolving cyber attacks, threat actors remain committed to prey on the vulnerable. n that front, researchers at Avanan, a Check Point Software Company, have posted their latest analysis on an attack where hackers leverage Facebook copyright infringement notifications to obtain personal credentials.

In this attack, users are presented with an email that their Facebook account has been suspended due to violation of Facebook’s copyright infringement policy. In order to prevent account suspension, an appeal must be made within 24 hours by clicking on the provided link that directs users onto a credential-harvesting page. 

You can read about this attack here so that you can keep an eye out for this attack should it hit your inbox.

Elon Musk Said That Going After Child Sex Abuse Material On Twitter Was “Priority #1″…. NBC News Says Otherwise

Posted in Commentary with tags on January 9, 2023 by itnerd

Last year, Elon Musk said this:

However, NBC News has looked at this and has come to the conclusion that Elon isn’t keeping his word:

The tweets reviewed by NBC News offer to sell or trade content that is commonly known as child pornography or child sexual abuse material (CSAM). The tweets do not show CSAM, and NBC News did not view any CSAM in the course of reporting this article.

Some tweets and accounts have been up for months and predate Musk’s takeover. They remained live on the platform as of Friday morning. 

Many more tweets reviewed by NBC News over a period of weeks were published during Musk’s tenure. Some users tweeting CSAM offers appeared to delete the tweets shortly after posting them, seemingly to avoid detection, and later posted similar offers from the same accounts. Some accounts offering CSAM said that their older accounts had been shut down by Twitter, but that they were able to create new ones.

According to Twitter’s rules published in October 2020, “Twitter has zero tolerance towards any material that features or promotes child sexual exploitation, one of the most serious violations of the Twitter Rules. This may include media, text, illustrated, or computer-generated images.”

Well, that’s not a good look for Elon and Twitter. But here is what Twitter had to say:

In an email to NBC News after this article was published, Ella Irwin, Twitter’s vice president of product overseeing trust and safety, said “We definitely know we still have work to do in the space, and certainly believe we have been improving rapidly and detecting far more than Twitter has detected in a long time but we are deploying a number of things to continue to improve.” Irwin asked that NBC News provide the findings of its investigation to the company so that it could “follow up and get the content down.”

But the real question is this. If this is “priority #1” for Twitter, you’d expect that the general public would see more from Twitter other than talk. But it appears that this isn’t the case. And this doesn’t help the situation:

It’s unclear just how many people remain at Twitter to address CSAM after Musk enacted several rounds of layoffs and issued an ultimatum that led to a wave of resignations. Musk has engaged some outside help, and the company said in December that its suspension of accounts for child sexual exploitation had risen sharply. A representative for the U.S. child exploitation watchdog the National Center for Missing and Exploited Children said that the number of reports of CSAM detected and flagged by the company remains unchanged since Musk’s takeover. 

Twitter also disbanded the company’s Trust and Safety council, which included nonprofits focused on addressing CSAM. 

And there’s news this morning that Elon has sent a number of people from their Global Content Moderation Team packing. So given all of that, how precisely is Elon and Twitter going to address this issue? Given the fact that Elon is not focused on anything on the moment, and he clearly doesn’t care about putting in the resources to address this issue, I cannot see this situation changing. I also expect Elon and Twitter to get slapped by some government agency or enforcement organization at some point over this because this is the sort of thing that they don’t tolerate. Which will not end well for Elon or for Twitter.

Nuspire reveals a compelling list of cybersecurity predictions for 2023 

Posted in Commentary with tags on January 9, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), today announced the rollout of its 2023 cybersecurity predictions. Compiled from Nuspire’s senior leadership team, these forecasts go beyond standard prediction fare, and while some may be considered controversial, they’re designed to promote forward-thinking discussions throughout the industry.  

Top predictions include: 

  • Digital transformation is done. These days, companies can’t function without using digital technology in some way. The security industry has employed digital transformation to drive change, from application and mobile security to cloud security and security products. Digital transformation is old news, and if you haven’t adapted by now, it’s too late. 
  • Security leadership roles will increasingly be filled by unqualified individuals, creating a level of chaos never before seen in the security field. With (ISC)reporting a global cybersecurity talent shortage of 3.4 million workers, companies are scrambling to fill those roles, including openings for CISOs and other security leaders. The struggle to find professionals who not only understand the cybersecurity space, but also have a broader view and appreciation of the business, will cause a ripple effect of damage that will be felt for years to come.  
  • National leaders will finally take steps related to a U.S. answer to GDPR. The increased national-level conversation surrounding personal data protection (ostensibly from the perspective of consumer transactions), coupled with the potential for a very public national or international corporate data breach or politically motivated attack will spur dramatic changes to policies, processes and controls for all IT/IS leaders in the U.S. The gravity of this will have an outsized effect on SMBs with constrained operating budgets. 

Nuspire is unveiling its predictions over the next several weeks via a video series featuring the company’s cybersecurity veterans (and resident soothsayers). Additionally, Nuspire will present its full complement of predictions Jan. 17, 2023 during a live webinar with our in-house panel of experts.  

There’s An Amazon Prime Phishing #Scam Email Making The Rounds…. This Is How It Works

Posted in Commentary with tags on January 9, 2023 by itnerd

I’ve come across an Amazon Prime Scam Email that you need to know about. First let’s have a look at the email itself (click to enlarge):

So it’s your typical phishing email where it claims that your Amazon Prime account has been hacked and shut down as a result. And you must update your information in 24 hours to restore service to avoid the account being locked forever. Which is the threat actor’s call to action. It has the usual bad grammar and obvious spelling issues that are typical with these emails. Plus, of note, the phone numbers for US and Canadian customers that is referenced in the email is missing a digit. As for the number, I dialled it from one of my burned phones and it wasn’t connected to anything.

What I want to draw your attention to are the links in the email. They look legit. But they are not. They are actually disguised to hide the fact that they go to Google Apps Script as evidenced here:

This script could run anything such as installing malware, ransomware, backdoors onto your computer. And three of the four links contain this URL that goes to Google Apps Script. This illustrates why you should never, ever click on any links in an email like this. Because chances are that once you click on this link, it is possible that you’re going to get pwned in some way. So I took this URL and took it to a computer that is isolated on my network and had it do its thing:

It takes you to this rather real looking Amazon page. Of interest, the reCAPTCHA at the bottom clicks itself without user input. They typically don’t do that which is another sign that the page fake. Another hint that that this is fake is that if you look at the top left, you will see the words “This application was created by another user, not by Google”. So clearly this isn’t an Amazon page. I didn’t note that it downloaded anything to my computer while I was looking at it. Which implies that this was done to get your confidence to go further down the rabbit hole. When you click on “Continue to Amazon.com” you get this:

Again, this is a real looking Amazon web page. But if you look at the URL at the top, it’s clearly not coming from Amazon.com. Thus it is fake and you should run in the other direction. But I’m going to see how far down the rabbit hole this goes by typing in a fake email address. I had to try a few as the site was built to filter out bogus email addresses like “fuckoff@stupidscammer.com” which was the first one that I tried. That took me here:

I tried typing in a fake password just to see what happened next. But there was no “next” as the site simply didn’t do anything regardless of how many times I clicked Sign-In. Presumably because at this point the site has captured my Amazon “password” and my Amazon account has been pwned. If that’s you, then you should be changing your Amazon password right now. But hopefully that’s not you and you didn’t fall for this phishing scam. And if you got an email like and this came up in your Google search, hopefully this has saved you from getting pwned.