Hackers Exploit Holiday Shopper Shipping Using Refund Button as Click Bait for Credential Harvesting

Posted in Commentary with tags on November 17, 2022 by itnerd

Avanan, A Check Point Company, has released a new report on how and why hackers send phishing campaigns centered around holiday shopping. 

The research analyzes hackers sending fake email order confirmation notices in the hopes of getting the user to attempt to get a refund. 

In fact, they will instead be led to credential harvesting pages. End-users are targeted in this phishing campaign by hackers using social engineering and impersonation techniques. 

You can read the full report here.

Leave a comment »

Hackers Spoof Instagram for User Credentials; 22,000 Mailboxes Targeted in Phishing Campaign

Posted in Commentary with tags on November 17, 2022 by itnerd

Armorblox has dived into the details of a credential phishing attack that spoofed Instagram, the global social media platform across end users and businesses for connecting and sharing updates via images, videos, and short clips, to steal credentials.

Impact: Targeting approximately 22,000 mailboxes of employees at a national institution establishment within the Education Industry.

How it works: Hackers instill trust in victims by impersonating Instagram’s support team to notify recipients of unusual account login activity. Recipients are prompted to click on the provided link to secure their account. Clicking on the link navigated to a fake login page, resembling Instagram – and socially engineered with details around a login from an unrecognized device and information specific to the recipient, such as his or her Instagram user handle – in hopes of exfiltrating sensitive user credentials. 

Email security bypassed: Microsoft Exchange Email Security and Secure Email Gateway. Which is bad news if you depend on either to protect you from this sort of attack.

You can view the full report here.

Leave a comment »

The Fisker Ocean Starts Production On Schedule

Posted in Commentary with tags on November 17, 2022 by itnerd

Fisker Inc. today commences production of the Fisker Ocean all-electric SUV on schedule in Graz Austria. After just over two years of intensive development, the vehicle has arrived with world-class quality and future-forward user experiences. Fisker’s rollout strategy also includes continuous over-the-air (OTA) upgrading of feature packages. 

The start of production is reinforced by growing momentum globally – with two trims sold out in the United States market for 2023. In addition to the green manufacturing, the Fisker Ocean’s more than 50 kilos of recycled, biodegradable and overall eco-conscious materials reflect its commitment to sustainability. Fisker’s production ramp in Austria will see over 300 units manufactured in Q1 of 2023, with a rapid increase to over 8,000 units in Q2. More than 15,000 units will follow in Q3, and in Q4 the company will finish the year with enough units to total 42,400.

The top trim Fisker Ocean Extreme travels 350 mile on a single charge, with dual-motor, all-wheel-drive, three driving modes, a 17.1″ rotating screen featuring gaming in HMI, SolarSky roof, California Mode, and many first-to-market safety features, including the world’s first digital radar, all for $68,999. 

The limited edition Fisker Ocean ONE builds on the Extreme trim, offering specific signature cues available only on the first 5,000 vehicles. In July 2022, the Fisker Ocean ONE sold out in 30 days, each secured by a $5,000 deposit representing $350 million in potential revenue for Fisker once all the vehicles are delivered. 

Leave a comment »

Elon Musk Fires Employees At SpaceX For Denouncing His Behaviour

Posted in Commentary with tags on November 16, 2022 by itnerd

Elon Musk’s behaviour seriously needs to be questioned at this point. And it looks like it’s happening at companies outside of Twitter. I say that because of this:

It took less than a day and a half for more than 400 SpaceX employees to sign onto an open letter criticizing CEO Elon Musk after it was posted and shared by some of their co-workers in an internal chat. Just 32 hours after it was shared, the internal landing page for the document was taken offline, around the same time that a group of employees was fired for their involvement in crafting and sharing the letter, a move that may have been a violation of labor law.

The open letter first went live on an internal landing page at noon Eastern, and then it was shared by a handful of employees to roughly 10 chat rooms in Microsoft Teams as well as one email list. The contents were bold: the employees asserted that Musk’s behavior in recent weeks had become a source of embarrassment and a distraction for the company. The letter writers offered suggestions for ways that SpaceX could distance itself from Musk’s Twitter presence as well as do better to hold executives and those who commit sexual harassment accountable.

Wow. That’s bold. It looks like there’s now an open revolt against Elon. Which is likely to send him over the edge as he’s likely not used to this level of pushback from his employees. Or anyone else for that matter. It shows that people are fed up with Musk and are willing to do something about it. Even if it costs them their jobs. Thus if I were him, I’d prepare for a lot more of this sort of thing. And I’d prepare for the inevitable lawsuits for wrongful termination to follow.

Leave a comment »

Elon Musk’s New Problem Of The Day… The EU Thinks Twitter Blue Is “Completely Flawed” And They Are Coming For Him

Posted in Commentary with tags on November 16, 2022 by itnerd

Well Elon. I predicted that the EU would knock on your door at some point with some bad news for you. Specifically, I said this:

Oh yeah, I’m calling it now that the EU is going be knocking on Musk’s door in the next few days asking for similar answers. And that’s going to be even less fun for Musk when that happens.

Knock knock Elon:

Elon Musk’s idea for a subscription model to pay for Twitter’s sought-after blue check is “completely flawed,” Europe’s competition chief told CNBC Wednesday.

“If you have imposter accounts, of course, I think your business model is fundamentally flawed,” Margrethe Vestager, executive vice president of the European Commission, told CNBC at an event in Brussels, Belgium.

“If you are to pay to be vetted and to be certified as being who you are and everyone can be you … I think that business model simply is completely flawed,” she added.

And:

“We need to see how this develops before any decisions are taken,” Vestager said at the European Business Summit.

That says to me that the EU is about to make his life even more miserable than it is now. I say that because of this:

Several European officials have warned Musk about the need to comply with European rules. The EU has reinforced its laws in recent years to tackle disinformation and protect users’ privacy.

As a result, one of its biggest achievements has been the Digital Services Act, or DSA, which entered into force as of Wednesday and instructs Big Tech on how to keep users safe online.

Vestager said the revised rulebook makes her more comfortable in monitoring developments across Big Tech, including Musk’s changes at Twitter, but she denied that her team is on a collision course with the firm’s chief executive.

“We are never on a collision course with anyone because we consider ourselves a mountain,” Vestager said.

Elon, consider yourself warned. When the EU comes after you, your chances of winning are zero. Thus you might want to smarten up and alter your behaviour. Though I don’t think you’re smart enough to actually do that based on your recent performances.

1 Comment »

CybelAngel launches Xtended External Attack Surface Management

Posted in Commentary with tags on November 16, 2022 by itnerd

 CybelAngel, a global leader in cybersecurity technology focused on protecting the external attack surface, has announced the release of Xtended External Attack Surface Management (EASMX) – the most comprehensive solution available for protecting organizations from cyber-attack via an external threat vector.  

CybelAngel EASMX provides an extensive and continuous ‘outside-in’ search of an organization’s internet-facing attack surface to discover exposed and unknown assets, produces a living map of online infrastructure, and uncovers hidden vulnerabilities and threats. CybelAngel analysts then contextualize the most critical findings based upon business severity and perceived risk. This unique combination of machine and human intelligence leads to the highest signal-to-noise ratio on the market, leaving IT and security teams free to focus on core business operations. 

EASMX reduces the risk of external attack by discovering exposed assets and threats before attackers do, wherever they reside, from the cloud to supply chain and third-party exposures to dark web mentions. 

EASMenables organizations to: 

  • Improve external security posture. 
  • Gain visibility and control of unknown assets and shadow IT.
  • Detect exposures, vulnerable services, and compromised credentials.
  • Uncover dark web mentions, lookalike domains, and data leaks.
  • Remediate rapidly with contextualized reporting, scoring and prioritization.

CybelAngel is a global leader in cybersecurity technology focused on External Attack Surface Protection and Management. As an early pioneer in ‘outside-in’ search technology, approaching cybersecurity just as an attacker would carry out infiltration, CybelAngel has developed the industry’s most extensive defense for external attack vectors, where the majority of cyber-attacks are initiated. Combining expanded discovery and analysis, CybelAngel finds unknown assets and exposures to pre-emptively diffuse attack vectors that cyber criminals use to breach systems and wreak havoc.  

CybelAngel proudly protects some of the largest global enterprises representing various sectors including the Pharmaceutical, Manufacturing, Retail, and Financial Services. CybelAngel’s Xtended External Attack Surface Management (EASMX) is the only solution comprehensive enough to protect an enterprise’s entire external attack surface, whether first- or third-party.

For more information, please visit CybelAngel.com.

Leave a comment »

Guest Post: TikTok removed nearly 50 million videos due to minor safety in Q2 2022

Posted in Commentary with tags on November 16, 2022 by itnerd

Video sharing platform TikTok has over 1 billion users and is among the most popular social media.

According to the data presented by the Atlas VPN team, TikTok removed nearly 50 million videos due to minor safety in the second quarter of 2022. Notably, most of these videos were taken down due to nudity and sexual content involving minors.

In total, TikTok removed over 113 million videos in Q2 2022. The platform’s automated defenses deleted 48 million videos, while the moderation team removed over 65 million. In addition, TikTok changed the initial decision and restored about 6 million videos.

Of those videos, nearly 44% were removed due to minor safety. TikTok deleted about 24 million videos, about 21% of all, due to illegal activities and regulated goods. Out of all removed videos, adult nudity and sexual activities made up nearly 11% or about 17 million videos.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on TikTok safety for minors:

“While TikTok might have solid policies to protect minors, it does not always reflect in practice. Social media platforms develop new products or functionalities and release them without seriously addressing online safety, particularly for minors. As of now, TikTok seems behind other companies when it comes to creating a safe environment for their underage audience.”

Minor safety

While most content on TikTok is fun or educational, people can still find some disturbing videos.

Out of the total videos removed due to minor safety, nearly 76% involved nudity and sexual activity involving minors. Harmful activities by minors made up nearly 16% of all removed videos due to underage people’s safety policy. Content containing physical and psychological harm to minors made up about 4% of violations.

Out of all deleted videos due to minor safety, 2.4% were engaging in the sexual exploitation of underage people. At the same time, grooming behavior was the reason behind nearly 2% of video removals.

To read the full article, head over to:

https://atlasvpn.com/blog/tiktok-removed-nearly-50-million-videos-due-to-minor-safety-in-q2-2022

Leave a comment »

Google Canada reveals the top Black Friday and Cyber Monday trends & Canadian shopping behaviours this holiday season

Posted in Commentary with tags on November 16, 2022 by itnerd

As Canadians look forward to the 2022 holiday season, retailers can expect to see a more price-conscious shopper that’s focused on cost and convenience. 

With Black Friday and Cyber Monday around the corner, Google Canada is revealing new insights about how Canadians are changing their holiday shopping behaviours along with some of the top trending items Canadians are looking for this Black Friday and Cyber Monday.

You can also check out Google’s blog post for more information.

Here’s how Canadians plan to shop for Black Friday/Cyber Monday this year: 

  • Digital is here to stay and is now the gateway to all commerce
  • While we expect to see a return in-store shopping this holiday season, shoppers will use digital to inform, inspire and enable their purchases. 
  • 86% of shoppers discover brands/products while browsing online(1)
  • 89% of holiday shoppers searched online first before a store visit(2)

Holiday shoppers are price-conscious about their spending this season

  • 72% of surveyed Canadian holiday shoppers say they are concerned about the rising cost of items they need or want to buy(2)
  • 60% of holiday shoppers say they plan to buy less because of the impact of inflation on their finances(2)
  • Search interest for price sensitive terms have increased this year, with ‘discount code’ increasing 2x and ‘price match’ up 7x(3)
  • 85% of Canadian holiday shoppers say they will shop at a store with discounts(2)
  • 73% said they will shop with stores that offer free shipping(2)
  • 41% of holiday shoppers said they are comparing prices and price matching(2)

Holiday shoppers are being strategic, making fewer impulsive purchases

  • More than half (54%) of holiday shoppers said they will confirm an item is in stock before going into stores(2)
  • 1 in 4 holiday shoppers say they are shopping for things now that they don’t need until later because they’re worried items will go out of stock(2)
  • Nearly half of Canadian holiday shoppers say they’re taking inventory of what they have to determine what they need(2)
  • 32% say they keep an eye out for new brands even if they’re not planning to buy right then(2)

Holiday shoppers are getting ahead of the season 

  • Nearly 1 in 4 surveyed Canadian holiday shoppers had said they had already begun their holiday shopping by mid-September and 1 in 3 said they planned to start earlier this year than they had in 2021(2)
  • Searches interest for “black friday” and “outdoor christmas lights” are already growing strongly compared to last year, with searches for ‘black Friday’ up 300%, and ‘christmas lights’ up 80%(3)

Here’s what Canadians are searching for leading into Black Friday/Cyber Monday:

Source

  1. Google/Ipsos, “Holiday Study,” Shopping Period Oct 30 2021 –Dec 23 2021, Online survey, CA, 18+ who shopped in the past two days.1 n= 2669; Think with Google: How consumers discover brands online
  2. Google commissioned Ipsos Consumer Continuous, US, CA, UK, FR, DE, IT, AU, JP, IN, CN, BR, MX, ES, ZA, KR, AR, CO, BE, CL, PE, SE, NL, DK, FI, NO ~n=235-489 online consumers 18+ per market that plan to shop for the holidays. Sep 8-11, 2022
  3. Google trends data, Canada English

1 Comment »

INKY Reveals A New Clever Image Based Phishing Scam

Posted in Commentary with tags on November 16, 2022 by itnerd

INKY has published a new Fresh Phish, in which INKY’s cybersecurity research analysts describe that they’ve detected what might be a new email phishing trend.

This report outlines how hackers have been caught using a clever ‘image-based phishing scam’ that has been able to circumvent most email security systems.

You can read the full report here.

Leave a comment »

If You Question Elon Musk’s Leadership At Twitter, You’re Fired

Posted in Commentary with tags on November 16, 2022 by itnerd

Well, it looks like Elon Musk is so thin skinned that anyone who says anything about his leadership is going to get fired based on this:

Elon Musk is a class A jackass. And I think it’s safe to say that burn it to the ground is Musk’s play at the moment. Because firing people to gain loyalty almost never works. And this will simply result in even more people heading to the exits. As a result it will leave Musk with nothing. But he clearly thinks he’s the smartest person in the room. And he’s getting his opportunity to prove it. Though at the rate he’s going, all he’s proving is that he’s ill equipped to run Twitter and he’s far from being the smartest person in the room.

And he can’t fire me for saying that.

1 Comment »

« Older Entries
Newer Entries »