• Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • About
  • Services
  • Contact

Created by ChatGPT

December 2024 - Healthcare Executive Leadership Cybersecurity Newsletter

December 9, 2024

These are the stories I shared internally with my leadership. Feel free to take and use for your own leadership. Created with help from ChatGPT.

New Professional Liability Insurance for CISOs 

In response to the increasing legal scrutiny faced by Chief Information Security Officers (CISOs), Crum & Forster has introduced a professional liability insurance policy tailored specifically for these executives. Traditionally, directors and officers (D&O) liability policies have not encompassed CISOs, leaving them vulnerable to personal financial risks in the event of cybersecurity incidents. 

Key Features of the Policy: 

  • Comprehensive Coverage: Protects against claims of negligence or inadequate work arising from cybersecurity services. 

  • Flexible Acquisition: Available for purchase by organizations on behalf of their CISOs or directly by the CISOs themselves. 

  • Extended Protection: Covers consulting activities for the organization and its subsidiaries, as well as external engagements, including pro bono IT security work. 

Further Reading: CyberScoop Article 

 

 

Bipartisan Effort to Enhance Healthcare Cybersecurity 

On November 22, 2024, Senators Bill Cassidy (R-LA), Mark Warner (D-VA), John Cornyn (R-TX), and Maggie Hassan (D-NH) introduced the Health Care Cybersecurity and Resiliency Act of 2024. This bipartisan legislation aims to bolster cybersecurity measures within the healthcare sector, addressing the increasing threats to patient data and healthcare operations.  

Help Center 

Key Provisions: 

  • Grant Funding: Allocates resources to healthcare entities for enhancing cyberattack prevention and response capabilities. 

  • Training Initiatives: Provides cybersecurity best practices training to healthcare institutions. 

  • Support for Rural Providers: Offers tailored guidance to rural health clinics on breach prevention and resilience strategies. 

  • Interagency Coordination: Improves collaboration between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) for effective cyberattack responses. 

  • Regulatory Modernization: Updates Health Insurance Portability and Accountability Act (HIPAA) regulations to incorporate current cybersecurity best practices. 

  • Incident Response Planning: Mandates the development and implementation of a cybersecurity incident response plan by the HHS Secretary. 

Implications for Healthcare Organizations: This legislation underscores the critical need for robust cybersecurity frameworks within healthcare institutions. Executive leaders should proactively assess their organization's cybersecurity posture, ensuring alignment with emerging standards and readiness to leverage potential federal support. Embracing these initiatives will not only protect sensitive patient information but also enhance operational resilience against cyber threats. 

Further Reading: Senate HELP Committee Press Release 

 

In News Tags Newsletter, Executive Leadership, Healthcare
Comment

Created by ChatGPT

Phishing Threat Intelligence May 2024

May 30, 2024

These are the articles and blogs I’ve read over the last month with a lean towards phishing and healthcare. I share this internally with the security team. Feel free to take and use for your own programs.

Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks 

Okta identified a substantial rise in credential stuffing attacks targeting online services in the past month. These attacks exploit widely available resources like stolen login credentials, residential proxies, and scripting tools to gain unauthorized access to user accounts. The attacks appear to originate from anonymizing services like Tor and leverage proxies to bypass security measures. 

Key Takeaways: 

  • Identity and access management (IAM) provider Okta has observed a significant increase in credential stuffing attacks over the past month. 

  • These attacks leverage readily available resources like residential proxy services, stolen credential lists, and scripting tools. 

  • The attacks target online services and seem to originate from anonymizing tools like Tor exit nodes and various proxies. 

Indicators of Compromise (IOCs): 

  • The timeframe for this attack surge is noted to be between April 19th and April 26th, 2024. 

  • Okta's Identity Threat Research detected the activity. 

  • While specific IoCs aren't listed, the report mentions attacks targeting VPN appliances and routers from various vendors. 

 

 

Black Hat SEO Techniques Used to Distribute Malware 

This report details a malware distribution campaign that leverages black hat SEO techniques. Attackers create malicious websites designed to look legitimate and rank high in search results. These websites are then used to trick users into clicking on them and downloading malware. 

Technical Details: 

  • The malware payloads are delivered through multi-level zipped files. 

  • Once downloaded and executed, the malware can steal sensitive information such as browsing history and user credentials. 

 

 

Phishing Remains a Top Threat Despite Decline in Q4 

Phishing attacks continue to be a major threat to organizations of all sizes. According to a recent report by the Anti-Phishing Working Group (APWG), 2023 saw a significant increase in phishing activity, making it the worst year on record. Over 5 million phishing attacks were detected in 2023, highlighting the prevalence of this cyber threat. 

The report also details a decrease in phishing attacks during the fourth quarter of 2023. This decline is attributed to the takedown of Freenom, a service frequently abused by attackers to register domains that spoofed legitimate companies. While this is a positive development, it serves as a reminder that threat actors are constantly evolving their tactics. 

Key Takeaways 

  • 2023 was the worst year on record for phishing attacks, with over 5 million attempts detected. 

  • While there was a decline in Q4 2023 due to the takedown of Freenom, phishing remains a significant threat. 

  • Security awareness training is crucial for educating employees on how to identify and avoid phishing attempts. 

  • Organizations should implement a layered security approach that includes email filtering, employee training, and staying informed about the latest phishing tactics. 

 

 

New Technique for Detecting Malware Stealing Browser Data 

A recent blog post by Google Security Blog details a new technique for detecting malware that steals browser data. The technique involves monitoring Windows Event Logs for signs of unauthorized access to browser data. 

How Browser Data Theft Works 

Many malware programs target browser data, such as cookies and saved credentials. This data can be valuable to attackers, as it can be used to gain access to online accounts, steal financial information, or launch other attacks. 

Traditional Detection Methods 

Traditional methods for detecting malware that steals browser data often rely on behavioral analysis or signature-based detection. However, these methods can be ineffective against new or sophisticated malware. 

Detecting Browser Data Theft with Windows Event Logs 

The new technique described by Google Security Blog involves monitoring Windows Event Logs for DPAPI events. DPAPI (Data Protection API) is a Windows API that is used to protect sensitive data. When an application attempts to decrypt data protected by DPAPI, a DPAPI event is generated in the Windows Event Log. 

By monitoring DPAPI events, it is possible to identify unauthorized attempts to access browser data. This is because legitimate applications should not need to decrypt browser data unless the user is actively using the browser. 

Benefits of This Technique 

This technique has several benefits over traditional methods for detecting browser data theft. First, it is less reliant on signatures, making it more effective against new and unknown malware. Second, it can provide valuable forensic information, such as the time and process that attempted to access the data. 

Security Implications 

This technique highlights the importance of monitoring Windows Event Logs for security threats. By monitoring these logs, security professionals can gain valuable insights into the activities of applications running on their systems. 

Recommendations 

  • Enable logging of DPAPI events in Windows Event Logs. 

  • Monitor Windows Event Logs for suspicious DPAPI events. 

  • Investigate any unauthorized attempts to access browser data. 

  • Regularly update your security software and operating system. 

By following these recommendations, organizations can improve their ability to detect and prevent browser data theft. 

 

 

Healthcare Organizations Targeted in Social Engineering Campaign with Deceptive Tactics 

High Importance 

A recent report by ReliaQuest exposes a cunning social engineering campaign targeting healthcare organizations' revenue cycle management (RCM) departments. Then attackers employed deceptive tactics to manipulate help desk staff into resetting multifactor authentication (MFA) credentials. This allowed them to infiltrate the system and steal funds by altering bank routing information for fraudulent money transfers. 

Social Engineering Techniques Used: 

The report details how attackers impersonated legitimate users, often healthcare staff, by leveraging readily available personal information. This information might have been obtained through various means, including phishing emails, data breaches, or even social media. Once impersonating a staff member, attackers would contact the help desk, feigning an issue with their MFA and requesting a reset. To heighten their legitimacy, they might provide seemingly valid personal details associated with the target user, such as the last four digits of their Social Security number, date of birth, or home address. By exploiting trust and creating a sense of urgency, attackers could potentially trick help desk personnel into resetting the MFA, compromising the account's security. 

 

LockBit Black Ransomware Delivered via Phorpiex Botnet Spam Campaign 

High Importance 

A recent phishing campaign leveraged the Phorpiex botnet to distribute LockBit Black ransomware. Millions of malicious emails were sent, targeting a widespread audience. 

Campaign Details: 

  • Phishing emails with malicious ZIP attachments 

  • LockBit Black ransomware deployed upon opening the attachment 

  • Ransomware likely based on leaked LockBit 3.0 source code 

LockBit Black Ransomware: 

LockBit Black is a ransomware variant known for encrypting victim files and demanding a ransom payment for decryption. This iteration is likely derived from a leaked version of LockBit 3.0, raising concerns about potential widespread attacks. 

 

 

Alert: Threat Actors Expand Malicious Use of DNS Tunneling 

High Importance 

Security researchers warn of a growing trend: threat actors are increasingly exploiting DNS tunneling for malicious purposes. DNS tunneling involves encoding data within legitimate DNS requests, creating covert communication channels that bypass traditional security measures. 

Why is this concerning? 

  • Evasion Capabilities: DNS tunneling allows attackers to fly under the radar of firewalls and security tools, making detection difficult. 

  • Operational Flexibility: This technique offers attackers a versatile tool for various malicious activities, including: 

  • Phishing Email Monitoring: Attackers can use DNS tunneling to monitor how users interact with phishing emails, allowing them to refine their tactics. 

  • Network Vulnerability Scanning: Malicious actors can leverage DNS tunneling to scan networks for vulnerabilities without raising red flags. 

  • Security Measure Bypassing: This technique can be used to bypass security controls and establish persistence within a compromised network. 

 

 

Cybercriminals Exploit Docusign Phishing Templates 

Summary: Cybercriminals are increasingly targeting Docusign users by distributing customizable phishing templates on cybercrime forums. These templates closely mimic legitimate Docusign emails, luring recipients into providing sensitive information or clicking malicious links. These attacks facilitate various malicious activities, including credential theft and business email compromise (BEC) scams. 

 

Rising Shadow AI Accounts Elevate Corporate Data Risks 

Summary: Recent research by Cyberhaven Labs reveals a 485% surge in AI tool usage among workers, with 90% occurring through personal "shadow AI" accounts. This trend exposes sensitive corporate data to public AI models, posing significant security risks. Key findings highlight that tech workers are the highest contributors, with substantial portions of sensitive data like legal documents, source code, and HR records being inputted into non-corporate accounts. Companies must address these vulnerabilities to safeguard their data. 

Action Points: 

  • Implement strict AI usage policies. 

  • Educate employees on the risks of shadow AI. 

  • Monitor AI tool usage within the organization. 

In News Tags Newsletter, Phishing, Healthcare
Comment

Exploring the Verizon DBIR - Image created by ChatGPT

2024 Verizon DBIR Insights and Thoughts

May 13, 2024

The Verizon Data Breach Investigations Report (DBIR) for 2024 was recently released. It’s a must read of those in cybersecurity. It gives great insight into the overall threat landscape and then breaks it down by industry. Working in healthcare this is important because while ransomware grabs the news a bigger concern may actually be insider threat. This is highlighted even more this year with new requirements around reporting on security incidents and breaches insider threat and specifically the Miscellaneous Error category. My random thoughts from the report are below with a lean towards healthcare.

Insights and thoughts on the Verizon DBIR

Vulnerability exploitation on the rise

Exploitation of vulnerabilities tripled from last year. I’ve read similar numbers from other trend reports and it makes sense. As organizations get more controls in place such as Multi-Factor Authentication (MFA) and people get better at identifying phishing (later in the report) attackers will pivot to other ways of getting in. We’ve already seen a rash of vulnerabilities in network appliances over the last several months that could allow attackers into the network.

Human Element Calculation Change

Privilege misuse was removed from the human element calculation which means the human element metric dropped to 68% instead of 76% if it were kept in this year. I’m a little torn because I still believe it’s human element misusing privilege. The idea is to align their security awareness recommendation better. From that angle I get it because privilege misuse is more intentional regardless of security awareness training.

Added third-party vendor and supply chain issues

This is a good one to add. As organizations get better at defending attackers will look to get in via third-party vendor or supply chain issues. Which really isn’t a new concept see: Target breach or the Trojan War. A good third-party vendor risk management program is essentially to keeping organizational data secure.

Errors Increases due to mandatory breach notifications

Errors increased to 28% this year. Internal actors increased from 20% to 35%. Organizations that don’t have to report won’t. In healthcare if a breach is under 500 records then reporting doesn’t have to occur, so there’s even more Errors not being reported. I expect more regulation will make this number continue to grow for healthcare . This will hopefully highlight and shift focus to finding solutions to the insider threat problem. Yes, there’s Data Loss Prevention (DLP) but it’s a pain in the ass to get in place.

Meme created by ME!

Security Awareness is Improving

20% of people are reporting simulated phishing emails and 11% are reporting after clicking. That’s positive improvement. I also really like that the report focused on report rates and not clicking. Click rates can fluctuate depending on the difficulty of the phish and the time of year. Too much focus is put on clicking when what’s really needed is an improvement in reporting.

Reporting gives the security team an opportunity to respond to an incident sooner. I always tell people that clicking doesn’t bother me. Did they report it? It’s much easier to respond now, than several weeks later when there’s a bigger issue. Encouraging reporting, even when a click happens, also helps build a more positive security culture. We’re all human and make mistakes. I’ve fallen for my own phish before.

Generative AI Not as much of an issue as we thinK

It’s recognized that AI is helping attackers in writing phishing email and malware and being deployed in political campaigns but it’s not being used in way that is significantly contributing to breaches. This is why I love the Verizon DBIR. Despite the news headlines and play on social media AI and all the awful things it can do is not currently having a measurable impact. It’s certainly still something that needs to be discussed, understood, and controls put in place, but it may be better to focus on efforst that may make a more substantial impact such as vulnerability management and security awareness.

Distributed Denial of Service is the top action in incidents

This is where understanding the verbiage of the report is important. Incident vs breach. Breach is a loss of data. An incident is a security incident that may not involve data being stolen. Hence, DDoS isn’t about taking the data it’s about taking the service offline for an extended period of time. This shocked me a little. DDoS is still happening and it’s impacting a lot of organizations. Having mitigating controls and a plan in place to respond is important for any organization.

Jen Easterly comments on vulnerabilities and the need to shift focus

“...recurring classes of software defects to inspire the development community to improve their tools, technologies, and processes and attack software quality problems at the root.”

Quality code is secure code is something I’ve been preaching for years. If the quality is there then the security will be there. It’s in the documentation. When developers don’t follow best practices and the documentation that’s when vulnerabilities get created. The reason why security folks have a job is because people aren’t developing, coding, or configuring things right in the first place.

I like that Jen is taking a more broad view and it’s not something I’ve thought about. Instead of focusing on individual vulnerabilities or bugs we should go a level up. Every organization is different and every development team is going to have different issues with certain quality issues. We need to be looking at the class of bugs and trying to solve for the large grouping of vulnerabilities. This will help the development community identify where they can make improvements in their tools, technologies, and most importantly processes.

Social Engineering Section

BEC attacks had a median transaction of $50,000. They have a great graph that shows most organizations can get their money back by reaching out to law enforcement. I had a great conversation with Jayson E. Street recently on the Exploring Information Security podcast on social engineering and he had a great idea to send everyone involved in financial transactions a card with a code word on it. If that code word wasn’t authenticated then it’s very likely a BEC attack. I love the simplicity of the solution and I think it can make a good impact.

WEB APPLICATION ATTACKS SECTION

Credential stuff and brute force attacks are the most common against APIs. Authentication and authorization are the biggest issues for APIs, not so much injection vulnerabilities. This improves security but also means permissions should be top of mind when developing APIs. Things like MFA and rate limiting also need to be in place to help mitigate the potential of a breach. 1000 credentials are available online daily for $10. Credentials are cheap and easy to come by.

Free gaming currency lures lead malicious NPM packages was not something on my radar. This is the younger generation looking to make a fast bUck in the gaming landscape. Unfortunately, they’re downloading malware. Typo squatting was second. From the report it talked about packages checking external repositories before internal. It’s always better to try and build an internal repo system that pulls updates from the known good repositories. This is easier said than done.

Miscellaneous ERrors

This is often overlooked by organizations. Insider threat is the bigger concern in industries like healthcare where people are handling personal, health, and financial data. There’s a lot of data flying around. More than 50% was due to misdelivery which means people sent sensitive information to the wrong party and often non-malicious.

87% of users accounted for errors. System administrators go from 46% last year to 11% this year. System administrators largely accounted for internal threat issues due to misconfiguration. They’ve tightened up but it also highlights how under reported user errors were.

Data Loss Prevention (DLP) is huge to help prevent this. The problem is that DLP is a pain in the ass to implement. I hope that highlighting how big of an issue insider threat will encourage companies to try and tackle the problem in more creative ways.

Healthcare Industry

I’ve already talked a lot about healthcare above. Miscellaneous Errors regained the top spot after being second to system intrusions last year. I would expect system intrusions to continue to decline in next year’s report due to law enforcements increased involvement in taking down ransomware gangs. Privilege misues was second. This is the more malicious actions internal threat actors are taking. System intrusions were third.

Conclusion

The 2024 Verizon Data Breach Investigations Report (DBIR) is a must read. It provides critical insights into the evolving threat landscape, particularly emphasizing the increasing complexity of cybersecurity challenges across various industries. It’s a good anchor point for challenging assumptions about the biggest risk to our own organization.

As cybersecurity environments become increasingly complex, the DBIR’s insights are invaluable for professionals seeking to bolster their defenses and anticipate potential threats. The report serves not only as a tool for understanding but also as a catalyst for implementing robust security measures tailored to specific industry needs. For those in cybersecurity, especially in sectors as sensitive as healthcare, the DBIR is an essential resource that supports ongoing efforts to protect sensitive information and systems from both external and internal threats.

In Technology Tags Verizon DBIR, Healthcare, DLP, AI, security research, Trend Reports
Comment

AI security and healthcare - created by ChatGPT

Embracing AI with Care: A Guide for using AI in the healthcare workplace

April 10, 2024

This is an article I put together for internal communication on my companies intranet. I actually put two different articles together. Both are along the same lines just written different. I would love feedback on anything I may have missed. Otherwise feel free to use this as part of your company’s internal communication. This was most written by ChatGPT.

Introduction

In the rapidly evolving world of healthcare, Artificial Intelligence (AI) has emerged as a beacon of hope and innovation. From improving patient outcomes to optimizing operational efficiencies, AI's potential is undeniable. However, as we integrate these powerful tools into our daily operations, it's imperative to approach AI with a blend of enthusiasm and caution.

The Power of AI in Healthcare

AI's application within healthcare spans from predictive analytics in patient care to automating administrative tasks, allowing healthcare professionals to focus on what they do best—caring for patients. AI algorithms can analyze vast amounts of data to predict patient deterioration or optimize treatment plans. Additionally, AI-driven chatbots can enhance patient engagement and support, providing timely information and assistance.

Ethical Considerations and Patient Privacy

While AI can significantly improve efficiency and patient care, its implementation in healthcare comes with profound ethical implications, especially concerning patient privacy and data security. As stewards of sensitive health information, it's our collective responsibility to ensure that AI tools are used ethically and in compliance with all applicable laws and regulations, such as HIPAA.

  • Transparency and Consent: Patients should be informed about how AI might be used in their care, including the benefits and potential risks. Obtaining informed consent is not just a legal requirement; it's a cornerstone of trust.

  • Data Privacy: Always ensure that AI systems handling patient data are secure and compliant with data protection laws. Anonymization of data before AI analysis is a critical step in safeguarding patient privacy.

  • Bias and Fairness: AI systems are only as unbiased as the data they're trained on. It's essential to continuously monitor and evaluate AI tools for any form of bias, ensuring equitable healthcare outcomes for all patients.

Cybersecurity Implications

The integration of AI into healthcare systems increases the complexity of our cybersecurity landscape. AI can both bolster our cybersecurity defenses and represent a novel vector for cyber threats. Therefore, a proactive and informed cybersecurity approach is essential.

  • Adherence to Security Policies: All use of AI technology must comply with our comprehensive security policies, which are designed to protect both patient data and our IT infrastructure. This includes strict access controls, regular security audits, and adherence to best practices in AI ethics and governance.

  • Education and Awareness: Employees must be educated about the potential cybersecurity risks associated with AI, including social engineering attacks that leverage AI-generated content.

  • Handling of sensitive data: It is crucial to ensure that sensitive data is not entered into or processed by AI systems that are not under our direct control and that do not meet our strict security and privacy standards. Employees should avoid the use of unauthorized AI tools and platforms that could inadvertently expose sensitive patient information or proprietary data. This includes being aware of third-party companies that have integrated AI into their platforms.

  • Secure AI Development: AI systems must be developed and maintained with security in mind. Threat modeling helps to identify potential issues before they arise. Regularly updating and patching systems helps maintain the integrity and security of systems.

  • Vigilance and Reporting: Employees are empowered to report any suspicious activities or vulnerabilities. Early detection is key to preventing cyber incidents or data privacy issues.

Looking Ahead

As we journey forward, integrating AI into our healthcare practices, let us do so with a vigilant eye on the ethical, privacy, and security implications. By fostering a culture of responsible AI use, we not only protect our patients and their data but also contribute to the advancement of healthcare, making it more accessible, efficient, and effective for all.

Conclusion

The integration of AI in healthcare represents a frontier of endless possibilities. Yet, as we harness these technologies, we must navigate this terrain thoughtfully and responsibly, ensuring that we remain steadfast in our commitment to patient care, privacy, and security. Together, we can create a future where AI empowers us to deliver better healthcare than ever before.

In Advice Tags AI, Healthcare, Security Awareness
Comment

Exploring the newsletter below - Image created with the help of ChatGPT

Security Awareness Newsletter March 2024

April 1, 2024

This is a security newsletter I’ve put together as part of our security awareness program. This leans more towards healthcare and news items that are more general in nature. I’ll have a more technical focused newsletter later this week that’s targeted at security teams. Feel free to take this newsletter and use it internally as part of your security awareness program.

The Great Zoom-Skype-Google Masquerade: Beware of digital doppelgängers. Fake Zoom, Skype, and Google Meet sites are the latest traps set by cyber tricksters.  These spoofed meetings can trick users into downloading harmful software that compromises their computer. Ensure you’re clicking on the real deal to keep those malware masqueraders at bay. Beware of QR codes that will try to steal credentials as part of this type of attack. 

Beware of fake websites mimicking popular brands!: Typosquatting attacks are surging, and cybercriminals are exploiting user mistakes to steal login credentials and spread malware. Typosquatting is where an attacker registers a similar domain to one a person is familiar with. This increases the chance a malicious link will be clicked. 

Small Businesses Hit Hard by Cybercrime: Some social engineering techniques highlighted in the article include: malicious ads; attackers starting a conversation before trying to get the person to take an action; and the move to PDF attachments. These types of attacks help launch ransomware against small businesses. 

Beware of AI-Driven Voice Cloning in Vishing Scams: The Better Business Bureau (BBB) has issued a warning about the rise of voice phishing (vishing) scams utilizing AI-driven voice cloning technology. Scammers can now mimic voices convincingly with just a small audio sample, leading to fraudulent requests for money transfers or sensitive information. Tips to Stay Safe: 

  • Pause Before Acting: Resist the urge to act immediately on unexpected requests, even if they seem to come from a familiar voice. 

  • Verify Directly: Contact the supposed caller using a known, saved number—not the one provided in the suspicious call. 

  • Question the Caller: Ask specific questions that an impostor would struggle to answer correctly. 

  • Secure Your Accounts: Implement multi-factor authentication and verify any changes in information or payment requests. 

Update on Change Healthcare Cyberattack Recovery: Change Healthcare is on track to bring its systems back online by mid-March following a cyberattack that has caused widespread disruption since February 21. The cyberattack has significantly affected healthcare operations nationwide, with providers facing difficulties in payment processing, insurance verification, and clinical data exchange. This highlights why security awareness is so important. Identifying and reporting security threats to the organization is the responsibility of everyone. 

Beware of Tax Season Scams Targeting SMBs and Self-Employed Individuals: As tax season unfolds, a new scam has surfaced targeting small business owners and self-employed individuals. Scammers are using emails to lure victims to a fraudulent site, claiming to offer IRS EIN/Federal tax ID number applications. However, this service is free through the IRS, and the scam site is designed to steal personal information, including social security numbers, creating a significant risk for identity theft and fraud. A Microsoft report identifies green card holders, small business owners, new taxpayers under 25, and older taxpayers over 60 as prime targets for these scams. Check Point has some example phishes in their tax scam article. 

Apple Users Beware: "MFA Bombing" Phishing Attacks on the Rise: Leveraging Apple's password reset system attackers can bombard users with password reset prompts. If a person clicks "allow" on one of the prompts, the attackers can gain access to the user's account. The attackers may also call the person pretending to be Apple support. Some ways to protect yourself from this attack include not clicking on any of the prompts and contacting Apple directly if you receive a suspicious call. 

In News Tags newsletter, Security Awareness, social engineering, Typosquatting, AI, Healthcare, tax fraud, Multi-Factor Authentication
Comment

Latest PoDCASTS

Featured
Dec 24, 2024
[RERELEASE] How to get into information security (Copy)
Dec 24, 2024
Dec 24, 2024
Dec 17, 2024
David Mytton on Developer-Centric Security with ArcJet
Dec 17, 2024
Dec 17, 2024
Dec 10, 2024
[RERELEASE] What is MS08-067?
Dec 10, 2024
Dec 10, 2024
Dec 3, 2024
Exploring the Defensive Security Handbook with Amanda Berlin
Dec 3, 2024
Dec 3, 2024
Nov 26, 2024
How to Create User-Centric Security with Javvad Malik
Nov 26, 2024
Nov 26, 2024
Nov 14, 2024
How to Pick a Whiskey Barrel With The Innocent Lives Foundation Charity
Nov 14, 2024
Nov 14, 2024
Nov 12, 2024
Exploring Legal Landmines in Incident Response with Thomas Ritter
Nov 12, 2024
Nov 12, 2024
Nov 5, 2024
[RERELEASE] What is the SANS Holiday Hack Challenge
Nov 5, 2024
Nov 5, 2024
Oct 29, 2024
[RERELEASE] ShowMeCon: What does Jayson E. Street, Dave Chronister, Johnny Xmas, April Wright, and Ben Brown think about security?
Oct 29, 2024
Oct 29, 2024
Oct 22, 2024
[RERELEASE] What is security awareness?
Oct 22, 2024
Oct 22, 2024

Powered by Squarespace