New report reveals a 121% surge in cybercriminals using legitimate websites to obfuscate malicious payloads
Quote: "71% of malicious payloads sent from compromised accounts were HTML smuggling attacks
51% increase in attacks sent from compromised accounts
Advanced phishing attacks commoditized by crime-as-a-service gangs"
Nokowaya also has some listings I have not seen elsewhere, including a data dump with sensitive info allegedly from Wyoming County Community Health System in New York. They claim to have exfiltrated 150 GB of files.
There is no notice on the health system's site. I have reached out to them and will update when I find out more.
Klingt wie mein letzter Artikel, ist aber neu: Wieder hat eine Gesundheits-App Daten verloren. 🥺 Langsam werde ich zugegeben ungeduldig. Würde gerne mal wieder was Neues schreiben. Und mir nicht die persönlichen Dramen ausmalen müssen, die schlechte IT-Sicherheit vor allem in so sensiblen Bereichen verursacht.
Lest es bitte trotzdem und sensibilisiert euer Umfeld. Ich wäre derzeit wirklich vorsichtig mit Gesundheitsapps aller Art. https://www.zeit.de/digital/datenschutz/2023-05/sicherheitsluecke-app-gesundheit-diagnose-hacker/komplettansicht #cybersecurity#gesundheit
I was -1 years old when The Hacker Manifesto was published, but its influence has traveled through decades to reach you today. Its spirit continues to galvanize #cybersecurity specialists and inspire #cyberpunk fiends. But why does this happen?
👉 Join me and the thoughtful @agent0x0 as we dive into the depths of hacker culture and the driving forces behind it.
Cybersecurity professionals who promote fear are doing harm to overall cybersecurity awareness training efforts.
As an example, I received this inquiry from a person who was unnecessarily afraid to use a legitimate payment system. Read their question and my reply below:
"Hi Bob, I have a tech question for you. I just had my car serviced at the dealer. They offered a pickup and return service (of the car) which I used, so I did not physically have to go there. When they were done they texted me a copy of the bill and there was a link to make the payment. Since I wasn’t sure how safe that was I called and made the payment, but for future reference I thought I’d ask you if it is a safe/secure way to pay.
Thanks"
My reply:
"Yes! It's safe and secure to use a link in a text message, or QR code, given to you directly by a local business. That business is paying a transaction fee to use an online credit card payment services provider."
Instead of fostering fear, teach people how to distinguish between legitimate payment links and payment links from scammers.
For anyone even vaguely interested in infosec, I highly recommend the Darknet Diaries podcast. Even if you're not deep in the weeds of security, there's lots to learn for people that like to know about the darker side of the internet. #cybersecurity