TWINN #101 Man in the Email
Many aspects of IT security are dynamic and shift around. If doing business one way exposes a threat, we change our behaviour to make it safer. It’s not like cyber security is new, but it seems like the goal posts change on a regular basis because the threat actors and criminals just move to yet another avenue of exploitation.
However, there’s one area of exploitation that hasn’t changed much. It is in the area of Business Email Compromise, also known as “Man in the email.” This is where your mailbox or the mailbox of someone with whom you communicate is being watched by an attacker. It doesn’t take much for these guys to associate a value with a compromised mailbox, and they’ll sit in it for as long as it takes to spot an opportunity. However, there has been some evolution in the business email compromise space, and this shows us just how and why it is still such an effective attack vector to this day.
Table of Contents
The 5 Top Cyber Security Stories Of The Week
The Evolution of Business Email Compromise. The only truly non-phishable mail service is one that is protected with a hardware key.
Mozilla and Microsoft distrust TrustCor certificates due to suspicions over covert spyware operation. “The chain of trust ensured by Certificate Authorities (CA) keeps the web safe and internet companies happy. However, when the chain breaks, a CA can suddenly become an unwelcome guest within the most popular web browsers.”
Russia is spying on Telegram chats in occupied Ukrainian regions. Here’s how. We’ve known for a long time that Telegram security is bad design. Now there’s definitive proof that telegram channels are being monitored by non-members. Don’t rely on Telegram for privacy or security.
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability. That’s now the 9th zero day flaw in Chrome in 2022. Remember, technically a zero-day is a weakness that is already being exploited in the wild.
Spyware maker Variston exploited Windows, browser zero-days. Given how many Zero Day vulnerabilities Google Chrome and related browsers have had this year, it isn’t surprising that an enterprising group would weaponize those vulnerabilities themselves instead of selling to the marketplace.
Did you know?
https://chat.openai.com/ was launched this week and it seems to be more resistant to chatbot failures of the past.