This Week In Nerd News (TWINN) – January 23, 2023

Nerds On Site
Article Written By David Redekop

1995

Founded In

96,000+

5-Star Reviews

4.83 / 5

Satisfaction Rating

TWINN #108 Blank image phishing

Today is our first day of bootup training, so I have to say it’s always exciting to see a screen full of new nerds starting up their adventure within Nerds On Site. It doesn’t take more than a few minutes to connect the dots of our world of free enterprise, with nothing but opportunities, with new nerds!

This week, we’ll start with a brand-new phishing scam.

What happens when all our training goes out the window, and we get an email from a trusted source like DocuSign with a blank image? Given the subject of my weekly updates, it probably doesn’t surprise you that this is the latest stealthy phishing attempt involving using already-authorized channels like digital signatures from DocuSign. Still, when the blank image is clicked, then there’s base64-encoded JavaScript that is triggered, causing your browser to visit a malicious site.

YouTube video

The 5 Top Cyber Security Stories Of The Week

Blank images used in new phishing scam. The key here is that it bypasses all modern-day inbound filters, but Zero Trust has your back because the endpoint cannot reach the malicious site.

T-Mobile says hacker accessed personal data of 37 million customers. This appears to be a regularly-repeating story from T-Mobile specifically, and once again, they are personally-identifiable data leakages we’re facing. Unfortunately, this might mean a long-tail of identity theft so make sure that anyone you love that’s on that list is on the defensive.

Hacker group incorporates DNS hijacking into its malicious website campaign. “The attackers, known in the security industry as Roaming Mantis, designed the DNS hijacking to work only when devices visit the mobile version of a spoofed website, most likely to ensure the campaign goes undetected.”

Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware. The key here is that even two weeks before the vulnerability was known and/or disclosed, it was used by some Chinese threat actors.

Finally we have end-to-end encryption in iCloud data with iOS 16.3. This is exciting, especially for those who started to wonder about the future of Apple and our data sovereignty.

Did you know?

There are a lot of free resources for Cybersecurity Education Resources. One of our technology Partners, Webroot, offers 200+ tips and articles.

You May Also Like…

Index