Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:
But first, let’s talk about phishing. In a phishing attempt, the criminal is constantly devising ways to deceive victims into handing over credentials. These are usernames, passwords, paypal and banking logins and even 2-factor authentication tokens.
The industry keeps evolving with tools to fight phishing which includes everything from Security Awareness Training, sandboxing logins, using threat intelligence to quickly blocklist known phishing sites, but the criminals continue to be evasive.
To this very day, phishing continues to plague everyone as there are always new ways to deceive people. I love the line from Brian Brushwood who always says, “we’re not fooled because we’re stupid, we’re fooled because we’re human”.
So it isn’t surprising that all of the aforementioned tools simply do not prevent the latest kind of Browser-in-the-Browser phishing attack:
Behold, a password phishing site that can trick even savvy users. However, it does turn out, that in a zero trust connectivity policy, you’re protected even from this new trick.
Russia hacked Ukrainian satellite communications, officials believe. Starlink, though, that runs a low-earth orbit satellite network for internet access appears unaffected.
Lapsus$ hackers leak 37GB of Microsoft’s alleged source code. Microsoft isn’t the only company attacked by Lapsus$ recently, and the story of the gang’s leader being a teenager from Britain, living with his mom, is gaining quite a bit of attention.
White House warns of possible Russian cyberstrike on US critical infrastructure. It is hard to tell if this is intended on being a distraction from unwanted attention elsewhere, but regardless, the message is clear and true. We need to defend our networks and assets better than we have. In fact, for those of us in IT and Security, that is arguably the best way for us to participate in this current conflict.
How TrueCaller built a billion-dollar caller ID data empire in India. Everyone wants to block unknown and unwanted callers, so TrueCaller met a need. However, the data collection methods clearly are questionable because consent is never granted by phone number owners. At least we have options like MySudo which offers us alternative phone numbers to use for outgoing identities.
Did you know?
There’s a podcast that is educational, entertaining and enhances your security posture, all in one. It’s called The World’s Greatest Con. If you haven’t subscribed, yet you should. You won’t regret it.
For a video version of this see: https://youtu.be/kpG5SfX1UoQ