| |

IT & Communications

A good thing used for bad purposes. Sometimes.

While Cobalt Strike is the market leader, it is far from the only threat assessment tool - and others are even easier for criminals to make use of - on every server, desktop and mobile platform except, it seems, Apple mobiles.

CoNet Section: 

Law enforcement can move fast - when the criminal conduct involves the reputation of governments. Reveals gaping hole in US government e-mail security - and one that, with hindsight, seems blindingly obvious.

CoNet Section: 

It's a telephone number and it's cropping up in all kinds of places, including a PayPal / Target / Apple iPhone scam that arrived in our own mailbox this morning.

CoNet Section: 

Google is threatening to kill Android phones if users do not provide personal information.

There are several versions of the threat issued by Google where its persuasion has failed.

Google is facing two problems: first, its own message demands the information and then says it will be used to the customer's detriment and secondly, people no longer trust it.

CoNet Section: 

One of the biggest reasons for migrating away from WhatsApp is privacy. It's been a problem ever since WhatsApp was launched. Indeed, I discussed it with the founders when it was new, ish, and they said that they had deliberately designed the system to create visibility between users. When I pointed out that a combination of various features compromised personal security, that was not something that concerned them... anyone can get your phone number, they said.

CoNet Section: 

Media release: Australian Consumer and Competition Commission 26 Nov 2020.

The ACCC has today instituted Federal Court proceedings against Telstra (ASX:TLS) for admitted unconscionable conduct in the sale of post-paid mobile products to Indigenous consumers.

CoNet Section: 

The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are reporting the large-scale re-emergence of the Emotet trojan. Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity. CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. It spreads via links in e-mails and as macros in .doc files attached to e-mails.

CoNet Section: 

One of the most persistent forms of fraud, now well over 100 years old, is directory fraud. In a recent iteration, there is at least something a little different.

CoNet Section: 

That's it. We've had enough. Until internet domain name registrars start to adopt responsible practices over who they sell domains to, especially the plethora of top level domains that criminals habitually use for the nefarious activities, it's time to block them entirely.

CoNet Section: 

Even by the standards of spammers, we have to be impressed with the targeting of this outfit. antimoneylaundering.net has, this spammer claims, sent an e-mail to antimoneylaundering.net. That's our sister domain. That's not clever - lots of criminals do that. It's not even clever to put the name in the "from " - criminals and sales people do that. But to tie it to something that might actually be of genuine interest? That is clever or, at least, devious.

CoNet Section: 

Public thanks: TechWarehouse in Kuala Lumpur. I bricked my primary PC and nothing else in the house was capable of handling its workload. I needed something urgently until I get the big box to ASUS so they can work out why the BIOS isn't working out and fix it.

CoNet Section: 

They say, at the end "this is not invoice." But by the time you get that far, you've already been sucked in.

CoNet Section: 

A business using, almost inevitably, an e-mail address at one of the large US based anonymous e-mail services (in this case harry.vangundy@msn.com ) claims to be operating out of Luxumbourg. In fact, the form advertises arguably illegal services and promotes it by wilfully committing unlawful access to websites.

CoNet Section: 

If you are concerned about the amount of information about you and your company and its people that Facebook collects through its various methods, there are a number of methods to control e.g. trackers.

But now FireFox from the Mozilla Foundation has approved a method of ring-fencing not only Facebook itself but other services, such as Instagram, that it offers.

CoNet Section: 

If you are issuing a notice about technology, the least you can do is make sure your own tech works when recipients click on a link in the notice.

CoNet Section: 

Pages

hahagotcha