Matt's Newsletter - Issue 7
The best I've read - Week ending January 3, 2021
Twenty-Twenty-One. We made it through 2020. Things can only get better right?
I published two original pieces this past week on the write.as blog. The first is concerning the meteoric price increase of Bitcoin which appears to have no end in sight. It was priced at $28,000 when I published the article and is at $33,500 as I write this. This immediate rise is due to speculation, aka FOMO - Fear Of Missing Out - but I discuss the true baseline price driver of the currency.
The second article is about the recent controversy surrounding Go Daddy when they used a bit of trickery to run a phishing campaign against their own employees. Some say the trick was a bit too dirty.
International scammers reap millions in Covid-19 relief
I can’t believe I’m citing an article from USA Today, but Nick Penzenstadler wrote a fantastic piece detailing how easy it has been for international criminals to steal relief money from the states. He estimates that 36 Billion dollars has been lost to fraud.
Keeping with Covid-19 related scams…
The Financial Crimes Enforcement Network (FinCEN) has issued an alert to financial institutions requesting they be on the alert for fraud related to Covid-19 vaccinations. The agency warns “COVID-19 vaccine fraud may include the sale of unapproved and illegally marketed vaccines, the sale of counterfeit versions of approved vaccines, and illegal diversion of legitimate vaccines”.
A call to update Sarbanes-Oxley
This opinion piece published in The Hill explains the original intent of the Sarbanes-Oxley Act of 2002 and details why an update is needed. Corporate cyber attacks were never considered but the original intent of the bill covers them perfectly. The language just needs to be updated to ensure compliance.
That’s how Spam is made
T-Mobile reported a breach that allowed unknown actors access to customer records. Although it doesn’t seem like any significant customer personal information was released the attackers did copy “basic call records”. These call records include phone numbers the T-Mobile customers called and received calls from for an undisclosed length of time. The company estimates the breach will effect 200,000 customers. That’s a lot of new, and validated, phone numbers that will be added to spam call lists.
The Cybereason blog reports they are monitoring a new spam campaign that informs the email recipient they have been awarded an Amazon gift card. Only the real award is a download of the Dridex banking trojan.
More FinCEN - the agency is calling for United States citizens to report if they are holding more than $10,000 in digital currency in offshore wallets. The agency intends to amend the Bank Secrecy Act’s Foreign Bank and Financial Accounts (FBAR) regulations to gain compliance.
A new web-skimmer that harvests credit card data from online market places has been identified and it is compatible with all of the major e-commerce solutions. Shopify, Zencart, BigCommerce, and WooCommerce are all vulnerable to the malicious script.
A reminder that the cyber threat to your business isn’t always some hacker in his mom’s basement or a foreign crime syndicate, sometimes it’s the business next door. Ticketmaster has pled guilty in a case where they hacked the network of a rival business. "Ticketmaster employees repeatedly – and illegally – accessed a competitor's computers without authorization using stolen passwords to unlawfully collect business intelligence," said Acting U.S. Attorney Seth DuCharme.
txtify.it pulls only the text from a webpage which allows you to easily save information to a text document.
Manager of Threat Intelligence - Amazon
Thank you for reading. Your time is valuable and I appreciate you giving me a few minutes.
If you stumbled upon this newsletter - please consider subscribing!