Cybercoin Extortion Charade:
A recurring email threat has targeted a Wyoming citizen, claiming that their accounts have been compromised. The email demands a Cybercoin payment to prevent the release of the user's information. While initially appearing credible, the email's legitimacy is questioned when it mentions the user visiting inappropriate websites. The subject line was labeled as “Invoice” and was sent by an email address containing “compunet2” dot com. This URL was flagged as malicious on virustotal.com/gui/home/upload, where you can check if other URLs are also flagged as unsafe. CyberWyoming Note: Recipients are advised to avoid clicking links and exercise caution with emails claiming account compromise and demanding payment, especially if they contain inconsistencies.
From Tweets to Leaks:
In 2023, a significant security incident occurred involving Twitter, where over 200 million records were scraped from the platform and later appeared on a popular hacking forum. The data, obtained in 2021, resulted from the abuse of an API (short code that connects online products) that allowed email addresses to be matched with Twitter profiles. The compromised information included email addresses, names, social media profiles, usernames, and follower counts. This data was compiled into a corpus and shared on a hacking forum. As a precaution, a large batch of compromised email addresses has been added to the database of haveibeenpwned.com, prompting users to check their email addresses for potential compromised accounts. It is advisable for individuals to verify the security of their accounts in light of this breach.
White House’s Cyber Push:
The White House is set to tie hospital funding to digital security standards, making basic cyber hygiene, including multi-factor authentication, a requirement. Recent cyberattacks have seriously affected hospitals, leading the Biden administration to address vulnerabilities in the healthcare sector. Hospitals, already subject to diverse funding-related criteria, are lucrative targets for ransomware attacks due to their sensitive data and often inadequate security structures. To counter this, the proposed policy aims to enforce a baseline of cybersecurity measures, incorporating multi-factor authentication and timely software updates. The initiative, focusing on impactful cybersecurity practices, is anticipated to be implemented this year. The Centers for Medicare & Medicaid Services will introduce basic cybersecurity rules to enhance hospital security, aligning with the International Counter-Ransomware Initiative's non-payment pledge. The move responds to the tangible impact of cyber-attacks on patient health, as studies reveal an increase in patient mortality following such incidents in hospitals, emphasizing the urgency of fortified cybersecurity measures. – Brought to you by TechRadar
Learn from SEC's & 23andMe’s 2FA Lapse:
The Security & Exchange Commission’s (SEC) recent account breach and the 23andMe hack underscore the need for two-factor authentication (2FA). Despite its inconvenience, 2FA acts as an essential security layer, preventing unauthorized access. The SEC incident involved a false bitcoin ETF (exchange-traded fund) approval tweet, exposing the absence of 2FA. A 23andMe hack exploited reused passwords, emphasizing the effectiveness of 2FA. 2FA methods include text messages, authentication apps, and physical keys, with security experts favoring apps over texts. Users are urged to enable 2FA in security settings for enhanced protection, especially considering potential hijacking of phone numbers. Physical keys, like YubiKey, are recommended for high-risk individuals. – Brought to you by The Wall Street Journal
The Hidden Risks of Public USB Charging:
The FBI warns against using public phone charging stations, especially in airports, due to the risk of "juice jacking," where hackers upload malware to devices. Here are quick tips for safe charging:
- Don't use public USBs, opt for outlets: While cases of juice jacking are rare, it's safer to use power outlets with your own adapter. Avoid USB ports, especially when overseas, as foreign hackers may target them.
- Don't use a cable, go wireless: Use wireless charging pads whenever possible, as they don't exchange data directly with your phone, ensuring virus-free charging.
- Don't use a data cable, choose charge-only: If you must use a USB connection, use a charge-only cable to prevent data transfer. This ensures a secure charging experience.
- Don't choose the 'trust' option: When prompted by newer phones to "trust this device" or "share data," always decline these options. Opt for the "charge-only" option if available or keep walking to avoid potential malware implantation.
- Be cautious with older phones: While this advice works for most phones a few years old or newer, some older phones may not offer the choice to select "charge-only," so extra caution is advised.
– Brought to you by The Current
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Oracle products, VMware vCenter Server, Google Chrome, Mozilla products, and Apple products. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News:
- VF Corp (Parent company of Vans, Supreme, and The North Face), LoanDepot, Subway, and DENHAM.
- 26 Billion Records Leaked: Trezor, Weibo, MySpace, Twitter, Deezer, Linkedin, AdultFriendFinder, Adobe, Canva, VK, Daily Motion, Dropbox, and Telegram.
Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to [email protected] to alert your friends and neighbors.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or [email protected]
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to [email protected]
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register