The IRS is warning of a new series of phishing attacks targeting your finance, payroll and human resource departments. Some versions of this scam are requesting wire transfers as well. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
For the last year malware writers were using javascript files to distribute malware. Attackers have recently switched to less suspicious attachment types, most notably .LNK and .SVG files. LNK files are files for shortcuts or links to executable files. In this instance, ransomware/malware files.
SVG files are image files. Unfortunately this file format is allowed to contain javascript which of course means executable content is only an image preview away.
Those that have ContentCatcher are already protected with FileWall. The ContentCatcher team has added .lnk and .svg attachments hidden within zip files to the default drop list for your protection.
The Internet of Things is gaining ground. Many items purchased today have the ability to connect to the internet. Sadly, most of them have very little in terms of security but this is slowly changing. Now, we face something entirely different, privacy concerns. Recently police were trying to access records of an Amazon echo device to help solve a crime. In this particular case, an IOT water heater was also used to compile evidence based on how much water was used with the prosecutor saying, it was enough to wash away evidence. Thinking of business and IOT devices, it is extremely important to make sure these types of devices are protected. Attackers are gaining access and using the information found within to gain a stronger foothold, phish users or whatever else they have yet to think of for financial gain.
Organizations heavily invested in the Microsoft ecosystem face an interesting decision when selecting endpoint protection.…
Choosing the right endpoint security solution can make the difference between stopping a breach early…
Cyber threats have become so sophisticated that detecting them requires more than just installing antivirus…
Modern organizations face relentless cyber threats from multiple directions—ransomware gangs, nation-state actors, insider threats, and…
You've invested significantly in security tools over the years. Firewalls, endpoint protection, email security, network…
Cybersecurity teams face an overwhelming challenge: how do you spot a genuine threat when your…