Skip to main content

Hacker’s Brief 9/6/2024 

News Letter Journal - Staff Photo - Create Article
By
CyberWyoming

$1 Million Text: A Laramie citizen received a mass text from an Alaska-based number, area code 907, claiming they had won $1 million as part of a $20 million giveaway by a Powerball winner named "Cheng Saephan." The text included a graphic with lottery logos and stated that the citizen's number was randomly selected. To claim the prize, the recipient was instructed to send a code to a different phone number. CyberWyoming Note: The message, filled with red flags like spelling errors and unrealistic claims, is a clear scam attempting to trick individuals into providing personal information. Be wary of unsolicited messages claiming you’ve won a large sum of money, especially those asking for personal information or codes. 

 

Scam Lane Ahead: A Laramie resident received a scam text from an unknown Canadian number claiming that "CA Toll Service" reported an unpaid vehicle invoice. The message threatened additional fees if the outstanding balance of $5.79 wasn’t paid through a suspicious link. CyberWyoming Note: Ignore unsolicited messages about unpaid invoices and avoid clicking on unfamiliar links; verify any claims directly through official channels. 

 
Unsolicited Job Texts: A Laramie resident reported receiving a scam text from an unknown Florida-based number (386) claiming to be from "RemX Specialty Staffing & Recruiting Company." The message promised a high-paying remote job updating merchant data, enhancing online presence, and increasing bookings, with daily earnings between $40 and $1000, a $1550 weekly base salary, paid leave, and daily payments. It required only a smartphone or computer to start and included a suspicious WhatsApp link. CyberWyoming Note: Avoid engaging with unsolicited job offers via text or unfamiliar links, and verify any potential opportunities through official channels before providing personal information. 

 

Grim Grifting: Scammers are targeting grieving Facebook users by creating fake funeral live streams to steal money and credit card details. They post fraudulent links pretending to offer live streams of funerals or solicit donations for the deceased's family. Clicking these links often leads to phishing sites that request credit card information under false pretenses, such as offering free access to movies. The scammers use stolen images and details to make their posts look legitimate. To avoid falling for these scams, users should be cautious of suspicious links and friend requests, report such comments to Facebook, and never provide credit card details unless absolutely sure of the recipient's authenticity. – Brought to you by Malwarebytes https://www.malwarebytes.com/blog/news/2024/08/fake-funeral-live-stream-scams-target-grieving-users-on-facebook 

 

North Korea Hacking Chrome’s Hidden Flaw: In August 2024, North Korean hackers exploited a hidden flaw in Chrome and other browsers to steal cryptocurrency. They used fake websites and job offers to trick people into downloading malware, which gave them full access to the victims' computers and their crypto assets. Google fixed the flaw two days after it was discovered. Microsoft has reported the attack but hasn’t shared details on how many were affected. North Korean hackers target crypto to get around international sanctions and fund their government.  

– Brought to you by TechCrunch  

https://techcrunch.com/2024/08/30/north-korean-hackers-exploited-chrome-zero-day-to-steal-crypto/ 

 

Password Errors: Despite ongoing warnings from security experts, a significant number of individuals still engage in risky password practices, with many resorting to password reuse and even writing them down on paper. According to a report by password management firm Bitwarden, a quarter of respondents admitted to reusing passwords across 11-20 or more accounts. Additionally, a third incorporate easily obtainable personal information, such as birth dates and spouse names, into their passwords. Surprisingly, 33% write down their passwords on paper, and nearly half frequently reuse passwords across workplace platforms. However, the report also notes a positive trend, with increasing adoption of two-factor authentication (2FA) and a decline in password reuse among respondents.  

– Brought to you by TechRadar 

https://www.techradar.com/pro/security/a-shockingly-high-number-of-us-are-still-reusing-passwords-and-lots-are-still-even-writing-them-down 

 

Breaking Down Cyber Threat Key Findings: Verizon released its 2024 Data Breach Investigations Report (DBIR), examining cybersecurity incidents and data breaches from November 1, 2022, to October 31, 2023. With over 30,500 incidents and 10,626 confirmed breaches across 94 countries, the report offers insights into global cyber threats. Key takeaways include a significant increase in vulnerability exploitation for initial access, with a 180% rise compared to the previous year. Human error remains a significant factor in breaches, with phishing emails being clicked within seconds. Pure extortion attacks are on the rise, signaling a shift from encryption ransomware. Generative artificial intelligence (GenAI) has yet to make a significant impact in cyberattacks. Threat actors continue to adapt to cyber defenses, necessitating vigilance and adaptation from cybersecurity professionals. – Brought to you by SC Media 

https://www.scmagazine.com/news/verizons-2024-data-breach-investigations-report-5-key-takeaways 

 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products and Google Chrome. If you use these products, make sure the software (or firmware) is updated. 

 

Data Breaches in the News:  

Dick's Sporting Goods, Specialty Networks, USAA, CFCU, Strive HoldCo, CBIZ Benefits & Insurance Services, Blue Shield of California, Halliburton, and RSNA. 

Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax. 

 

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors. 

Other ways to report a scam: 

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register. 

--- Online Subscribers: Please click here to log in to read this story and access all content.

Not an Online Subscriber? Click here for a one-week subscription for only $1!.