Sep 03 2021

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Category: Email SecurityDISC @ 12:01 pm

Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.

The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source — we’ll call him “Bill” to preserve his requested anonymity — has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world’s major email providers each day.

Bill said he’s not sure where the passwords are coming from, but he assumes they are tied to various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis. Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials.

In about half the cases the credentials are being checked via “IMAP,” which is an email standard used by email software clients like Mozilla’s Thunderbird and Microsoft Outlook. With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds “OK” = successful access).

You might think that whoever is behind such a sprawling crime machine would use their access to blast out spam, or conduct targeted phishing attacks against each victim’s contacts. But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold.

And they seem particularly focused on stealing gift card data.

“Sometimes they’ll log in as much as two to three times a week for months at a time,” Bill said. “These guys are looking for low-hanging fruit — basically cash in your inbox. Whether it’s related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value.”

Source: Gift Card Gang Extracts Cash From 100k Inboxes Daily

DISC InfoSec Shop (tools and training)

DISC Infosec Books shop

Tags: Gift Card Gang

May 05 2021

Expert released PoC exploit for Microsoft Exchange flaw

Category: Email SecurityDISC @ 4:12 pm
Expert released PoC exploit for Microsoft Exchange flaw

A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems.

April 2021 Microsoft Patch Tuesday security updates addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480CVE-2021-28481CVE-2021-28482CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA).

All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.

The NSA confirmed that the critical vulnerabilities in the Microsoft Exchange server were recent discovered by its experts that immediately reported them to Microsoft.

“After we disclosed these vulnerabilities to Microsoft, they promptly created a patch. NSA values partnership in the cybersecurity community. No one organization can secure their networks alone” states the NSA.

Tags: Microsoft Exchange flaw

Apr 22 2021

Giving Out Your E-mail Increases Your Chances Of Getting Hacked

Category: Email SecurityDISC @ 2:37 pm
Giving Out Your E-mail Increases Your Chances Of Getting Hacked

Does it seem as if nearly every time you install an app, it wants you to register with your email or phone number? To add to that, these apps usually want loads of other sensitive information that they don’t need. This is because of desperate data collection attempts, as your personal information is like gold to the companies selling it (and those using it to manipulate you). Users e-mail addresses are also sold to spammers (and scammers) that will bombard you with spam and phishing e-mails.

Your online activity across many apps is tied to your email address and phone number, and it is used to build a profile on you. This is one of the reasons that you should not use your email address to sign up for multiple apps or services. However, adhering to that policy is difficult. Many of the major e-mail providers require you to enter your phone number (another detail used to link your activity across multiple online services), and they sell your data too.

Protecting Your E-mail Enhances Your Online Security

First: Your e-mail is half of your login credentials, and is used as the login across many websites. Your password is the second half, and password cracking is not a difficult feat.

If your e-mail address is leaked by a popular app or service — something that happens frequently, you are at risk of hackers using that e-mail to log into other services you use online. If hackers don’t have your password, they can hack your e-mail account and use that to request a password reset. E-mail-related hacks are among the most catastrophic because your inbox reveals all the apps and services you use online (including financial services like banking, exchanges, and PayPal).

What You Can Do

There are multiple ways to approach this problem, but the first should be restraint. Don’t give any app or company your e-mail address if you aren’t required to. If a company asks for your e-mail when it isn’t needed, you can decline or say that you don’t have an e-mail. Also, if you don’t want an app that is demanding your e-mail badly enough, just uninstall it.

If you have an iPhone or iPad, you can use the ‘Sign in with Apple’ option to register and select the option to hide your e-mail address when prompted. Apple will generate a fake e-mail address and forward messages from it to the real e-mail on your Apple account. This goes a long way towards protecting your online accounts from hackers and data miners.

Sign up for ProtonMail and Tutanota to get secure, end-to-end encrypted e-mail. Each of those providers will provide you with one e-mail address for free. I would recommend getting a paid account so that you can create multiple e-mail addresses and use one exclusively for your bank, and another exclusively for your PayPal to protect those financial accounts from hackers.

If you don’t want a paid account, then sign up for each of them with a different alias to get one free account from each of them (ensure that you abide by their terms of use). If you want a third, there is also Disroot. If you do decide to pay, you can use Bitcoin to avoid providing billing details (which contain your name and address) on ProtonMail.

Giving Out Your E-mail Increases Your Chances Of Getting Hacked

Basic Email Security: Volume 14 in John R. Hines’ Computer Security for Mere Mortals, short documents that show how to have the most email security with the least effort by [John R. Hines]

Apr 16 2021

NSA Discloses Vulnerabilities in Microsoft Exchange

Category: Email SecurityDISC @ 10:46 am
NSA Discloses Vulnerabilities in Microsoft Exchange

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

100+ fixes for the Windows world – plus holes in SAP, Adobe, FreeBSD, etc

“This month’s release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers,” Microsoft said in its blog post.

“These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers.

Clicking through Microsoft’s coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you’ll find the unspecified security partner is the NSA

Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems.

“NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks,” the signals intelligence agency said via Twitter.

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

InfoSec shop

Severe InfoSec shortages by 2021: Here's what you can do about it

Tags: Vulnerabilities in Microsoft Exchange

Apr 02 2021

CISA Orders Action Against Exchange Vulnerabilities

Category: Email SecurityDISC @ 12:04 pm
CISA Orders Action Against Exchange Vulnerabilities

“CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” the agency said in supplementary guidance to the earlier CISA Emergency Directive (ED) 21-02. “This determination is based on the current exploitation of these vulnerabilities in the wild, the likelihood of the vulnerabilities being exploited, the prevalence of the affected software in the federal enterprise, the high potential for a compromise of agency information systems, and the potential impact of a successful compromise.”

Tags: Exchange Vulnerabilities

Mar 24 2021

Microsoft says China-backed hackers are exploiting Exchange zero-days

Category: Email Security,Zero dayDISC @ 9:58 pm
Microsoft says China-backed hackers are exploiting Exchange zero-days

Tags: Exchange zero-days

Mar 15 2021

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Category: Email SecurityDISC @ 10:50 am
ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

A security researcher has released a new proof-of-concept exploit that could be adapted to install web shells on Microsoft Exchange servers vulnerable ProxyLogon issues.

Since the disclosure of the flaw, security experts observed a surge in the attacks against Microsoft Exchange mailservers worldwide.

Check Point Research team reported that that in a time span of 24 hours the exploitation attempts are doubling every two hours.

“CPR has seen hundreds of exploit attempts against organizations worldwide” reads the post published by CheckPoint. “In the past 24 hours alone, CPR has observed that the number exploitation attempts on organizations it tracks doubled every two to three hours.”

Most of exploit attempts targeted organizations in Turkey (19%), followed by United States (18%) and Italy (10%). Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%).

Security experts pointed out that the flaws are actively exploited to deliver web shells, and more recently ransomware such as the DearCry ransomware.

Last week, the independent security researcher Nguyen Jang published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers. The tool chains two of the ProxyLogon vulnerabilities recently addressed by Microsoft.

The availability of the proof-of-concept code was first reported by The Record.

more on: ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

ProxyLogon Microsoft Exchange exploit is completely out of the bagSecurity Affairs

Microsoft Exchange ProxyLogon attacks spike 10 times in four days

Tags: Microsoft Exchange exploit

Mar 13 2021

Developing a Strong Security Posture in the Era of Remote Work

Category: data security,Email Security,File Security,Information Security,Laptop Security,Linux Security,Mobile Security,Network security,Password Security,Physical SecurityDISC @ 10:08 pm
Developing a Strong Security Posture in the Era of Remote Work

Tags: Remote work

Mar 03 2021

Exchange Servers targeted via zero-day exploits, have yours been hit?

Category: Email Security,Zero dayDISC @ 8:59 am
Exchange Servers targeted via zero-day exploits, have yours been hit?

Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines.

Source: The zero-day bugs affecting Exchange Servers

Tags: Exchange Servers

Feb 07 2021

COMB breach: 3.2B email and password pairs leaked online

Category: Email Security,Security BreachDISC @ 11:48 pm
COMB breach: 3.2B email and password pairs leaked online

Aug 24 2020

Google Urgently Fixed A Gmail Bug After Delaying It For Months

Category: Email SecurityDISC @ 10:51 am

Email spoofing Gmail bug could bypass SPF, DMARC checks. After 137 days of report, Google fixed the bug within 7 hours of public disclosure.

Source: Google Urgently Fixed A Gmail Bug After Delaying It For Months

How to secure your GMAIL account like a pro | YubiKey Tutorial
httpv://www.youtube.com/watch?v=CBE1Oua0j4I

Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts and more.

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet




May 01 2019

Lagging behind: why government organisations need to upgrade their email security -TEISS® : Cracking Cyber Security

Category: Email SecurityDISC @ 12:51 pm

Organisations need to upgrade their email security

Maor Hizkiev, CTO and co-founder, BitDam, explains how and why government organisations are lagging behind in implementing standard email security measures and what needs to be done to improve the state of security in the public sector.

Source: Lagging behind: why government organisations need to upgrade their email security -TEISS® : Cracking Cyber Security


Email Security with Cisco IronPort

Email Security Awareness




 Subscribe in a reader




Apr 15 2019

Hackers could read non-corporate Outlook.com, Hotmail for six months

Category: Email SecurityDISC @ 7:42 pm

Hackers and Microsoft seem to disagree on key details of the hack.

Source: Hackers could read non-corporate Outlook.com, Hotmail for six months

Enter your email address:

Delivered by FeedBurner

 Subscribe in a reader




Feb 20 2019

Phishers’ new trick for bypassing email URL filters – Help Net Security

Category: Email SecurityDISC @ 10:34 am

Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services.

Source: Phishers’ new trick for bypassing email URL filters – Help Net Security





Apr 25 2011

Phishing emerges as major corporate security threat

Category: Email SecurityDISC @ 9:11 pm

A picture of the EVEREST visualization facilit...

Image via Wikipedia

Source: Computer World

The successful use of phishing emails to breach secure organizations like Oak Ridge National Laboratory and RSA are stark reminders of the serious threat posed by what some experts have dismissed as as a low-tech method of attack.

Oak Ridge, a U.S. Department of Energy-run research lab, this week disclosed it had shut down all Internet access and email services after discovering a sophisticated data stealing malware program on its networks.

According to the lab, the breach originated in a phishing email that was sent to about 570 employees. The emails were disguised to appear as notes about benefits changes written by the lab’s HR department. When a handful of employees clicked on the embedded link in the email, a malware program was downloaded onto their computers.

In terms of internal security, people are the weakest link – which makes phishing the emerging threat to any organization. Regular awareness training is one of the key control to countermeasure Phishing.

Latest titles on Phishing and countermeasures

Related articles




Tags: Internet access, Malware, Oak Ridge National Laboratory, phishing, RSA, U.S. Department of Energy, United States, United States Department of Energy

Oct 01 2009

Sophisticated phishing attack and countermeasures

Category: Cybercrime,Email Security,Identity TheftDISC @ 12:36 am

phishing

Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft

Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In daily life people advise to retrace your steps when you lose something. The question is how you retrace your steps on cyberspace where some uber hackers know how to erase their footsteps to avoid detection. It is difficult to find phishers in cyberspace, and jurisdictional issues make it even harder to prosecute them. Then there is an issue of trust that phishers dupe people to believe that their web site is not fraudulent to collect personal/financial information.

Below is an example of sophisticated phishing attack
Link to phishing email

It looks very legit, with all the correct data, logos, graphics and signatures.

One giveaway: the TSA rule change has nothing to do with rental cars. It only affects your airline ticket vs your photo ID (drivers license, passport, whatever.)

To verify that this is bad stuff, right click on the links. You get “http://click.avis.com/r/GDYHH9/16HY8/6V5I29/M93XX4/YCCJP/A5/h”, which looks OK on first glance, since it says “avis.com”. But myAvis should not send me to “click.avis.com”. I also noticed that all the other links send you to the same location.

The clincher (here comes the geeky stuff:)

To open a terminal window, press the “Windows key” and the letter “R”.

You will see the “Run Dialog Box”. Type “cmd”, and press “OK

Open a terminal window and run nslookup:

C:\> nslookup
> www.avis.com <<< check IP address of the real AVIS web site Server: 4.2.2.3 Address: 4.2.2.3#53 Non-authoritative answer: www.avis.com canonical name = www.avis.com.edgekey.net. www.avis.com.edgekey.net canonical name = e2088.c.akamaiedge.net. Name: e2088.c.akamaiedge.net Address: 96.6.248.168 <<< get IP address of the real AVIS web site > click.avis.com <<< now check IP address of the bogus AVIS web site Server: 4.2.2.3 Address: 4.2.2.3#53 Non-authoritative answer: click.avis.com canonical name = avis.ed10.net. Name: avis.ed10.net <<< not the same domain as the real AVIS domain Address: 208.94.20.19 <<< note IP address is in a totally different sub net > 208.94.20.19 <<< now do a reverse lookup of the fake AVIS web site Server: 4.2.2.3 Address: 4.2.2.3#53 ** server can't find 19.20.94.208.in-addr.arpa.: NXDOMAIN <<< it should give you the web site name > avis.ed10.net <<< bogus AVIS web site name Server: 4.2.2.3 Address: 4.2.2.3#53 Non-authoritative answer: Name: avis.ed10.net Address: 208.94.20.19 > 208.94.20.19

Moral of the story: be very careful with links in emails and web pages. To check the authenticity of the link, right click on the link, copy that to a text file and take a good look.
Don’t click on the phisher’s email. Type URL into web browser yourself

——————————————————————————————————————————–
In the table below are the 12 threats to your online identity which can be manipulated in phishing scams, and possible countermeasures to protect your personal and financial information. Some threats are inadequate or no security controls in place. The last row of the table is a monitoring control to identify the warning signs of identity theft.
——————————————————————————————————————————–
[TABLE=7]



Download a free guide for the following cloud computing solutions

Hosted email solution
Hosted email archiving
Hosted web monitoring
Hosted online backup




Tags: email archiving, Email Security, Identity Theft, online backup, phishing, phishing countermeasures, phishing threats, web security

Oct 21 2008

12 Phishing Threats and Identity Theft

Category: Email Security,Identity TheftDISC @ 7:22 pm

Have you ever thought of losing something and you cannot live without it? Yes, that something can be your identity. Phishing is a practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information. In daily life people advise to retrace your steps when you lose something. The question is how you retrace your steps on cyberspace where some uber hackers know how to erase their footsteps to avoid detection. It is difficult to find phishers in cyberspace, and jurisdictional issues make it even harder to prosecute them. Then there is an issue of trust that phishers dupe people to believe that their web site is not fraudulent to collect personal/financial information.

Amongst the financial crisis, phishing might be on the rise because for many organizations information protection might be the last thing on their mind. The FDIC has created a webpage to inform and warn consumers about “phishing.” These days phishers have targeted social network organizations LinkedIn and Facebook where their members have been duped into revealing their sensitive data.

Mainly phishing attacks are targeted to steal the identity. Now the question is, how easy it is to steal somebody’s identity? Let’s say a phisher has your name and address, and then he/she can get your Social Security number with the search on AccurInt or other personal database website. A Social Security number is not the only bounty a fraudster can find on these websites, other personal/private information is available as well at minimal cost.

In the table below are the 12 threats to your online identity which can be manipulated in phishing scams, and possible countermeasures to protect your personal and financial information. Some threats are inadequate or no security controls in place. The last row of the table is a monitoring control to identify the warning signs of identity theft.

[Table=7]

Organizations should take necessary steps to protect against identity fraud and apply whatever state and federal legislation applies to your business. Organizations which are serious about their information security should consider implementing the ISO 27001 (ISMS) standard as a best practice, which provides reasonable due diligence to protect and safeguard your information.

US Bank phishing attack exposed
httpv://www.youtube.com/watch?v=n2QKQkuSB4Q


(Free Two-Day Shipping from Amazon Prime). Great books




Tags: accurint, countermeasure, cyberspace, due diligence, equifax, experian, facebook, fdic, financial crisis, fraudster, identity fraud, information protection, isms, iso 27001, jurisdictional, legislation, linkedin, phishing, prosecute, safeguard, social security, threats, transunion, uber hacker

Sep 18 2008

Email and Security

Category: Email SecurityDISC @ 3:14 am

As we know, it is possible to spoof an email sender’s name, so now the question of how to authenticate the sender has become even more important, since email has been used to send sensitive information.

In the recent case of Gov. Sarah Palin’s email, her email account got hacked and the hacker posted the screen shot of her email to WikiLeaks. Freedom of information laws require messages from government email accounts to be placed into the public record, so some public officials try to use Yahoo/Gmail to keep the information out of public scrutiny.

First of all public figures should avoid using public email addresses and even if you do don’t make it so obvious by naming it eponymously as did Gov.Palin. This information is owned by the commercial email sites and system administrators can see the email in the mailbox and can capture the text in transit. In commercial sites you will draw a great amount of attention, If you happen to be a high profile figure.

Second, perhaps we should not use commercial channels for private or sensitive information. If it’s necessary to use email as for sensitive information, make sure your email is encrypted in accordance with the Advanced Encryption Standard.

Third, two factor authentication for sensitive email is industry standard now, which requires the user to possess something (Token) and something only the user knows (Password or PIN). Two factor authentications provide identity theft protection.

Finally, strong authentication is a solution to secure identities and use of the Advanced Encryption Standard minimizes the exposure of email content.

How to forge email addresses


(Free Two-Day Shipping from Amazon Prime).




Tags: authenticate, authentication, encryption, minimize exposure, palin, secure identities, spoof, theft protection

« Previous Page