Cyber ​​Security Today, June 10, 2022 – Emotet botnet is spreading

Emotet botnet spreading, fake Facebook scam and more.

Welcome to Cyber ​​Security Today. Today is Friday, June 10, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.

IT and security officials are notified that the botnet distributing the Emotet malware is back. After its infrastructure was dismantled more than a year ago by a certain number of organizations responsible for the application of the law, it remained silent for a while. But according to the researchers of Deep Instinct, a risen emotet package appeared at the end of last year, with massive phishing campaigns targeting Japanese companies in February and March. Researchers are now reporting that new phishing campaigns have recently started spreading Emotet to more regions. Employees should be warned to watch for emails containing alleged Microsoft Excel spreadsheets or Office documents. Attachments are infected. These messages can appear in the middle of email conversations with people whose email has been hacked. But because the sender’s email is one the victim knows, it looks legitimate.

that Atlassian is urgent administrators to quickly install a security patch to close a vulnerability in its Confluence Server and Data Center applications. It didn’t take long for threat actors to search for flaws. Security researchers from Lacework Labs said this week that Kinsing and Hezb malware added ways to exploit this flaw. The same goes for the Dark.IoT botnet. The warning has been issued and administrators have no excuse for not fixing this vulnerability by now.

About 1 million Facebook users recently had their usernames and passwords stolen by logging into fake Facebook pages. According to security researchers at a firm called Pixm, victims get messages with a video link on Facebook Messenger from the hacked accounts of people they know. As a result, they trust the message and are ready to click on the link. This takes them to what looks like a Facebook verification login page. In fact, it is a scam to copy their credentials. After logging in, victims are redirected to a webpage that contains advertisements. Besides stealing passwords, the scammer also gets paid for the number of people who see the ads. The scam works because it bypasses Facebook’s security checks. The best way to protect yourself against this type of scam is to sign up for Facebook’s multi-factor authentication protection service. But also, whenever you link to a page, check the URL at the top and make sure it’s the real thing. It’s hard to do on a mobile device, so think carefully if you’re on a smartphone, click on an email or text link and get to a login page.

There is another warning about the dangers of downloading free versions of software you’re supposed to pay for. It comes from researchers at Avast who note these so-called free applications come with an unannounced gift — malware that infects victims’ computers. Some steal data. Others steal the cryptocurrency the victims have. Avast estimated in a recent campaign that a malicious actor collected $50,000 in cryptocurrency in a month. Victims are tempted by offers of free versions of well-known software such as Microsoft Office, Movavi Video Editor and other games, office programs or media downloader applications.

That’s it for this morning. But remember later today, the Week in Review edition will be available. My guest will be Terry Cutler from the Montreal Cyology Laboratory. We will discuss the LockBit ransomware gang’s claim that they have data from security provider Mandiant for sale.

Links to podcast story details are in the text version on ITWorldCanada.com. This is where you will also find other stories of mine.

Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Comments are closed.