Friday Five 6/10
Read up on how Apple is getting ahead of the curve on security, how you could be targeted in a Facebook phishing scam, why a different type of cyberattack could surpass ransomware, and more all in this week’s Friday Five!
1. Facebook users targeted in massive phishing campaign by Christopher Boyd
Facebook is said to have been the launchpad for a large-scale phishing campaign that saw the stealing of one million credentials over the course of four months, according to researchers at PIXM. Read more about how the phishing attack works, the status of the phishing campaign, and tips to avoid such attacks on Facebook, which include:
- Avoiding needlessly logging in for a second time
- Enabling two-factor authentication
- Adding login alerts to your Facebook account
2. FBI takes down dark web marketplace for U.S. citizen personal data by Tonya Riley
Only weeks after seizing weleak.to, the FBI announced this past Tuesday that they took down the dark web marketplace known as SSNDOB, which has sold the personal data of nearly 24 million U.S. citizens during its operation. “Services like SSNDOB enable several different kinds of digital fraud by giving cybercriminals access to stolen PII,” according to researchers at Chainalysis. Read more to find out how much money this operation made and what the takedown means for those whose information has been compromised.
3. Hackers are now hiding inside networks for longer. That's not a good sign by Danny Palmer
According to cybersecurity researchers at Sophos, cyber criminals now spend a median of 15 days inside compromised networks, which is up four days compared to the year before. "It seems pretty obvious you don't want people in your network, but the longer they have, the more time they have to completely compromise the environment. If they're having to move quickly they might miss something," said John Shier, senior security advisor at Sophos. Read the full report to learn more about which organizations struggle the most to detect suspicious activity, how attackers are gaining access to systems, and how malicious access can be prevented.
4. Apple's New Feature Will Install Security Updates Automatically Without Full OS Update by Ravie Lakshmanan
According to a recent statement released by Apple, macOS Ventura and iOS 16 will be adding a Rapid Security Response feature that will deploy security updates without the need for a device restart. These security updates will be kept separate from regular software updates, meaning that users will be more quickly protected against emerging threats. Read more about this update along with other upcoming security updates from Apple in the full piece from The Hacker News.
5. The Hacker Gold Rush That’s Poised to Eclipse Ransomware by Lily Hay Newman
Recent findings indicated that business email compromise—that is, infiltrating a legitimate corporate business email account to use in scams—may soon overtake ransomware as the most ideal form of attack. While business email compromise is said to rely more on social engineering compared to ransomware, when successful, it has been found to be the most profitable type of scam while carrying less risk. Find out more about what may cause this shift in the full article from Wired.