CyberSecure Solutions Security Bulletin (July 24, 2019)

Overview

  • Phish Tale of the Week
  • Sprint Breach Exposes Customer Data
  • Critical Flaw Found In VLC Media Player
  • How Can Netizen/CyberSecure Solutions help? 

Phish Tale of the Week

As is typical for most businesses, our HQ Office inbox receives the occasional phishing email attempting to trick an employee into sending the perpetrator some sort of payment or money order. In this case, the perpetrator was impersonating CyberSecure Solutions CEO, Michael W. Hawkins. Fortunately, Netizen and CyberSecure Solutions staff are regularly trained in email phishing and social engineering awareness. The attempt pictured below can be deconstructed and analyzed to point out the obvious, and not so obvious, details that prove this email to be fraudulent. 

Take a look below:

Some tell-tale signs that raise suspicions:

  1. The first detail shows that this email is being sent from an EXTERNAL account outside of the Netizen/CyberSecure environment. 
  2. Second, we can see multiple text and grammar errors, such as examples 2 and 3. 
  3. Example 4 shows an unprofessional signature to the email, which does not match the standard company signature. 


General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s Cybersecurity Brief: Sprint Customer Data Breached via Samsung Website Flaw, Critical Flaw Found in VLC Media Player

Sprint Customer Data Exposed

Sprint informed its customers that a major security breach took place on June 22. Hackers used an undefined vulnerability on a promotional Samsung website to obtain Sprint customer information. The amount of accounts breached has not been disclosed yet, but Sprint stated that among the exposed data was customers’ cellphone numbers, addresses, device types, device ID’s account numbers, and first and last names. The company promptly secured the vulnerability, changing the PINs for accounts that may have been compromised, and informed its customers of the event as well as recommendations to change their account passwords to avoid any possible exploits. Those affected have also been notified to place fraud alerts on their credit reports, monitor their credit changes and file a report of any suspected cases of identity theft.

Experts warn any victims of the breach to follow the recommended actions take this breach seriously. “Regardless of the number of individuals affected, the type of information hackers had access to leaves Sprint customers vulnerable to identity theft and fraudulent activity,” Bitglass Chief Technology Officer Anurag Kahol said. “When armed with payment card information and personally identifiable information (PII), malicious parties can engage in highly targeted phishing attacks, make fraudulent purchases, sell said data on the dark web for a quick profit, and much more.”   

To read more about the Sprint breach, click here.

VLC Media Player Vulnerability Leaves PCs Exposed

VLC Media Player is a free and open-source, cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. The tool is a very popular program that operates on Windows, Linux, Mac OS X, Unix, iOS, and Android systems. However, with its popularity and cross-platform capabilities, the program has caused concern for users after news broke that the VLC Media Player might be leaving PCs vulnerable to being hacked remotely. 


Identified as CVE-2019-13615, the vulnerability in the hugely popular VLC Media Player (v 3.0.7.1) was recently discovered by Germany’s national Computer Emergency Response Team (CERT Bund). CERT Bund also stated that the affected systems are Windows, Linux or Unix machines, leaving machines operating on Mac OSX secure. Apparently, the flaw has left billions of computers exposed to Remote Code Execution (RCE) where hackers can get unauthorized access to install and execute malicious code and modify files/data on target machines and cause disruption through denial-of-service attacks (a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet). The good news is that there are no examples of this vulnerability being exploited in the wild, although many users have begun uninstalling the VLC Media Player as a safety measure. 

Recommendations: Until further notice from VLC or VideoLAN, halt usage of the program and instead use an alternative option like Windows Media Player. Monitor the situation and wait for the company to release a patched update for the program before resuming using the tool. 

To read more about the vulnerability, click here.

The Big Picture:

No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

How Can CyberSecure Solutions Help?

CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.


CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.