IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Gift USB are they a Problem ?

    The FBI is warning of attacks from the FIN7 APT in which victims are sent USB drives via USPS and prompted to examine its contents. This attack is a variation of the “lost USB” or “BadUSB” tactic in which a malicious USB is dropped on site with the intention of a curious employee finding it and inspecting the contents. This version, however, is much more targeted.

Warning About Coronavirus themed health advisories

    Threat actors are currently spreading malicious Coronavirus themed health advisories via email which, when opened, deploy a Remote Administration Tool (RAT) onto the systems of targets. This phishing campaign has been traced back to APT36, a Pakistan-based group notable for targeting Indian defense and government entities. Researchers at Malwarebytes Labs’ Threat Intelligence Team note that the emails attempt to impersonate Indian government officials and target residents of India.

Defending Against COVID-19 Cyber Scams

The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

Discovery of Cloud Snooper this week

    Cloud security is as important as ever as more and more services are moved to the cloud. Unfortunately misconfigured servers still exist, regardless of where they are located. A simple Google search (no Shodan required) is all it takes to find unsecured S3 buckets, which can be treasure troves of information. Let's be real though, that type of find is low-hanging fruit that any script kiddie or automated tool can find.

Revoking Over 3 Million Digital Certificates Due To Bug

    The popular free Certificate Authority (CA), Let’s Encrypt, will be revoking mil-lions of certificates that enable Transport Layer Security (TLS), the subsequent protection of data between machines, and the positive identification of services for their customers. Digital certificates bind a public cryptographic key to a name. It binds it to a domain name in the case of web traffic utilizing the HTTPS protocol.


Subscribe to RSS - Jay Ferron's blog