The rate of attempted email sextortion may be going up. Security vendor Barracuda Networks says its customers are seeing more of these scams, where attackers try to trick victims into giving them money. They claim to have a compromising video, allegedly recorded on the victim’s computer, and threaten to share it with all their contacts unless they pay up. To convince victims, the attackers may include a victim’s email password, which they got from an earlier data theft.
Some subject lines ask the victim to change their password to get their attention. Other messages have implied threats like, “You are my victim.” or “This is my last warning.” University and college students are frequent targets.
Companies have to make sure their email systems can’t be compromised and allow thieves to steal usernames and passwords. If you get one of these messages think carefully. The attacker likely has nothing on you and has obtained an old password. If you do pay a ransom, there’s no guarantee the attacker won’t come back and ask for more. If you get the message at your work address, notify the IT team. If you get it at home, forward the message to police.
Want more privacy by erasing your Facebook history so advertisers can’t use it? You will sometime later this year. Security Week says a Facebook official told a technology conference this week that the company is planning to roll out the deletion feature. The ability, first announced by the company over a year ago, will allow users to see which apps and websites send the network information, to delete the data from their account, and prevent Facebook from storing it.
You may not have heard of Elasticsearch, a search and analytics engine used by organizations to hunt through corporate data. Well, Elasticsearch databases that aren’t protected and are left open on the Internet are great opportunities for data theft. The Dow Jones financial service found that out this month when security researcher Bob Diachenko discovered the supposedly subscriber-only Dow Jones Watchlist dataset open for viewing. The Watchlist is used by organizations in researching whether it’s risky to do business with certain people or firms. Apparently, someone with legitimate access to the list made a mistake with a setting. Eliminating configuration mistakes is a big problem for IT security staff.
Also this week Cisco Systems Talos security service said it has evidence that hackers are looking for unsecured Elasticsearch clusters, particularly older versions of the software. Attackers are using old vulnerabilities to drop malware and cryptocurrency miners onto servers. Administrators should make sure they’re running the latest version of Elasticsearch.
Finally, the Coinhive cryptomining service is a legitimate way to install a Monero mining capability on your computer’s browser. However, it is notorious for also being used by criminals to plant the app on unsuspecting victims to reap the rewards for themselves. Well, thanks to the plunge in the value of Monero Coinhive will close on March 8th. It probably didn’t help that Google banned cryptomining browser extensions for the Chrome browser last year, and Apple banned cryptomining apps from their app stores.
That’s it for Cyber Security Today. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.