Lure email purporting to be giving away a “free” piano. Image Source: Proofpoint
The NJCCIC recently received reports of a phishing campaign that was also identified by Proofpoint. The campaign involves malicious emails using piano or musical instrument-themed messages to lure people into advance fee fraud (AFF) scams. At least 125,000 messages associated with a piano scam campaigns have been identified since January, primarily targeting students and faculty at North American educational facilities. Proofpoint noted that some healthcare and food and beverage organizations were also targeted.
The phishing emails claim that a staff member is giving away a piano and other musical instruments for free due to downsizing or moving. When a target replies, the threat actor instructs them to arrange delivery by contacting a shipping company via a fraudulent email address managed by the threat actors. The “shipping company” then claims they will send the piano if the recipient sends the money for shipping first.
Proofpoint reported that a single Bitcoin wallet address linked to this campaign currently holds over $900,000, although it is unknown if all funds were accumulated from the “free piano” lure. Analysts assess that multiple threat actors are likely conducting different types of scams simultaneously using the same wallet address due to the volume of transactions, variation in transaction prices, and the overall amount of money associated with the account. Proofpoint analysis also revealed that one of the cybercriminals used a Nigerian IP address, suggesting that at least part of the operation is based in Nigeria.
DarkGate has spread through several phishing campaigns, including fake browser updates, the messaging feature in Microsoft Teams, and PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects. The NJCCIC recently reported on a DarkGate campaign exploiting a Windows SmartScreen vulnerability.
The NJCCIC’s email security solution has recently observed multiple attempts to spread DarkGate malware through various phishing campaigns. These emails were flagged as they included newly registered domains and uncommon senders. While the content of the emails varied, they primarily referred to charges and payments due and included malicious HTML attachments. Once opened, a fake Microsoft Word document is loaded, displaying an error message that requests the installation of a root certificate and instructions for remediation. Upon initiating the purported fix, a PowerShell script triggers and installs DarkGate on the user’s device.
A second observed DarkGate campaign used similar phishing emails with malicious HTML attachments; however, once opened, the attachments claimed the user could not connect to Microsoft OneDrive. After clicking the “How to Fix” button, either PowerShell scripts automatically downloaded DarkGate or users were instructed on how to open PowerShell to initiate the “fix” themselves, which initiated the malware download.
Recommendations
Avoid clicking links and opening attachments in unsolicited emails.Confirm requests from senders via contact information obtained from verified and official sources.Type official website URLs into browsers manually.Facilitate user awareness training to include these types of phishing-based techniques.Maintain robust and up-to-date endpoint detection tools on every endpoint.Consider leveraging behavior-based detection tools rather than signature-based tools.Phishing and other malicious cyber activity can be reported to the FBI’s IC3 and the NJCCIC.
See yourself in cybersecurity. You don’t need experience — just the passion and drive to enter a demanding and rewarding field, one that opens limitless opportunities worldwide.
As part of our commitment to help close the cybersecurity workforce gap and diversify those working in the field, ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people.
Start Your Journey To participate in the One Million Certified in Cybersecurity program, please follow these simple steps:
Complete your ISC2 Candidate application form and select Certified in Cybersecurity as your certification of interest.
Once the application is complete, you’ll become an ISC2 Candidate. It’s free to join and you’ll gain access to Official ISC2 Certified in Cybersecurity Online Self-Paced Training and the opportunity to register for the free certification exam. You will find your access on the Candidate Benefits page.
Upon passing the exam, complete the application form and pay U.S. $50 Annual Maintenance Fee (AMF). Once completed you’ll become a certified member of ISC2 – the world’s largest association of certified cybersecurity professionals – with access to a broad range of professional development resources to help you throughout your career
Your self-guided tour toward certification — now featuring adaptive learning for a streamlined experience customized to each individual. Leveraging the power of AI, the training guides learners through a self-paced learning experience adapted to their individual needs. This class will have instructor Lead class it will Be 2 Saturday in a row Dates: July 20, 27 Time: 8-4 Location: Virtual Class is Offered by ISC2 NJ chapter. You do not need to be a member but of course you can join even if your not in New Jersey. I will be teaching the Class.
Exam included.
Pay U.S. $50 Annual Maintenance Fee (AMF) upon passing the certification exam.
HOPE XV will be the fifteenth Hackers On Planet Earth event. July 12-14, 2024 at St. John University Queens, NY
This event promises to be memorable. It is open to all hackers, makers, tinkerers, experimenters, artists, educators and anyone else with an interest in exploring and improving the world we live in and sharing knowledge with others.
Virtual tickets get you all the presentations via livestream, plus access to live chat with other attendees and presenters.
HOPE is an all-ages event with multiple simultaneous sessions and many other things to do throughout the weekend. All of this is in a relaxed and comfortable university environment, with friendly and supportive conference attendees.
I was presented with a Lifetime Achievement Award at SECON NJ at Kean University. From Ken Fisken president of ISC2 New Jersey Chapter. To say I was shocked is an understatement, I am very honored to be the recipient of this honor. As I say, if all of us would give back to community 1 hour, think how much better the world would be.
There is an incorrect and widespread assumption that hardware is inherently secure. However, this report documents numerous potential security failures that can occur in hardware. It also demonstrates the diverse ways in which hardware can be vulnerable.
The authors leveraged existing work on hardware weaknesses to provide a catalog of 98 security failure scenarios. Each of these is a succinct statement that describes how hardware can be exploited, where such an exploitation can occur, and what kind of damage is possible. This should raise awareness of the many types of hardware security issues that can occur.
The public comment period for this initial public draft is open through July 31, 2024. See the publication details for a copy of the draft and instructions for submitting comments.
Cloud-native applications, which are generally based on microservices-based application architecture, involve the governance of thousands of services with as many inter-service calls. In this environment, ensuring data security involves more than simply specifying and granting authorization during service requests. It also requires a comprehensive strategy to categorize and analyze data access and leakage as data travels across various protocols (e.g., gRPC, REST-based), especially within ephemeral and scalable microservices implemented as containers.
Hence, in addition to techniques for protecting data at rest (e.g., regular expressions), it has become essential to develop in-transit data categorization that performs real-time data analysis to actively monitor and secure data as it moves across services and network protocols. This IR outlines a practical framework for effective data protection using the capabilities of WebAssembly (WASM) — a platform-agnostic, in-proxy approach with compute and traffic processing capabilities (in-line, network traffic analysis at layers 4–7) that can be built and deployed to execute at native speed in a sandboxed and fault-tolerant manner.
The public comment period for this initial public draft is open through August 1, 2024. See the publication details for a copy of the draft and instructions for submitting comments.
NIST requests feedback on all aspects of these publications. Additionally, NIST would appreciate feedback on the guidance for CMAC and CCM authentication tag lengths. Currently, both publications recommend a minimum tag length of 64 bits.
Should these publications require that the authentication tags for CMAC and CCM meet a minimum threshold, such as 64 bits or more?
If not, what conditions/requirements on implementations should be specified for the use of shorter authentication tags for CMAC and CCM?
The public comment period is open through September 13, 2024. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.
Send comments to cryptopubreviewboard@nist.gov with “Comments on SP 800-38B” or “Comments on SP 800-38C” in the subject.
Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.
Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft 365 Virtual Training Day from Microsoft Learn. Join us at Prepare Your Organization for Microsoft Copilot for Microsoft 365 to learn how to implement AI to help ignite creativity, enhance productivity, and strengthen computing and collaboration skills. You’ll learn about the capabilities of Copilot, including how it works, how to configure it, and how to set it up for more powerful searches. You’ll also explore how Copilot works with Microsoft Graph—and your existing Microsoft 365 apps—to provide intelligent, real-time assistance. You will have the opportunity to: Understand the key components of Copilot for Microsoft 365 and how it works. Learn how to extend Copilot with plugins. Get guidance on completing the necessary Copilot technical and business requirements to prepare for implementation. Learn how to assign Copilot licenses, prepare your organization’s Microsoft 365 data for Copilot searches, and create a Copilot Center of Excellence. Join us at an upcoming Prepare Your Organization for Microsoft Copilot for Microsoft 365 event: June 28, 2024 | 12:00 PM – 2:00 PM | (GMT-05:00) Eastern Time (US & Canada)
Delivery Language: English Closed Captioning Language(s): English
Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft 365 Virtual Training Day from Microsoft Learn. Join us at Microsoft 365 Fundamentals to learn how to simplify the adoption of cloud services while supporting strong security, compliance, privacy, and trust. Also, discover how applications such as Microsoft Teams and Microsoft Viva help improve productivity, facilitate collaboration, and optimize communications. After completing this training, you’ll be eligible to take the Microsoft 365 Fundamentals certification exam at 50% off the exam price. You will have the opportunity to: Find out how the productivity, collaboration, and endpoint management capabilities of Microsoft 365 empower people to stay connected and get more done across hybrid environments. Discover how Microsoft 365 security, compliance, and identity solutions help secure an entire digital estate, simplify compliance, and reduce risk. Explore the pricing models, licensing, and billing options available to meet the needs of your organization. Join us at an upcoming two-part Microsoft 365 Fundamentals event: June 20, 2024 | 12:00 PM – 3:30 PM | (GMT-05:00) Eastern Time (US & Canada) June 21, 2024 | 12:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada)
Delivery Language: English Closed Captioning Language(s): English
