Cyber News
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
Be Very Sparing in Allowing Site Notifications
December 2, 2020
An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters. Read more >>>
Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns
November 24, 2020
A spike in recent phishing and business email compromise (BEC) attacks can be traced back to criminals learning how to exploit Google Services. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple way to digitize the traditional office. Google services are being used by malicious actors to give their spoofing attempts a false veneer of legitimacy, both to security filters and victims. Their target is your password. Read more >>>
FBI Warns of Increasing Ragnar Locker Ransomware Activity
November 24, 2020
"The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data," the FBI says in the TLP:WHITE flash alert. "Since then, Ragnar Locker has been deployed against an increasing list of victims, including cloud service providers, communication, construction, travel, and enterprise software companies." Read more >>>
Patch Tuesday, November 2020 Edition
November 16, 2020
Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug. Read more >>>
BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers
November 5, 2020
A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof Rackspace customers' domains as part of its operations. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users. Read more >>>
Scam PSA: Ransomware gangs don't always delete stolen data when paid
November 5, 2020
Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Now, victims are being extorted through the encryption of their files and the risk of their data being published and causing a data breach. Read more >>>
