Windows Server 2012 and 2012 R2 End of Life
This is a reminder that Microsoft has announced the End of Life for Windows Server 2012 and 2012 R2 on October 10, 2023.
End of Life means no more “security updates, non-security updates, bug fixes, technical support, or online technical content updates.” It means increased risk. So please make sure you have a solution lined up. If my team and I can help, please don’t hesitate to reach out.
At-risk Accounts
A couple of weeks ago, the Cyberint research team observed and reported on “an ongoing and successful hacking campaign targeting LinkedIn accounts.”
They saw posts of LinkedIn users saying they had been locked out of their accounts and found a 5,000% increase in the last few months of search terms for LinkedIn ‘hack’ or ‘recover record.’ There were also reports of users being pressured to pay a ransom to get access back.
Cyberint says the motive is unclear, but the impact could be vast:
“Threat actors could exploit compromised profiles for social engineering, manipulating others into engaging in harmful activities under the disguise of a trusted colleague or supervisor. Furthermore, instances of blackmail have surfaced, wherein victims are forced to pay for the threat actors’ financial gain. Moreover, valuable information exchanged in LinkedIn conversations between colleagues could be leveraged by threat actors for data gathering. Additionally, reputational damage is serious, as users often rely on LinkedIn to showcase their accomplishments, publish content, and bolster their professional image. Hacked accounts could be used to spread malicious content, erase years of contributions, or send damaging messages to connections, severely damaging an individual’s reputation. Users’ substantial efforts in building connections, followers, and reputations over time could be destroyed in seconds.”
So if you have a LinkedIn account, make sure your password is strong and unique, and turn on two-factor authentication (2FA) if you have not yet.
Duolingo
If you, or someone you know has ever used the language learning app Duolingo, be on the lookout for targeted attacks.
Hackers have released 2.6 million real names, emails, and Duolingo details on the dark web. Experts warn that convincing and personalized messages could go out targeting these people to download malware, give up their payment information, or outright pay the criminals money by impersonating Duolingo.
As I’ve mentioned before, you can use the website HaveIBeenPwned to see if your email has been compromised. But if you’re not comfortable with that, try to be extra careful and alert with any messages about Duolingo or related topics. Even if you get one that looks legitimate, go to the app or website independently, without clicking on any links.
CISA, the NSA, and the FBI recently co-authored a cybersecurity advisory, along with agencies from Canada, Australia, New Zealand, and the UK, on the 2022 Top Routinely Exploited Vulnerabilities.
The reason for the report is this: “In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems.”
Why?
“Malicious cyber actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure.
…developing exploits for critical, wide-spread, and publicly known vulnerabilities gives actors low-cost, high-impact tools they can use for several years.”
Click the image above to view the pdf and get details on the common vulnerabilities and weaknesses, as well as recommended mitigations.
If I can save you some time, however, I would boil it down to this: apply timely patching to your systems.
The report includes more, including setting up detection and analysis tools, for example, but if you can apply patches, or work with a partner who will do so for you, your business will be less at risk.
2 Final Warnings
Trip Advisor Fake Complaints
ou are likely too savvy to fall for this one, but just in case.
Beware emails containing a ZIP file or HTML attachment claiming to contain a TripAdvisor complaint. Clicking on the attachment (which you know you should not do) appears to open a browser with another button to click to read the complaint. That alone should set off alarm bells. Then if you do click again, an Excel sheet opens up with the option for you to enable an add-in–yet another red flag.
Remember to not let your curiosity get the better of your cybersecurity awareness training.
Beta Testing Apps
This heads up comes from the Internet Crime Complaint Center (IC3) division of the FBI.
“The FBI is warning the public that cyber criminals are embedding malicious code in mobile beta-testing applications (apps) to defraud potential victims. Beta-testing apps are online services for testing of mobile apps prior to official release. The beta apps typically are not subject to mobile operating systems’ review processes.”
They warn to look out for these red flags if you download one of these malicious apps:
- Your phone battery drains faster than usual
- Unauthorized apps gets installed on your device without your knowledge
- You get persistent pop up ads
Click here to read the public service announcement and get other safety recommendations.
