Grey Security

11/22/2021

CYBER SECURITY WARNING WHEN ONLINE SHOPPING.

Lots of online systems use Adobe Magento which seems to have been exploited months ago. Over 4000 online retailers are getting notifications ahead of Black Friday that this maybe a concern.

If you do purchase things online, It is recommended to use a card and/or account made just for online shopping and purchases. When applicable use a third party service like Paypal or Apple Pay that will have added protections included with some insurances.

Only use trusted sites and after the holiday purchase season, it is a good idea to continue to monitor your bills for a few months and change any passwords or authentications setup with your payment platforms.


https://www.zdnet.com/article/adobe-patches-magento-bugs-that-lead-to-code-execution-customer-list-tampering/

11/02/2021

https://www.cyberark.com/resources/threat-research-blog/cracking-wifi-at-scale-with-one-simple-trick

How I Cracked 70% of Tel Aviv’s Wifi Networks (from a Sample of 5,000 Gathered WiFi). In the past seven years that I’ve lived in Tel Aviv, I’ve changed apartments four times. Every time I...

10/29/2021

http://www.phrack.org/issues/70/4.html

10/27/2021

https://cacm.acm.org/

Remote Adjunct Faculty for Cybersecurity, Information Technology, Computer Science, and Data Science - University of West Florida - Pensacola, FL Pensacola, FL, United States

10/14/2021

A good read on how companies manipulate or allow certain data to push you into impulsive buying habits and how this relates to conditioning ourselves to allow scammers to be just as effective.

The evolution of tricky user interfaces.

10/13/2021

Some new scams seem to target your "Ameren" accounts. I was told that a 3rd party had overcharged me and that I would get a refund and a 30% off my bill for the error. Talking further with them it was clear that it was not legit, he asked for my address and my zip code and and ( things he would know had this been real)

Another scam I have seen more and more is a "refund" on an accidental purchase from Amazon or Walmart. These seem to come in the forms of emails and phone calls.

Never pay someone you are not 100% sure is legit, Get a phone number to call them back and do some research first. Know that Amazon and Microsoft will never call you out of the blue, now will the IRS and if they do reach out, will do so with certified mail as well. So never give personal information over the internet or your cell phone.

10/06/2021

https://twitter.com/Twitch/status/1445770441176469512

Twitch Users

Twitch has been breached. Changing passwords and enabling 2 factor Auth is highly recommended other than just deleting it. They are still assessing the damage.

“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”

06/17/2021

CISA.GOV has a few cool Graphic Novels out about cyber security related threats. Actually pretty interesting reads.
https://www.cisa.gov/sites/default/files/publications/cfi_real-fake_graphic-novel_508.pdf

https://www.cisa.gov/sites/default/files/publications/bug_bytes_graphic_novel_508_v2.pdf

06/10/2021

Stop being a victim to scammers !!!!!

Have you seen posts in your profiles lately that state things like "Hallo(Hello) would you like make money? PM Me"
"What would you do with $$$$ contact me or click this link"

For one, any reputable business is not going to be so blanket statement on their postings, They will be most likely from a company profile and not some random persons profile. They will NEVER ask you to talk on Whatsapp or Telegram. These should be red flags ALWAYS. Clicking on links should be with serious caution as well.

What are the harms? For one with Whatsapp and Telegram there are known vulnerabilities that may allow hackers access to your devices or information that they will use for malicious purposes. They may take over your account to scam your friends, they may gain access to your computer and steal more than just your identity.

Clicking on links can have the same effect and give bad actors access to your private live and assets. You may never know, We use to fear a virus crashing out computers, now most virus sit silent and track your movements, tracks your logins and personal information. They can take over devices like webcams and anything else connected to your network.

Be safe out there and if it is too good to be true it is, ALWAYS follow up with research and ask important questions. If they get to a point they want you to use a 3rd party chat app or ask about one, that should be a HUGE RED FLAG and should just ask what company they work for and goto that company's official website.

Be safe and be alert.

(Ps to the admins of facebook groups, You should also do better to protect those that trust your pages and groups. You should be monitoring more heavily what is on your boards and if you are limited in staff or time to do so, Should at least make it so that members or posts need approved ( posts moreso than members as a member already in your group could be victim to a hacked account" )

06/03/2021

If you see the following in your groups or timeline.

Want to make $?

Want to work from home and make $?

Did you get your check?

What would you do with $?

While some of these maybe legit questions, most of the time they are scams. They will ask you to "inbox them" or "click a link" ( NEVER CLICK LINKS)

Please do not fall victim as these are literally all over anymore, in every group I see and see more and more people engaging them and believing them and will cause you some very bad days if you do not stop for just one minute and think about how truthful this is.

Often times they will even use fake accounts that if you just look at the timeline can clearly see is fake ( many users from other countries, or things like new accounts or new pictures that only show the few new pictures.

11/02/2020

Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques.