With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts.   Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool the victim, and then pulls off a theft. Online, a social engineering attack will likely involve a theft attempt of personal or account information that the crook can…

Co-authored by: P, Sriram, and Deepak Setty ‘Tis the season for scams. Well, honestly, it’s always scam season somewhere. In 2020, the Internet Crime and Complaint Center (IC3) reported losses in excess of $4.1 billion dollars in scams which was a 69% increase over 2019. There is no better time for a scammer celebration than Black Friday, Cyber Monday, and the lead-up to Christmas and New Year. It’s a predictable time of the year, which…

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.  In other words, we leave trails of data practically wherever we…

The Panasonic Corporation has disclosed a data security incident in which an undisclosed amount of data was compromised. In a statement issued Friday, the major Japanese multinational conglomerate announced that an unauthorized third party had gained access to its network on November 11.  An internal investigation was launched that determined that the intruder had accessed some data stored on a file server. Panasonic did not say how much data was compromised in the incident or whether any sensitive information…

Threat Summary This month it was disclosed that a Microsoft vulnerability that allows for local privilege elevation, previously patched in the November 2021 Patch Tuesday, is still exploitable and was not patched correctly. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network. Figure 1. MITRE ATT&CK Matrix for Windows Zero-Day in MVISION Insights The vulnerability affects all supported versions of…

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) is exploring a protective email service (PES) that can be used to make Federal Civilian Executive Branch (FCEB) email safer.  In October 2017, the Department of Homeland Security took action against the spoofing of domains and organizations by mandating DMARC or domain-based message authentication, reporting and conformance standards by all federal agencies in its Binding Operational Directive 18-01.  Now, CISA is asking the cybersecurity industry for feedback…

Private equity firm Clearlake Capital Group LP has agreed to acquire Californian tech company Quest Software from its current owner, Francisco Partners.  The terms of the planned transaction have not been disclosed. However, Quest has been valued at $5.4bn, including debt, according to unnamed sources quoted by The Wall Street Journal. A statement announcing the acquisition was released earlier today. It revealed that current CEO of Quest, Patrick Nichols, will remain at the helm after the acquisition has been completed to lead the existing executive…