/ 01.25.19 / Alan Hernandez

Weekly Cybersecurity Report - New Voicemail Phishing Scam in The Wild

Share This Post:

Weekly Cybersecurity Report - New Voicemail Phishing Scam in The Wild

Google faces a Steep Fine from a French Regulator

cnet.com- Author: STEVEN MUSIL - Date: January 21st, 2019 

A 50 Million Euro Fine (approx $57 Million US Dollars) has been given to Google by a French Regulator for not properly disclosing their policy on how user data is collected and used for targeted advertising. This is the biggest penalty imposed on the tech behemoth since the new European privacy law went into effect in 2018.The French National Data Protection Commission found that Google hadn’t presented information about their practices in a clear and comprehensive manner citing that, they were “too generic and vague”.


ElasticSearch Data Breach Tremors Continue

scmagazine.com- Author: Doug Olenick - Date: January 25th, 2019 

Earlier this week it was revealed that over 57 Million US Citizens had their personal data compromised in breach on an ElasticSearch server. Recently, however, mortgage and credit documents from the breach have been found residing on an open Amazon S3 bucket by the cyber researcher who made the initial discovery. Bob Diachenko, after doing some more research, added that “the open S3 server is particularly inexcusable as these come with a preset password, but in this case it would appear someone went in and removed it leaving the data exposed”.


Deceptive VoiceMail Notifications Are The Latest in New Email Phishing Scam

scmagazine.com- Author: Robert Abel - Date: January 25th, 2019 

A new email phishing campaign uses missed voicemail notifications from a bogus voicemail site to get users to send over their Microsoft account logins. The attack is sent in the form of an email disguised as a notification about a bogus voicemail message. There message includes a .EML attachment, that when clicked, displays a message posing to be from ‘Ring Central’ (cloud-based business phone platform). When a user clicks any of the links in the bogus message it takes them to a fake Microsoft Account login page that requires users to enter their password twice in order to ensure the attacker gets the correct password. There have not been any new updates that filter out these type of emails. The best method of avoiding this phishing campaign is to be wary of suspicious unsolicited email attachments.


Department of Defense Loses 37% of Its Staff

scmagazine.com - Author: Monica Pal - Date: January 24th, 2019 

The impact of the government shutdown is now affecting some of our most important defenses we have against foreign cyber threats. The Department of Homeland Security, which includes the Cybersecurity and Infrastructure Security Agency, has seen nearly 37 percent of its staff furloughed. In the interest of national security it is imperative that we have as many people on the job to help protect our Country. However, employees who are considered ‘essential’ are still on the job. If supportive staff do not return it will inevitably lead to higher risk of critical oversight as weary essential staff experience fatigue from having resources stretched thin.


The Powerful Stability of the Windows Operating System



interestingengineering.com- Author: GZ Staff - Date: January 3rd, 2019 

Ah, Windows. How we love(loath) you. Here are some hilarious screenshots from some amazing moments experienced by hapless Windows users.


Posted by Alan Hernandez