Security and Fraud
"You are good enough. Actually you're probably overqualified but let's start the day off humble." - Unknown
Welcome to the SecFraudOps Newsletter. Enjoy some mixed links that Matt put together this week. If this is your first time reading, take a moment to subscribe.
Security and Fraud
BEC - On the Rise | Ransomware's ROI Retreat Will Drive More BEC Attacks
Crackdowns are driving down ransomware profits, and analysts see signs that operators are pivoting to business email compromise attacks, security researcher warned.
BEC groups are harder to take down and extremely profitable. “BEC attacks have cost business more than $43 billion since 2016, according to the FBI, and make up $1 out of every $3 lost to cyberattacks, far outpacing ransomware losses”
Live Phishing Against Microsoft Customers | DomainAlarm LinkedIn Post
In the last week there was a SharePoint Phishing site stood up to target office 365 customers. Do not go to this site, but be weary of these look-a-like domains. For those trying to protect thier organizations, there is a repo that will help you find sites like this by using DNS zone files on DomainAlarm’s GitHub.
Fun Zone
Art Lost and Found | The bizarre return of a stolen $160m painting
In November 1985, an unknown man and woman entered the University of Arizona Museum of Art (UAMA) in Tucson. She distracted a security guard while he cut Willem de Kooning’s Woman-Ochre from its frame and tucked it under his clothes. The oil painting disappeared for the next 32 years.
Art thefts are odd. It’s not easy to pull off and you can’t put out a news paper ad to sell it. This is a pretty interesting tale that is also being turned into a documentary: DocLands 2022 - THE THIEF COLLECTOR - Official Trailer
Something Useful
Security+ Study App | CompTIA Security+ Exam Prep
The CompTIA Security+ certification exam is a vendor-neutral exam that validates your skills in risk identification and management, the application of physical and digital security controls for devices and networks, disaster recovery, and the adherence to rules set forth by legal and regulatory bodies.
If you’ve ever looked to get a certification to enter security or signal expertise to a prospective employer, this app is a great way to prep for the Security+ exam. Great questions and descriptions of answers will help you practice and learn at your own pace. This has a paid option ($10 one time), but I have not found the need to pay.
Bonus Links
Free Live Kali Training | OffSec to stream Kali Linux penetration testing course on Twitch
Offensive Security, the creators of Kali Linux, announced today that they would be live-streaming their ‘Penetration Testing with Kali Linux (PEN-200/PWK)’ course sessions on Twitch later this month, which anyone can watch for free.
Zelle Fraud, Who Knew? | A Wave of Zelle Class Action Lawsuits Hitting Banks
Wells Fargo, Capital One, Bank of America, Navy Fed, and TD Bank have all been hit with class-action lawsuits in the past 30 days. The lawsuits come on the heels of a negative article that appeared in the New York Times which claimed that “fraud on Zelle is flourishing” and that banks claim that “it’s not their problem”.
Qakbot Reuse | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
A threat actor designated by Proofpoint as TA570 routinely pushes Qakbot (Qbot) malware. Malicious DLL files used for Qakbot infections contain a tag indicating their specific distribution channel.