China Attacking News Sites Now & CISA Agency Declares Patch This Bug Now!

Threatpost has the stories – “China Suspected of News Corp Cyberespionage Attack

media giant news Corp was attacked with BEC (the most likely method of attack) Business Email Compromise.   Here is an excellent FBI explanation of BEC.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:

  • A vendor your company regularly deals with sends an invoice with an updated mailing address.
  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A homebuyer receives a message from his title company with instructions on how to wire his down payment.

Never give out any information using email always verify everything with someone doublechecking  before transfering money!!

“CISA Orders federal Agencies to Fix Actively Exploited Windows Bug”

CISA(Cybersecurity & Infrastructure Security Agency)  Official link discusses known exploited vulnerability to win32k (which means Winodows10 operating systems – all the different kinds of processors. For example(2 of them from NIST website):

  cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*
Show Matching CPE(s)
 cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*
Show Matching CPE(s)

 

Are you keeping up on the news? Check out our  Security News Analyzed page:

 

Have to keep up on Security news to make sure you know what is the highest risk…

And buy my book “TooLateYourehacked.com

how can you stay ahead of the game

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.