Tech Talk
Volume 1 - Issue 13
News...
Phishing Campaign Targets New Jersey Government Employees
In January, the NJCCIC observed a phishing campaign targeting New Jersey government employees. In this campaign, the sender claims to be from the employee’s human resources department announcing an annual vacation plan. A link leads to a phishing website where the employee is prompted to log in with their government email credentials. These emails spoof the display name of the sender email address to match the domain of the recipient, making the messages appear to come from a legitimate source in their organization. However, the sender’s hostname originates from the domain sumltomocorp[.]com, a website known for marketing spam URLs. Additionally, the link contains the recipient’s email address in the URL in another attempt to add legitimacy to the message.
The NJCCIC advises against clicking links in unexpected emails from unverified senders. Users are encouraged to verify the legitimacy of a request by contacting the sender via another means of communication, such as by phone, and only enter account login credentials on official websites.
If you receive any emails of this type, please let me know.
Updates & Upgrades
Linewize (our content filter) recently upgraded the Windows client on your desktops. You shouldn't notice any changes, but if you do, please submit a ticket.
Be sure to to upgrade to at least version 109.0.5414.74/.75 for Windows (109.0.5414.87 for macOS, 109.0.5414.74 for Linux).
LastPass
If anyone uses LastPass, like I do, here is some news and info on the latest breach.
LastPass announced that some customer information may have been compromised after its affiliate, GoTo, announced they suffered a security incident. GoTo , formerly known as LogMeIn, detected unusual activity within their development environment and third-party cloud storage service currently shared with LastPass.
LastPass initiated an investigation and discovered that an unauthorized third party gained access to certain elements of customers’ information by leveraging data obtained via the August security incident . Both GoTo and LastPass stated that their products and services remain fully functional, and the latter ensured that customers’ passwords remain safely encrypted due to their Zero Knowledge security model.
Bottom line is your passwords are safe.
CyberStart America
CyberStart is an online game in which students solve cyber challenges in cryptography, Python, Linux, web, binary and digital forensics – and is beginner friendly!
CyberStart is available to play until April 4. Students can register at cyberstartamerica.org.
Did you know?
In Google Slides you can click on a slide in the thumbnail on the left hand side and use Control D (Command D on a Mac) to duplicate the entire slide or set of selected slides. You can also duplicate individual elements on a slide.
By the Numbers
87%. That’s the percentage of US defense contractors failing to hit the most basic level of cybersecurity compliance standards, according to CyberSheath.
Join Technology Updates on Remind: https://www.remind.com/join/elson or text @elson to the number 81010