Beware of fake profiles on GitHub, and are you an optimist or pessimist CISO?
Welcome to Cyber Security Today. It’s Friday, June 16th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Some people worry about hackers using advanced techniques to create deepfake audio and video files to fool victims. However, one threat actors is using old tactics — including copying photos of real people — to create fake accounts on GitHub and Twitter of employees of an imaginary company called High Sierra Cyber Security. The goal? To push malware on GitHub. According to the staff of VulnCheck, the threat actors are listing on GitHub supposed exploits or fixes for alleged zero-day vulnerabilities in Chrome, Exchange, Discord and other applications. Their hope is the files will be downloaded by curious security researchers. What they really get is infected. The discovery is another reminder that any code downloaded from anywhere can’t be trusted until it is thoroughly vetted.
The operators of the Vidar information-stealing malware have changed their infrastructure. According to researchers at Team Cymru the threat actors are trying to anonymize their activities using public VPN services. Threat researchers trying to keep on top of this group should note the change.
A couple of surveys of infosec pros were recently released with some interesting numbers. Kroll Incorporated surveyed 1,000 security decision-makers in nine jurisdictions, including the U.S., and found 54 per cent believe their organizations are protected against cyberattacks as much as they can be. Another 37 per cent believe they are completely protected. Fifty-four per cent believe only a little improvement in trust with their organization’s senior leadership is needed. By contrast 41 per cent said a significant improvement in relations with their bosses is needed.
Separately, for its annual Voice of the CISO report Proofpoint interviewed 1,600 pros in 16 countries. Sixty-one per cent of respondents agreed their organization is unprepared to cope with a targeted cyber attack.
So, are you one of the optimists, or a pessimist?
Finally, many people take business meetings from home or remote locations by video these days. However, there’s a right way and a wrong way to do it. According to a survey commissioned by a company called Jugo, 68 per cent of respondents admitted they texted friends during a virtual business meeting, 28 per cent went for a walk, 33 per cent took a meeting while they were in a gym, and 38 per cent took a video meeting while in the bathroom. Jugo suggests there is some minimal etiquette when agreeing to do a remote meeting.
That’s it for now. But later today the Week in Review podcast will be available. Jim Love, CIO of IT World Canada, and I will discuss the ethics of paying ransomware attackers and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.