Online Safety
FBI: End-of-life routers hacked for cybercrime proxy networks
Is your router end-of-life (EoL)? If so, it’s best to replace it to avoid it being exploited to route malicious traffic. More details are in this article, linked below. A short list of currently exploited EoL routers are… Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610N, Cisco M10
The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks.
Source: FBI: End-of-life routers hacked for cybercrime proxy networks
Infostealer malware stole 493 million accounts. Is yours one of them?
Recently, news surfaced about stolen data containing billions of records, with 284 million unique email addresses affected.
Read the following article for steps to check if your email was found in the stolen data…
Source: Infostealer malware stole 493 million accounts. Is yours one of them? | PCWorld
Cyber Security Awareness Month & Hurricane Helene
For a few years now, October has been “National Cyber Security Awareness Month”. This year, it is a good opportunity for a refresher on some scams that tend to happen around disasters like Hurricane Helene.
Click the article link to continue reading…
Source: Hurricane Helene Aftermath – Cyber Security Awareness Month – SANS Internet Storm Center
Operation Endgame – 300 Widomaker.com Email Accounts Found Among 16.5M Compromised Accounts
What Happened?
Between May 27 and May 29, 2024, an international law enforcement operation, Operation Endgame, seized over 100 cybercrime servers worldwide. It’s being called the largest ever operation against botnets.
Approximately 300 (active and inactive) @widomaker.com email accounts, and passwords, were identified as having been potentially compromised for use by the Endgame cybercrime groups, sometime during the time period the groups were active. This means the affected users’ passwords were potentially compromised via remote access trojans (RATs) or info-stealers (malware installed on the users’ computers). To find out more, review the article and video, from Microsoft, about How malware can infect your PC…
According to Spamhaus, “The botnet operators in question relied on compromised accounts to target victims and spread malicious emails. If a receiver interacted with one of these emails, it is highly likely that their device was infected. As a result, they probably became part of the targeted botnets.”
More details on Operation Endgame may be found at the links below…
- [Bleeping Computer] Police seize over 100 malware loader servers, arrest four cybercriminals
- [Krebs on Security] ‘Operation Endgame’ Hits Malware Delivery Platforms
- [Europol] Largest ever operation against botnets hits dropper malware ecosystem
- [Troy Hunt / Have I Been Pwned (HIBP)] Operation Endgame
What Should I Do?
The easiest way to tell if your email address is in the Operation Endgame data, or other data breaches, is to sign up, for free, to be notified when your email address appears in known data breaches, or is found, via law enforcement action, to be compromised, like in the case of Operation Endgame. The Have I Been Pwned notification service is free to individuals. Visit the HIBP website, via the link below, then click “Notify me” to sign up for notifications.
Most importantly, if you find that your email address(es) is/are in the Operation Endgame data, or other data breaches, you should scan your computers (or other devices) for malware, and reset the passwords of the affected email accounts to prevent further abuse. You may Contact our office for assistance.
FBI warns of surge in ‘phantom hacker’ scams impacting elderly
The FBI issued a public service announcement warning of a significant increase in ‘phantom hacker’ scams targeting senior citizens across the United States.
Source: FBI warns of surge in ‘phantom hacker’ scams impacting elderly
How to Protect Against Virtual Kidnapping Scams – YouTube
How to Recover from a Phishing Password Compromise
What is a Phishing Password Compromise?
A phishing password compromise occurs when an attacker tricks you into revealing your login credentials, such as your username and password, through a phishing attack. Once the attacker has your login credentials, they can access your account and steal sensitive information or use your account for malicious purposes.
Ways to Avoid Email Phishing Scams
What is Email Phishing?
Email phishing is a type of cyber attack where the attacker sends a fraudulent email to trick the recipient into revealing sensitive information, such as login credentials or financial information. Phishing emails can be very convincing and may appear to come from a legitimate source, such as a bank or a popular online service.
NSA Releases Best Practices For Securing Your Home Network > National Security Agency/Central Security Service > Article
FORT MEADE, Md. — The National Security Agency (NSA) released the “Best Practices for Securing Your Home Network” Cybersecurity Information Sheet (CSI) today to help teleworkers protect their home
What Is a Pig Butchering Scam? | WIRED
This type of devastating scheme ensnares victims and takes them for all they’re worth—and the threat is only growing.
