December 6, 2022
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
|This Thursday at 1PM (CT), Cisco is presenting a free webinar, "Securing Your Home Network." If you can't make the actual webinar time, go ahead and register anyway so you can view the recording when it's made available.|
TikTok "Invisible Body" challenge deploying malware
Attackers are exploiting the popular "Invisible Body" TikTok video challenge to install malware capable of stealing passwords, Discord accounts, cryptocurency wallets, passwords and credit card info stored in browsers, files from your computer, and maybe more:
A new and trending TikTok challenge requires you to film yourself naked while using TikTok's "Invisible Body" filter, which removes the body from the video and replaces it with a blurry background.
This challenge has led to people posting videos of them allegedly naked but obscured by the filter.
To capitalize on this, threat actors are creating TikTok videos that claim to offer a special "unfiltering" filter to remove TikTok's body masking effect and expose the TikTokers' nude bodies.
However, this software is fake and installs the "WASP Stealer (Discord Token Grabber)" malware.
Remember, consult original sources! Download software only from known sources. Install apps only from known, reputable developers. (and seriously? don't use TikTok)
LastPass breached again
For the second time this year, LastPass has suffered a data breach. In August, the company announced that source code was stolen in a data breach. It appears that some of this stolen data was used to commit the most recent infiltration of the company's network.
At this time, LastPass is stating that some user data was stolen, but that passwords "remain safely encrypted due to LastPass's Zero Knowledge architecture." If you are a LastPass user, I suggest watching this developing story.
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺