March 19, 2024

Good morning, everyone!

This week’s critical vulnerabilities: Microsoft's Patch Tuesday included fixes for 60 bugs, 18 critical Kubernetes released critical patches last week Fortinet has released patches for yet another critical vulnerability QNAP has released patches for 3 bugs, one critical Did your "automatic" updates get installed? Patch All the Things!

What, you may ask, is "vishing"? It's a contraction of "voice" and "phishing" -- phishy phone calls are becoming more prevalant as a social engineering attack.

I read a remarkable story¹ this week about an AI-generated voice clone used in a vishing attack -- resulting in the theft of $35M!

"In early 2020, a branch manager of a Japanese company in Hong Kong received a call from a man whose voice he recognized—the director of his parent business. The director had good news: the company was about to make an acquisition, so he needed to authorize some transfers to the tune of $35 million. A lawyer named Martin Zelner had been hired to coordinate the procedures and the branch manager could see in his inbox emails from the director and Zelner, confirming what money needed to move where. The manager, believing everything appeared legitimate, began making the transfers. What he didn’t know was that he’d been duped as part of an elaborate swindle, one in which fraudsters had used “deep voice” technology to clone the director’s speech ..."

If you've ever heard me talk about vishing, you know I have three questions that you should ask yourself:

• Who called whom?
• Who is asking the questions here?
• Can I call you back?

In this case, simply hanging up the phone and calling the director -- at a known, trusted number -- would have stopped this entire operation in its tracks.

Remember, when in doubt -- pick up the phone! For any important or suspicious communication you receive, whether email or text or phone, the very best protection is to call that person or company at the number you have saved in your Contacts.

Stay cyber safe this week!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺