Although this method of infection isn't new at all (I've played with it during some Webinar/Demo a year ago or something like that), using it with ransomware is the first I've seen!

Thanks for the info!

@guyinpv said in [URGENT ALERT] Defend Against This Ransomware WMD NOW:

Has anyone been affected you know of? Make sure them backups are in order!

No one personally or directly. But loads of people on SW.

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

I get that the person in question might already know one blog and not another. My point was that if they did, they likely didn't need a link and if they didn't, the security perception is a risk because it's not a good one.

I visit KB4 frequently. This post does not have the right tags attached to it as I mentioned earlier so it wasn't showing up where you would normally find the articles.

Ah, I see. What tag do you expect? Just the "knowbe4" tag?

It wasn't tagged properly on the KB4 site. It doesnt show up under scam of the week

https://blog.knowbe4.com/topic/scam-of-the-week

https://blog.knowbe4.com/scam-of-the-week-the-evil-airline-phishing-attack

OH!! That makes way more sense then.

@RoopanKumar said in 7 Urgent Reasons For Creating A Human Firewall:

@scottalanmiller that is what the point is but why then they are providing solution for this and so many are paying

I don't understand your statement. The point is security, not panacea. They are providing security improvements, big ones. What's wrong with that? Would you ask the same thing of any other type of security? Why do you pay for AV or a firewall if they are not a panacea? Because they are critical components in your layered security architecture.

@stus would you be able to comment on the apparent spamming that people are receiving?

Wow, that IS a scary one.

@Dashrender said in Scam Of The Week: Nasty Two-factor Auth Text Hack:

@scottalanmiller said in Scam Of The Week: Nasty Two-factor Auth Text Hack:

@Dashrender said in Scam Of The Week: Nasty Two-factor Auth Text Hack:

So let's talk about normals - outside of IT, do you see a lot of people using 2FA?

I thought that I just said that. Every enterprise that I know uses 2FA. For everyone. Just part of normal computer usage. I'm sure lots don't, but enough do that I always see it.

OK, well, in that case, I do know that most of my local friends who work in enterprise do not use 2FA.

Do they do anything important like work in content, finance, accounting, HR, etc.?

@scottalanmiller said:

I've not met these IT guys. I don't think that that is a realistic statement at all. I'd say saying 2% would be fine would be a stretch. Most IT people I see run as admin and are pretty reckless with security.

Yeah, because of places like this, when i did my last PC upgrade (to windows 😎 I moved to a two user account setup. 1 non admin for normal working - like this posting, 2 admin for admin stuff.

A bit of a pain, but MS really does have it down pretty well now prompting me when it needs elevated permissions.