Magecart, the notorious credit card stealing cybercrime syndicate, is once again in the news. It is the gift that keeps on giving – it has recently taken root in three different online restaurant ordering websites: MenuDrive, Harbortouch, and InTouchPOS. The malware was found in more than 300 restaurants that used them and exposed more than 50,000 paid orders. The malware was present in some of these systems for many months before they were discovered. Indeed, some attacks began last November and are still active.

There are more details in my post for Avast’s blog here.

I’ve often made recommendations about patching your systems. Patching is a simple concept to explain: Keeping all your various digital components (hardware, software, and networking infrastructure) up to date with the most recent versions. However, it can be easier said than done – this is due to the fact that our day-to-day operations have become complex systems that interconnect and intersect in ways that are hard to predict. In this blog post for Avast, I review some of the benefits of timely patching, how to get a patching program established and operational, and some notable failures about patching over the years.

The war on passwords has entered a new and more hopeful era: their final battle for existence. The challenger is the passkey. Let’s talk about why this is happening now, what exactly the passkey is, and how the victory might just finally be in sight. The goal is a worthy one — according to Verizon DBIR 2022 report, 80% of data breaches still begin with a phishing or Man-in-the-Middle attack, using hijacked account credentials to take over an account. Spoiler alert: passkeys can help big-time in this fight.

Passkeys use a set of cryptographic keys – meaning a long string of digits – in a way that you, the user, doesn’t have to remember or type anything additional. They have been adopted by the major endpoint vendors (Google, Apple and Microsoft), and in my post for SC Magazine I describe how they work.

The next time someone sends you an email with a PDF attachment, take a moment before clicking to open it. While most PDF files are benign, hackers have recently been using PDFs in new and very lethal ways. Malicious PDFs are nothing new. In my post for Avast’s blog here, I explain their history and how two news items have shown that they are still an active threat vector and being exploited in new and interesting ways, such as this invoice which has different amount due items depending on the particular reader used to view the file.

Microsoft has made it a bit harder for macro viruses to proliferate with a recent change to its default macro security policies. Malware-infected Microsoft Office macros have been around for close to three decades. These exploits involve inserting code into a seemingly innocuous Word or Excel macro, which is then downloaded by an unsuspecting user by clicking on a phishing lure or just a simple misdirected email attachment. Recently, Microsoft changed the default settings, making it harder both for this type of malware to spread and also harder for IT managers who have to figure out how to manage their legitimate macro users. And then, they rolled back these changes, based on user complaints. I explain the details in this post for Avast’s blog.

A better treatment, with lots of specifics on Office group policy settings, can be found in Susan Bradley’s CSO piece here.

There are lots of reasons to use a VPN for business: to improve your access speeds, to avoid state-sponsored blocks or tracking of your browsing movements, and to segregate your business traffic when working remotely or home from prying eyes, And while there are numerous VPNs that focus on larger enterprises or for individual consumers, the middle ground is poorly served. This is the target segment that GoodAccess, a Czech-based company, is after. They sponsored a review of their product, and I think they deliver in terms of preserving anonymity, privacy, and security and have superior product features that make it particularly attractive for smaller businesses, such as its main dashboard shown here.

You can download a copy of my report here.

Since I wrote about the creation and weaponization of deepfake videos back in October 2020, the situation has worsened. Earlier this month, several European mayors received video calls from Vitali Klitschko, the mayor of Kyiv. These calls turned out to be impersonations (can you tell which image above is real and which isn’t?), generated by tricksters. The mayor of Berlin, Franziska Giffey, was one such recipient and told reporters that the person on these calls looked and sounded like Klitschko, but he wasn’t an actual participant. When Berlin authorities checked with their ambassador, they were told Klitschko wasn’t calling her. Fake calls to other mayors around Europe have since been found by reporters.

Were these calls deepfakes? Hard to say for sure. I cover the issues and update you on the advances, if you can call them that, about deepfake tech for my Avast blog today.

Last week, the US Department of Justice announced the takedown of Russian IoT botnet and proxy service for hire RSocks. Working with various European law enforcement agencies, the FBI used undercover purchases of the site’s services to map out its infrastructure and operations. RSocks compromised its victims by brute forcing attacks on various IoT devices as well as smartphones and computers.

You can read my latest Avast blog post about RSocks here.