Commonwealth Bank SCAM Alert

#SCAM ALERT:

hashtag

Watch out for this #phishing scam from 'Commbonk'. The scam starts as an email using various display names, each containing the word ‘CommBank’. Unsuspecting recipients who click on the link to view ‘transaction details’ are each led to a different page which redirects to a page using the domain 'commbonk'. According the security company, MailGuard, this is a phishing page masquerading as a fake Commonwealth Bank sign-in page. Don't click on the link and delete email immediately. . The scam starts as an email using various display names, each containing the word ‘CommBank’. Unsuspecting recipients who click on the link to view ‘transaction details’ are each led to a different page which redirects to a page using the domain 'commbonk'. According the security company, MailGuard, this is a phishing page masquerading as a fake Commonwealth Bank sign-in page. Don't click on the link and delete email immediately. .

• use of a major brand name to inspire false trust; the usage of the supposed ‘Commonwealth’ display name boosts the email's credibility,

• inclusion of ‘Helplines’ typically expected of a well-established bank such as bank support numbers for local and overseas locations in the email & support links in the phishing page and,

• false urgency; a subject line such as ‘Action Required’ and a signature supposedly from 'Commonwealth Bank of Australia Fraud Security Support' creates a sense of panic and anxiety.

Commonwealth Bank impersonated in phishing scam; email asks users to confirm card ‘activity’

The hallmark of this scam lies in its ability to trick users by ironically using a security alert. Verifying irregular transaction activity is a common trait of well-established banks like Commonwealth and it’s this focus on security that cybercriminals behind this scam leverage on. Here are some of the specific techniques they’ve incorporated to trick recipients:

Despite these techniques to fool users into thinking the email is authentic, eagle-eyed recipients will spot red flags that point to its illegitimacy, with the biggest being the fact that the link doesn't actually point to Commonwealth Bank. Besides this, the email also contains spacing errors and grammatical mistakes like ‘are all transactions listed above clear for you?’.

This is another reminder for those who utilise online banking, to pay close attention to the emails they receive from their banks. To best protect yourself, it is imperative that you do not click any link contained within an email, especially if it does not address you by name (as in the scam above). It is best practice to type the website URL into your browser or use the official banking app in this instance.

As banks have been a major target for scammers, they have also been working hard to distinguish their legitimate correspondence from the ‘fakes’ and educating their customers on best security practices. This is also why any legitimate correspondence from your bank won't have links to their website. Banks will instead ask you to manually enter it into your internet browser. Also, if you are ever unsure if it is your bank genuinely trying to reach you, simply contact them directly to confirm.

Further information at - https://www.mailguard.com.au/blog/commonwealth-bank-impersonated-in-phishing-scam-email-asks-users-to-confirm-card-activity

Read More

How to Stay Cyber Safe This Holiday Season

How to Stay Cyber Safe This Holiday Season

With the holiday season upon us, it is important to maintain awareness of the many threats posed by cyber-criminals this time of year As the popularity of online shopping continues to increase, so does the number of potential unsuspecting victims for cyber-criminals to exploit. Scammers may target victims through a variety of methods, including via emails, compromised websites, spoofed websites, phone calls, text messages, or unsecured Wi-Fi networks. To help combat the threats posed aby cyber-criminals this holiday season, review the following list of common scams, tips, and best practices:

Be Wary of Links and Attachments in Unsolicited Emails

Around the holidays, users may receive emails from known retailers regarding sales and coupons, or claiming to be order confirmations or shipping notices. Cyber-criminals can easily steal retailer branding to make fraudulent emails appear legitimate and may contain links or attachments that install malware or lead recipients to spoofed websites that steal user credentials. These emails may attempt to convey a sense of urgency - Limited Time Offer! - to prevent users from thoroughly inspecting the email for red flags. Users are advised to navigate directly to retail websites by typing the legitimate URL into their browser instead of clicking on links in emails, and refrain from entering login credentials on websites visited via a link in an email.

Avoid Pop-Up Advertisements and Shortened URLs

Users are encouraged to use pop-up blockers to avoid unintentionally clicking on a pop-up ad that could introduce malware onto their system. Additionally, URL shorteners can be employed to trick users into visiting a malicious website. URL shorteners are often used on social media sites and other outlets to save space and for visual appeal. Users are advised to use a URL expander to reveal the true destination of shortened URLs prior to visiting the site.

Look Out for Holiday-Themed eCards and Messages Meant to Install Malware

In the past, users reported being targeted with various Thanksgiving Day-related scams. In some cases, spoofed emails were sent appearing to originate from legitimate organizations and contained the subject line “Thanksgiving eCard.” Additionally, an Emotet banking trojan campaign was observed using Thanksgiving lures, such as the subject lines “Happy Thanksgiving Day Greeting Message” and “Thanksgiving Day Card.” As malicious actors commonly leverage public interest during the holiday season to conduct financial fraud and disseminate malware, users are reminded to exercise caution with unexpected or unsolicited emails, especially those with a holiday theme.

Do Your Online Shopping at Home

Avoid using public computers, such as those at a library or hotel, or public Wi-Fi connections to log into personal accounts or conduct online shopping. Public computers could be infected with malware designed to steal your information and hackers can intercept network traffic traveling over unencrypted Wi-Fi signals. If you must connect to public Wi-Fi, use a virtual private network(VPN), to secure information transmitted between your device and the internet. Additionally, users are advised to refrain from using work computers to make online purchases, as cyber threats could endanger company and/or customer information.

Enable Multi-Factor Authentication (MFA) on All Accounts

Be sure to enable MFA (authentication by combining at least two of the following: something you know, something you have, and something you are) on every account that offers it as this will greatly reduce the risk of account compromise via credential theft. Even if a cyber-criminal obtains a user’s username and password, they will be unable to access that user’s account without their second factor. We encourages users to choose authentication apps, hardware tokens, or biometrics as a second factor over SMS-based authentication, due to the risk of SIM-swapping. The website TwoFactorAuth.org maintains a comprehensive list of websites that offer MFA.

Choose Credit Over Debit

When shopping online or at stores that do not yet support chip-and-PIN payments, it is advised to use credit cards over debit cards. While both payment methods pose a risk if compromised, debit cards do not carry the same consumer protections as credit cards, which limit the victim’s liability if fraudulent purchases are made using their payment card data. Magecart attacks, in which malicious code is injected into online payment webpages, are becoming more prevalent as the opportunity to steal payment card data from physical point-of-sale terminals has diminished.

Avoid Connecting Devices to Public Charging Stations

Public charging stations supplied with power cables or USB ports located in stores, airports, libraries, and schools may seem like a convenient way to charge your mobile devices on-the-go, but can you be sure that your device and data will be safe if you connect? These kiosks can contain concealed computers that attempt to extract data such as contact information, photos, and videos from connected devices, unbeknownst to the users. Additionally, malicious or compromised charging stations can expose devices to the risk of a malware infection. Even if the charging station is not malicious, the manufacturer or owner of the kiosk may require users to input their email addresses or phone numbers in order to charge their devices, potentially exposing them to unwanted marketing campaigns, phishing emails, and scam calls.

Verify Charities Before Donating

It is common around the holidays to donate to charities, particularly those that provide goods and/or services to those individuals in need. Users may be prompted to donate via solicitations received through email or social media; however, these may be promoting fake charities or impersonating legitimate charities. Prior to donating, ensure you are visiting the charity’s legitimate website to donate.

Beware ‘Secret Sister’ Gift Exchange Scam

Many people enjoy participating in group gift exchanges this time of year, however, beware of potential scams. Social media posts promoting a “SECRET SISTER" gift exchange has resurfaced recently, promising between 6 and 36 gifts in exchange for sending one gift. While this type of chain-letter appears innocent, it is actually illegal and considered a pyramid scheme. The scam begins by requesting the name and address of the recipient and their friends. This holiday season only participates in gift exchanges with individuals you know personally and refrain from sharing too much personal information online.

Read More

Best Free Open Source Software of 2019 for your Home or Small Business

The term OPEN SOURCE refers to software whose source code is freely available to download, edit, use and share, with no copyright restrictions and that's why we love it.

You will find open source versions of almost every software imaginable - from Operating system, office suites, media to accounting and productivity. With that in mind, here's our pick of the very best open source software.

Operating System: Linux

Lets Start with the main thing you need first is a Operation System for your PC or Laptop .In the past 10 years the gap between the features in all the major operating systems has become smaller and smaller.Linux operating systems aren't just for geeks and nerds. Anyone can install Linux and use it for their everyday computing needs including browsing the web, watching Netflix, typing letters, sorting home finances, video editing, photo editing and managing music collections. There is a lot of option to choose form for everyone from Novice to System Administrator to  Hackers and Security professionals everyone love Linux as their OS.

Ubuntu: One of the most popular distros for good reason, Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

Ubuntu is officially released in three editions: Desktop, Server, and Core (for internet of things devices and robots). Ubuntu is a popular operating system for cloud computing. Ubuntu is released every six months, with long-term support (LTS) releases every two years. The latest release is 18.10 ("Cosmic Cuttlefish"), and the most recent long-term support release is 18.04 LTS ("Bionic Beaver"), which is supported until 2028.  Download form here

 

Linux Mint is a great ‘default’ distro for new Linux users, as it comes with a lot of the software you’ll need when switching from Mac or Windows, such as LibreOffice, the favoured productivity suite of Linux users. It also has better support for proprietary media formats, allowing you to play videos, DVDs and MP3 music files out of the box. Why not give it a go today.  

Office software: LibreOffice

The next is you required your productivity tool and here comes to the rescue. LibreOffice is a powerful office suite – its clean interface and feature-rich tools help you unleash your creativity and enhance your productivity.  LibreOffice is a full suite of workplace software package, together with wonderful apps for text documents, spreadsheets, presentations, and databases. These are all absolutely compatible with the most recent Microsoft file formats, thus you’ll haven't any hassle sharing files that employment with users of Word, Excel, PowerPoint, and Access.

LibreOffice includes several applications that make it the most powerful Free and Open Source office suite on the market. You can download it form clicking to their official link here .

 

Email client: Mozilla Thunderbird

Email is key part of our everyday life Thunderbird is a free and open source email, news feed, chat, and calendaring client, that’s easy to set up and customize. One of the core principles of Thunderbird is the use and promotion of open standards - this focus is a rejection of our world of closed platforms and services that can’t communicate with each other. We want our users to have freedom and choice in how they communicate. You can download it form clicking to their official link here .

Web browser: Mozilla Firefox

Download Mozilla Firefox, a free Web browser. Firefox is created by a global non-profit dedicated to putting individuals in control online. Firefox is available for Microsoft Windows, macOS, Linux, BSD, illumos and Solaris operating systems. Its sibling, Firefox for Android, is also available .

You can download it form clicking to their official link here even you can download in your onw language .

 

Accounting / Small Business Accounting: GnuCash

GnuCash is personal and small-business financial-accounting software, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows.

Designed to be easy to use, yet powerful and flexible, GnuCash allows you to track bank accounts, stocks, income and expenses. As quick and intuitive to use as a checkbook register, it is based on professional accounting principles to ensure balanced books and accurate reports. Download here

Clean Your System and Free Disk Space: BleachBit

When your computer is getting full, BleachBit quickly frees disk space. When your information is only your business, BleachBit guards your privacy. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean thousands of applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source. Download link

Password manager: KeePass Password Safe

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). Download link

Safeguard Your Data/ Disk Encryption: 

DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. DiskCryptor is file and drive encryption software with all the whistles and bells you will ever need. Just like in TrueCrypt, DiskCrypror can encrypt any of your files, system drives and other external devices like CD’s and thumb drives. Moreover, DiskCryptor can encrypt your data with different encryption algorithms like AES (Advanced Encryption Standard), Twofish, Serpent and also uses a combination of cascaded algorithms for increased security. If you are previously using TrueCrypt for your encryption purposes, then DiskCryptor is the closest free option available with active development and support.

Media player: VLC Media Player

VLC media player (commonly known as VLC) is a free and open-source, portable, cross-platform media player and streaming media server.VLC offers everything you could need from a media player - comprehensive format support, streaming, downloading and much more download here

 

Photo editor: GIMP

GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes.

Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins.Download Link

Video editor: Shotcut

Shotcut is a free, open source, cross-platform video editor. Shotcut is a free, open source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing; Blackmagic Design support for input and preview monitoring; and resolution support to 4k. More features and download link here

Audio editor: Audacity

Free, open source, cross-platform audio software. Audacity is an easy-to-use, multi-track audio editor and recorder for Windows, Mac OS X, GNU/Linux  Download Here

Remote Access Software

Access other computers or allow another user to access your computer securely over the Internet. Remote desktop software is really useful for lots of situations, from helping your dad who lives 500 miles away, work through a computer issue, to remotely administering from your Melbourne office the dozens of servers you run in a USA data center! etc

Remote Utilities

Runs on Windows only and Great for both spontaneous and unattended remote access this also supports portable mode and doesn't require router port changes. This software is Free for both personal and business use which lets you connect to up to 10 computers for free.

No Machine 

Wherever your desktop is, you can control it and remotely access what’s on it from the other side of the world in a few simple clicks. A free remote desktop utility for personal use, NoMachine is designed to suit anyone who uses multiple computers and devices and wants to securely access them and their content using one simple tool. It's just one software package to be installed on the computer you are connecting from and on the remote computer you want to connect to. If you want a tool that enables you to work from home, regardless of what network you are connecting on, and which lets you stream multi-media files, access and edit documents, provide remote support to friends, print, transfer files and more, you've come to the right place. Download NoMachine and start using all these great features today.

Chrome Remote Desktop

The host computer has to have the Chrome browser installed, Lets you remote into the computer even when the user isn't logged in,Installs quickly.Has multi-monitor support and works well for unattended and on-demand remote access also Lets you remote into the computer via an app.Works on Windows, macOS, and Linux download link 

                            

What did we miss?

Are there open source application that we missed? These are just a few of the best open source/ free software I use for my personal use. They offer terrific value and since most of them are open source they are more secure for your privacy and protection in this digital age. 

We think of this as a work in progress, so if you believe there are software that should be added to this list, please let us know in the comments section below.

If you like this post feel free share and if you want to connect with me just add me up on LinkedIn  Faysal Hasan https://au.linkedin.com/in/faysalhasan

Read More

CISCO CCNA Cyber Ops Certification

Another achievement for the love of #Cyber #Security completed two exam to become Cisco Certified Network Associate Cyber Ops (CCNA Cyber Ops) Thanks to my family, work colleague and my networks for encouragement and support. #CCNA #CyberOps #CyberSecurity 

My review for the Cert: This cert is for security analyst interested in Security Operation Center to become CISCO Cyber Ops it required to pass two exam.

First one is like knowing networking , cryptography , general info sec concepts, web attack, linux and windows commands, file system, logs and different type of model that deal with threat.

Second exam is implementing like type of Security operations monitoring tools, incident detection,analysis and playbooks, threat hunting, Threat scoring, incident response and automation, Computer Forensics, Network Intrusion Analysis, Data and event analysis etc

Loved studying the CISCO books but felt amazing when setup LAB in my pc Three VM First is vulnerable linux pc (metasploitable vm) Second for Monitoring (Security Onion ) Linux which have monitoring tools included and Third for Hacking/Breaking the other vulnerable system using (KALI Linux) which have industry standard awesome tools included. Also love  reading Computer Security Incident Handling Guide: NIST 800-61 doc.

CCNA Cyber Ops Exam Details :
https://learningnetwork.cisco.com/community/certifications/ccna-cyber-ops

Study Material for first Exam: SECFND Study Material
Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0
https://learningnetwork.cisco.com/community/certifications/ccna-cyber-ops/secfnd/study-material


Study Material for Second Exam: SECOPS Study Material
Implementing Cisco Cybersecurity Operations (SECOPS) v1.0
https://learningnetwork.cisco.com/community/certifications/ccna-cyber-ops/secops/study-material

Read More