Several weeks ago, my good friend Katie Nickels (Director of Intelligence at Red Canary extraordinaire) and I were chatting about Ransomware. She was super interested and passionate about some new uses of a ransomware variant named “Ryuk” (first detected in 2018 and named after a manga/anime character) [1]. I was, to be honest, much less interested. It turns out, as usual, Katie was right; this was a big deal (although as you will see, I’m right too… still dull stuff!).

SMS phishing, or “Smishing,” is a mobile phishing attack that targets victims via the SMS messaging channel rather than through email. A natural evolution of the phishing phenomenon, smishing attacks attempt to dupe mobile users with phony text messages containing links to legitimate looking, but fraudulent, sites. These smishing sites try to steal credentials, propagate mobile malware, or perpetrate fraud.

The Federal Risk and Authorization Management Program (FedRAMP) is a compliance program established by the US government that sets a baseline for cloud products and services regarding their approach to authorization, security assessment, and continuous monitoring.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Once again the impact of this COVID pandemic claims another. Cast your minds back to earlier in the yearn (or was it last year now – feels like it) with the sudden burst in use of Zoom and House Party causing all sorts of issues.

Netskope Threat Labs is warning users to be careful of spam messages being shared via Google Docs. The spam messages come in the form of a comment on a document or presentations and are sent by [email protected]. Both the comment and the document link the user to a spam or scam website. Because the messages are sent by Google Docs, it is likely that your spam filters do not detect and block these messages. In fact, docs.google.com may be explicitly allowed by your spam filters.