CyberInsights Weekly #12
Your weekly dose of learnings from cybersecurity news
I. QR codes - The perfect threat vector?
‘Zero Touch’ customer experience has led to increased QR code usage. A very easy threat vector for attackers to exploit.
While most users can reasonably identify a malicious phishing link, they cannot recognise an evil QR code.
Read up on - request money fraud using QR codes.
CISO Check:
Does your security awareness training cover malicious QR codes ?
II. ngrok - hero or villain?
A developer tool that exposes local servers behind NATs and firewalls to the public internet over secure tunnels is a double edged sword.
Attackers got internal machines to install ngrok to exfiltrate data.
Have a look at a related advisory released in 2019.
CISO Check:
Do you have a process to check for developer utilities that allow special privileges?
What are your controls for authorisation, usage and removal of admin utilities?
III. Quote of the week
Privilege is not knowing that you're hurting others and not listening when they tell you. ― DaShanne Stokes
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.