PHISH & TELL 019

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Top stories of the week, how they are relevant to you, and what to do about them.

1. 🗣️ Chatty bot gone rogue

   Source: The Hacker News, Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations 

   Hackers abused Salesloft’s Drift chatbot to pull large amounts of data from companies’ Salesforce instances. Salesloft has since taken Drift offline to overhaul it. The campaign ran from Aug 8–18 and hit more than 700 organizations.

   Why it matters: If you use chatbots or third‑party tools connected to your customer relationship management (CRM) system, a breach in those tools can expose your clients’ contact details, support tickets or even access keys. According to Cloudflare, the attackers intend to use the stolen data for future targeted attacks.

   What to do: Check whether your business used the Drift integration; if so, change passwords and access tokens for your CRM, email and cloud services. Review logs for unusual exports or downloads between August 8‑18. Ask vendors about their security practices and only enable integrations that you truly need.

2. 🧟‍♀️ Invisible orders: prompt‑injection attacks on AI summarizers

   Source: Cybersecurity News, Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware 

   Security researchers warned of a new technique that hides malicious AI instructions (or “prompts”) inside HTML using invisible formatting. (Remember in the early days when people tried to improve their search ranking by stuffing their web pages with “invisible” keywords in white font on a white background? Similar concept.) When an AI summarizer or chatbot in an email client processes the message, the prompt takes over and could instruct the system to run ransomware or steal data.

   Why it matters: Many productivity tools now auto‑summarize emails or webpages using AI. A seemingly benign message could force your AI assistant to hand over sensitive data or execute harmful code—without you ever seeing the malicious instructions.

   What to do:

   • Disable automatic AI summarization in email clients and browser extensions for messages from unknown senders.

   • Configure your email system to strip hidden HTML elements and base64‑encoded commands.

3. 🍎 Mac malvertising scam installs SHAMOS infostealer
   Source: Infosecurity Magazine, Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign

   From June to August, a malvertising campaign lured macOS users searching for “macOS help” to fake support sites. Visitors were told to run a single command in Terminal. That command bypassed Apple’s Gatekeeper and downloaded an infostealer, which captured passwords.

   Why it matters: Many small business owners use Macs and may feel safer than Windows users. This campaign shows that malware creators target everyone and exploit your trust in tech support pages.

   What to do:

   • Only seek help from Apple’s official support pages or the built‑in Help menus.

   • Never paste commands from unknown websites into your Terminal.

   • Keep macOS and all applications up to date, and consider using reputable anti‑malware software for Macs or having an MSSP protect them for you if you don’t want to DIY it.

   • Educate staff to verify URLs before clicking on support resources.

4. 🚗 Luxury brand stalls: Jaguar Land Rover operations hit by cyberattack
   Source: Reuters, Britain's JLR hit by cyber incident that disrupts production, sales

   On Sept 2, carmaker Jaguar Land Rover (JLR) said a cyber incident severely disrupted its retail and production activities. The company took systems offline to contain the attack and reported no evidence of customer data theft. Analysts noted that the event highlights rising cyber and ransomware threats across industries.

   Why it matters: Even giants like JLR can grind to a halt when key systems go down. For smaller businesses, a similar outage could be devastating.

   What to do:

   • Develop (and test) an incident‑response plan detailing how you will continue operations if systems go offline.

   • Keep backups disconnected from your network so you can restore quickly.

   • Consider cyber insurance and ask what types of incidents are covered.

5. 🔧 Website fix alert: Sitecore zero‑day exploited via default key
   Source: Data Breach Today, Attackers Exploit Sitecore Zero Day

   Cyber‑security researchers at Mandiant discovered that attackers abused a serious flaw in the Sitecore content‑management system, which many companies use to run their websites. The problem? Some Sitecore installations still contained a sample cryptography “machine key” from an old support document. Hackers used this key. Once inside, they could collect system and user details, export them as normal website traffic, and add additional tools such as remote‑control software and password‑stealing programs. They even created temporary administrator accounts and installed back doors to maintain access.

   Why it matters: Even if you don’t personally manage your website, it could run on Sitecore or use parts of it. Attackers exploiting this flaw could quietly add malicious code to your site, steal customer data or plant hidden tunnels.

   What to do: Ask your web developer or hosting provider if your site uses Sitecore. If it does, make sure the latest patches are installed and any sample cryptography keys have been replaced with unique keys. Monitor for unusual activity: new administrator accounts, remote‑desktop connections or suspicious files may signal an intrusion. Avoid default settings: whether it’s a website template or office software, always change sample keys, passwords or tokens to unique values.

Not sure what applies to your business or what your options are? Let’s talk.

🔍 In Case You Missed It (ICYMI)

• This week’s blog post: How to Vet the Cybersecurity Practices of Your Partners, Suppliers, or Platforms »   

• We have a free 3-page PDF resource: How to Identify and Avoid Scams: A Simple Guide »

• Follow us on LinkedIn, Facebook or Instagram. Youtube is in the works (subscribe to get notified when I finally start getting these videos out there!)

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

One often‑overlooked personal safety tip is to set up and practice using your phone’s Emergency SOS feature. Most smartphones allow you to trigger a discreet call to emergency services and automatically share your location with pre‑selected contacts. Taking a few minutes to turn this on, add trusted contacts and familiarize yourself with how it works means you can summon help quickly and quietly if you ever feel unsafe.

📱 iPhone: Set up Emergency SOS and contacts

1. Turn on Emergency SOS features

   • Open Settings → Emergency SOS.

   • Toggle on “Call with Hold and Release” if you want your phone to dial emergency services when you hold the side button and either volume button until the countdown ends.

   • Toggle on “Call with 5 Button Presses” to have your phone start the emergency call when you rapidly press the side (power) button five times.

   • You can also enable “Countdown Sound” so the phone plays a loud tone while counting down—useful to avoid accidental calls.

2. Add emergency contacts

   • Open the Health app, tap your profile picture (top right) and choose Medical ID.

   • Tap Edit, then scroll to Emergency Contacts and tap Add. Pick someone from your contacts list and specify their relationship.

   • Tap Done to save. When you trigger Emergency SOS, these contacts will receive a text with your current location and updates if your location changes.

3. Test the feature (briefly)

   • Press the side button five times to confirm the emergency slider appears. Don’t complete the call unless you’re actually in danger, but it’s good to know what it looks like.

   • Make sure your emergency contacts receive the test notification (you can let them know ahead of time so they aren’t alarmed).

🤖 Android: Emergency SOS and similar options

Android devices have equivalent features, though the names and exact menus can vary by manufacturer.

On Google Pixel and many Android phones (Android 12 and later):

1. Open Settings → Safety & emergency (you can also search “emergency” in Settings).

2. Tap Emergency SOS and toggle it on.

3. Choose what happens when you press the power button quickly five times:

   • Call emergency services automatically (for example, 911 in the U.S.).

   • Play a loud alarm and wait a few seconds before dialing, giving you a moment to cancel if it was accidental.

   • Share updates with emergency contacts, including your real‑time location.

4. Tap Emergency contacts to add people who should be notified.

5. Optionally fill in Medical information (allergies, medications) so responders can access it from your lock screen.

On Samsung Galaxy devices:

1. Open Settings → Safety and emergency → Send SOS messages (this may be under Advanced features on older models).

2. Turn it on and grant the permissions it asks for (camera, location, etc.).

3. Add one or more emergency contacts.

4. Choose what’s sent when you quickly press the side key three or four times: location, photos from the front and rear cameras, and a short audio recording.

5. Practice triggering it so you know how many presses are required on your model.

Regardless of the brand, once these features are configured you can discreetly summon help by pressing the power/side key rapidly. It’s a simple step that can make a huge difference in an emergency.

💬 A PERSONAL NOTE

Super excited because I found out today I was accepted into the NGLCC iLead: Grow, Scale, and Contract Program in partnership with Wells Fargo! The program will cover “critical elements such as: capabilities statements and decks; how to appropriately respond to request for proposals (RFP); and perfecting your pitch.” That starts next week. Also next week, I’ll be up North at a two-day workshop on AI Marketing for IT/security-related businesses, then a one-day hacker con back home. Busy, busy! Oh, and I submitted my blog for a Stevie Award. (I’m keeping my expectations low — the content is good, but it’s still less than a year old, so we’ll see.)

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like me to cover? Let me know :-) [email protected]

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷