Phishing attacks targeting Office 365 users

By Dominic Chorafakis, CISSP

March 20, 2019

Email continues to be the favorite tool for hackers to hijack computers and steal information. Recent phishing campaigns are proving to be particularly effective by combining different techniques to target Office 365 users. There are two key elements that make the attack effective:

  • Malicious messages appear to arrive from known contacts
  • Messages contain PDF attachments which do not carry any malware so they get past anti-virus. The goal is to entice users to click on a link that appears to take them to OneDrive or Office 365

Taking the time to verify the email address that a message appears to be from is an important step in security awareness. Some times the domain portion of the email address (the part that comes after the @ sign) will be a clue that the sender isn’t really who they claim to be. Unfortunately, it is not enough to just look at the From field, the sender’s email account may have been hacked, but also sophisticated hackers are able to spoof the From field to make it look like an email was sent by someone else.

It is important to note that this is not personal or specifically targeted, so don’t assume you are safe just because hackers don’t know who you are. Once a computer becomes infected, the malware will automatically extract information from contact lists and earlier email messages and automatically launch a similar attack against those contacts. It doesn’t even need to be someone you know who was infected. Say your friend Bob sends you an email inviting you to a party, and copies you and 10 other people you don’t know. If any one of those 10 people are infected, the malware will try to send an email from Bob to your email address with the malicious PDF without ever knowing you or Bob personally.

The malicious email may contain a link in the message itself, but in this case, we are focusing on the attack specifically targeting Office 365 users. In those attacks, when you open the PDF file, it will try to get to click on what looks like a legitimate link, here’s an example

If a user is tricked into clicking on the link, what happens next depends on the specific type of attack.

In some cases, the user is directed to a website that looks like a real Office 365 login page as seen below.

Note the URL in the browser is not Microsoft’s at all.

In this case the attacker is trying to trick the user into providing their username and password which will be sent to the hacker instead of Microsoft.

In other cases, clicking on the link will take to you a website that hosts software known as an Exploit Kit that will attack your PC looking for a vulnerability that can be used to install malware on it.

What to do

  • Be suspicious of any email with a PDF attachment even if it appears to come from someone you know. If it is unusual (e.g. someone sends you an invoice or other document you are not expecting), do not open the attachment.
  • If you suspect an email may be a scam, do not reply to that email to verify its authenticity if you have other means of contacting them.
  • If you do open the attachment and see a Word or Excel logo prompting you to click on a link to open the document in Office 365
    • Do not click on that link
    • Notify your IT administrator immediately
    • Close the attachment immediately
    • Run a full virus scan on your system
  • If you do click on the link before you realize it is a scam
    • Power down your computer
    • Notify your IT administrator immediately

Previous Articles

The new normal in cybersecurity

By Dominic Chorafakis, CISSP

Not so long ago, computer viruses were mostly created by pranksters and computer geeks trying to see what they could get away with. There was still some risk for data loss and downtime, but for the most part viruses were just an annoyance and installing a decent anti-virus was enough to keep your systems safe.

Today things are much different. Online banking and bitcoin have made it possible and safe for hackers to turn what used to be a misguided hobby into an organized criminal enterprise, with cybercrime proceeds surpassing $ 1 Billion last year.

The lone computer geek has been replaced with sophisticated teams of highly skilled professional hackers creating military grade malware that is able to bypass anti-virus and selling access to it on the “dark web”, a kind of Internet parallel universe that is only accessible through special software which allows its users to remain anonymous and untraceable.

This new reality means that a business-as-usual approach to cybersecurity is no longer enough. Unfortunately, many small and medium business owners believe that cyber criminals won’t target them because they are too small or have nothing that hackers would want and don’t take the necessary steps until it’s too late.

Fortunately, there are some simple and cost-effective steps that businesses can take to reduce risks and avoid potentially significant repair costs and losses due to unplanned downtime.

Apply software updates and patches

Users should check for and apply software updates provided by vendors and this activity should be prioritized:

  1. Firewalls and Routers exposed to the internet
  2. Externally accessible servers
  3. Internal servers and personal computers
  4. Other infrastructure such as security cameras or other internet-enabled devices

Reduce network footprint

Businesses often create firewall rules to allow employees, vendors or other third parties to access IT systems remotely. Firewall misconfigurations, or intentional creation of rules that are too broad in scope and allow access from anywhere on the internet is a common cause of security breaches.

Firewall rules should be reviewed and the number of systems that are exposed to the internet should be kept to a strict minimum. When network ports are forwarded to allow external access to IT systems, the rules should be restrictive and limit access only from a specific set or range of external IP addresses.

When possible, vulnerability scans should be performed to confirm that firewall rules are correctly restricting access to IT systems.

Perform secure backups

Up-to-date backups are critical in order to quickly recover from an attack with minimal impact to business systems. Backup policies should take into consideration that infected systems with access to mounted backup drives may also encrypt backup files. This risk should be mitigated by having a backup strategy that keeps historical versions of backed up files and includes snapshots that are not accessible to systems that may become infected.

Deploy professional anti-virus

While zero-day attacks are an unfortunate reality, the fact is that the vast majority of breaches are caused by known vulnerabilities that professional anti-virus solutions know about and are able to block. Commercial anti-virus software should be installed and licensed on all systems and configured to automatically update virus definitions from the vendor. Additional security features provided by many commercial solutions like secure browsing extensions, identity theft protection and enhanced computer firewall features should be enabled on all computers.

Cyber Security Awareness

Studies show that the chance of a breach is reduced by up to 40% in businesses that engage in cyber security awareness training.

The method most commonly used by hackers to bypass security measures is phishing, where users are tricked into clicking on a link or opening an attachment in an email that looks like it came from a legitimate source like a customer, vendor, bank or other well-known company or website.

Computer users should take time to educate themselves on spam and phishing techniques as well as tips on how to detect them and ways to avoid falling victim. There are many free resources online such as staysafeonline.org that provide information and tips for businesses and individuals.

Managed Security Services

Cyber-security is constantly evolving as the cat-and-mouse game between cyber criminals and security vendors rages. Installing a firewall and anti-virus and then simply forgetting about cyber-security can be a huge and costly mistake. Businesses should consider managed cyber-security services to make sure IT systems and staff are protected against the most current threats and vulnerabilities.

Hackers targeting Torrent sites

There has been a surge of hacks targeting torrent users by posting fake ads on popular peer-to-peer file sharing sites that direct victims to websites infected with exploit kits able to install information-stealing malware and ransomware on their computers.

Torrents are a common source of malware and viruses since the very nature of peer to peer file sharing means that the files you are downloading can come from anyone and anywhere. As a general rule you should not install torrent clients, and only download files from known, reputable sources.

If you insist on using torrents, you should assume that the computer you are using will be hacked and don’t use it for activities like banking or accessing your email. If possible keep it on a separate network by setting up a guest WiFi network that doesn’t have access to the rest of your network.

 

What you should do

Take the following measures to protect your systems from this attack:

  1. Inform your staff that hackers are targeting Torrent users and that accessing file sharing sites is prohibited
  2. Prohibit the use of peer-to-peer file sharing clients like uTorrent on computers connected to your network
  3. Ensure that all computers have the latest operating system and browser patches installed
  4. Consider using a reputable ad-blocker

To receive important cybersecurity updates on the latest threats with tips on how to stay safe click on this button to follow us on LinkedIn or join our critical updates mailing list at My Security Console.

The implications of PIPEDA for small business

By Dom Chorafakis, CISSP

November 27, 2018

DISCLAIMER

Information contained in this post is intended as general information only. It is not, nor should be construed as legal advice and should not be relied upon as such. If you need legal advice, please contact an attorney directly.

Personal Information Protection and Electronic Documents Act (PIPEDA)

It has been almost a month since the new PIPEDA rules regarding mandatory breach reporting in Canada came into effect and many clients still have questions around what it means for their business. In this post we’ll explore some of the key highlights of the legislation and provide links back to the relevant sections of the Office of the Privacy Commissioner of Canada (OPC) website you can use to get more information.

Perhaps the most common question that comes up is whether the rules apply to a small business that only has one or two employees. The short answer is yes, they do. The rules do not provide for any exemptions based on number of employees or revenue. There are however certain types of organizations to which the rules may not apply as per the PIPEDA brief available at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/ [1]:

Unless they are engaging in commercial activities that are not central to their mandate and involve personal information, PIPEDA does not generally apply to:

  • not-for-profit and charity groups
  • political parties and associations” [1]

So if you own a business that is not a charity, political party or association, then the rules definitely apply to you. Note however that even those organizations may need to comply with the rules if “they are engaging in commercial activities that are not central to their mandate” [1]. For example, if an association sells its member list data for marketing purposes, PIPEDA would apply.

As mentioned in the brief, “PIPEDA applies to the collection, use or disclosure of personal information in the course of a commercial activity. A commercial activity is defined as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fund-raising lists.” [1]

The personal information that is protected under PIPEDA includes anything that is recorded about an identifiable individual. According the brief, “This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;
  • opinions, evaluations, comments, social status, or disciplinary actions; and
  • employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).” [1]

The Act defines 10 fair information principles that businesses must follow with regards to personal information:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure, and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance

There are a number of clauses in the Act (which is available online at http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html [2]) that are relevant from a cybersecurity perspective. For example, the Act states that “Organizations shall implement policies and practices to give effect to the principles, including

(a) implementing procedures to protect personal information;

(b) establishing procedures to receive and respond to complaints and inquiries;

(c) training staff and communicating to staff information about the organization’s policies and practices; and

(d) developing information to explain the organization’s policies and procedures.” [2]

Furthermore, the Act states that “The methods of protection should include

(a) physical measures, for example, locked filing cabinets and restricted access to offices;

(b) organizational measures, for example, security clearances and limiting access on a “need-to-know” basis; and

(c) technological measures, for example, the use of passwords and encryption.

Not only does the act require businesses to use appropriate administrative and technological safeguards to protect personal information, it also stipulates that any breaches of these safeguards that expose this personal information must be reported to the OPC. Organizations who fail to report such a breach may be liable for a fine of up to $100,000. According to the Act, “An organization shall report to the Commissioner any breach of security safeguards involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.

[…] significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.” [2].

The OPC provides a privacy toolkit for business at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/guide_org/ to help comply with the Act and its principles.

Cybersecurity Essentials

By Dom Chorafakis, CISSP

June 21, 2017

The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.

Cryptojacking

With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.

Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.

Malvertising

In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.

People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.

Email compromise

While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector.  From account compromise and phishing attacks to malicious attachments,  email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.

The long game

Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.

1. Identify your assets

It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.

2. Identify threats and risks

Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.

3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.

4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.

5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.

Where to go from here

There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.

 

 

 

RSS Cisco Talos Blog

  • Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques May 20, 2019
    This blog was authored by Danny Adamitis, David Maynor, and Kendall McKayExecutive summaryCisco Talos assesses with moderate confidence that a campaign we recently discovered called "BlackWater" is associated with suspected persistent threat actor MuddyWater. Newly associated samples from April 2019 indicate attackers have added three distinct steps to their operations, allowing them to bypass certain […]
  • Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper May 16, 2019
    Tyler Bohan of Cisco Talos discovered these vulnerabilities.Executive summaryThere are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts with the tablet and allows the user to manage it. These vulnerabilities could allow an attacker with local access […]
  • Threat Source newsletter (May 16) May 16, 2019
    Newsletter compiled by Jonathan Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.We were packed with vulnerabilities this week. For starters, there’s Microsoft Patch Tuesday, which we’ll cover farther down. We also disclosed a remote code execution bug in Antenna House […]
  • Microsoft Patch Tuesday — May 2019: Vulnerability disclosures and Snort coverage May 16, 2019
    Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 79 vulnerabilities, 22 of which are rated “critical," 55 that are considered "important" and one "moderate." This release also includes two critical advisories: one covering Microsoft Live accounts and another addressing updates to […]
  • Vulnerability Spotlight: Remote code execution bug in Antenna House Rainbow PDF Office document converter May 14, 2019
    Emmanuel Tacheau of Cisco Talos discovered this vulnerability.Executive summaryA buffer overflow vulnerability exists in Antenna House’s Rainbow PDF when the software attempts to convert a PowerPoint document. Rainbow PDF has the ability to convert Microsoft Office 97-2016 documents into a PDF. This particular bug arises when the converter incorrectly checks the bounds of a particular […]
  • Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader May 14, 2019
    Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities.Executive summaryThere are two remote code execution vulnerabilities in Adobe Acrobat Reader that could occur if a user were to open a malicious PDF on their machine using the software. Acrobat is the most widely used PDF reader on the market, making the potential target base for these […]
  • Vulnerability Spotlight: Multiple vulnerabilities in the Roav A1 Dashcam May 13, 2019
    Lilith Wyatt of Cisco Talos discovered these vulnerabilities.Executive Summary Cisco Talos is disclosing multiple vulnerabilities in the Anker Roav A1 Dashcam and the Novatek NT9665X chipset. The Roav A1 Dashcam by Anker is a dashboard camera that allows users to connect using the Roav app for Android and iOS so that the users can toggle settings […]
  • Threat Roundup for May 3 to May 10 May 11, 2019
    Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 03 and May 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
  • Threat Source newsletter (May 9) May 9, 2019
    Newsletter compiled by Jonathan Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by defenders, for defenders. This year’s Summit will take place […]
  • Vulnerability Spotlight: Remote code execution bug in SQLite May 9, 2019
    Cory Duplantis of Cisco Talos discovered this vulnerability.Executive summarySQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase management system contained in a C programming library. SQLite implements the Window Functions feature of SQL, which allows queries over […]

RSS Dark Reading

RSS CISO Online

  • BrandPost: Four Critical Reasons for Investing in Your WAN Edge May 20, 2019
    The traditional network model of a central, physical data center hub with spokes running out to fixed locations has gone the way of the mainframe and electric typewriter – once mainstays of business. Today’s workforce is increasingly mobile, while business-critical productivity and collaboration applications run in the cloud. The rise of these cloud-based applications enable […]
  • Will the U.S. government draft cybersecurity professionals? May 20, 2019
    Will there be a giant sucking sound of cybersecurity talent evading the draft by moving to Canada?The National Commission on Military, National and Public Service, created by Congress, is currently evaluating the Selective Service System (SSS) with an eye toward modernizing the draft, including the possibility of conscripting cybersecurity professionals.[ Keep up with 8 hot […]
  • Review: How Awake Security uncovers malicious intent May 20, 2019
    Good cybersecurity these days is more complicated than just matching signatures against known malware. In fact, many of the most devastating attacks made against enterprises may not involve malware at all, instead relying on social engineering, insider threats, and tools and processes already approved for use within a network that are hijacked for a malicious […]
  • What is malware? How to prevent, detect and recover from it May 17, 2019
    Malware definition Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. As Microsoft puts it, "[malware] is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." […]
  • IDG Contributor Network: Digital ethics rising in importance May 16, 2019
    The innovative capabilities of technology – as well as the potency of that technology – are advancing at a remarkable pace, creating new possibilities in today’s digital economy. This is mostly wonderful, with one large caveat: we must keep in mind that just because we have the ability to deploy a new technological innovation does […]
  • The most stressful aspects of being a cybersecurity professional May 16, 2019
    Talk with any cybersecurity professional, and you're sure to hear them talk about the challenges they're up against. What stresses them out the most? Keeping up with the security needs of new IT initiatives.That's according to a third annual research report, The Life and Times of Cybersecurity Professionals, recently published by ESG and the Information Systems Security […]
  • Why security needs to be involved early during mergers and acquisitions May 16, 2019
    As an industry that is now largely dependent on online services to survive, security should be a key part of every media outlet’s business strategy. A disruption to service or a compromise of customers’ information could be catastrophic in a highly competitive and oversaturated industry where reader loyalty is often low.  Yet according to Akamai’s […]
  • 5 tips for better backups with Azure Backup Agent May 16, 2019
    You’ve seen the headlines of how businesses were harmed by ransomware. Ransomware depends on encryption; there is a public key and a private key. Unless you have the private key, you can’t readily get your data back. Any time you hear someone say that they went to a site such as nomoreransom.org and got their […]
  • The CSO guide to top security conferences, 2019 May 15, 2019
    There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping […]
  • BrandPost: What Do We Want? Wi-Fi Protected Access! When Do We Want It? WPA3 Now! May 15, 2019
    I was recently listening to the Demystifying WPA and the WPA3 Security Standard podcast and it got me thinking about how we got to where we are with wireless security access, protecting our network, our users, and so much more.For those of you who remember the days of WEP-40, and then WEP-128, we really thought those days […]

RSS Krebs On Security

  • Account Hijacking Forum OGusers Hacked May 18, 2019
    Ogusers[.]com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.
    BrianKrebs
  • Feds Target $100M ‘GozNym’ Cybercrime Network May 16, 2019
    Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name.
    BrianKrebs
  • A Tough Week for IP Address Scammers May 15, 2019
    In the early days of the Internet, there was a period when Internet Protocol 4 (IPv4) addresses (e.g. 4.4.4.4) were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With the […]
    BrianKrebs
  • Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 May 14, 2019
    Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a "wormable" flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. The vulnerability (CVE-2019-0709) resides […]
    BrianKrebs
  • Nine Charged in Alleged SIM Swapping Ring May 10, 2019
    Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target's phone number and diverting all texts and phone calls to the attacker's mobile device. […]
    BrianKrebs
  • What’s Behind the Wolters Kluwer Tax Outage? May 7, 2019
    Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH's software were open and writable by […]
    BrianKrebs
  • Feds Bust Up Dark Web Hub Wall Street Market May 3, 2019
    Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world's largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least […]
    BrianKrebs
  • Credit Union Sues Fintech Giant Fiserv Over Security Claims May 3, 2019
    A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that "baffling" security vulnerabilities in the company's software are "wreaking havoc" on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about a glaring security weakness a Fiserv platform that exposed personal and […]
    BrianKrebs
  • Data: E-Retail Hacks More Lucrative Than Ever April 30, 2019
    For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores. But new data suggests that over the past year, the economics of supply-and-demand have helped to double the average price fetched by card-not-present data, meaning […]
    BrianKrebs
  • P2P Weakness Exposes Millions of IoT Devices April 26, 2019
    A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.
    BrianKrebs

RSS The Hacker News

  • US Tech Giants Google, Intel, Qualcomm, Broadcom Break Up With Huawei May 20, 2019
    Google has reportedly suspended all businesses with the world's second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps like Gmail or the Play […]
  • Hackers Breach Stack Overflow Q&A Site, Some Users' Data Exposed May 17, 2019
    Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident. Stack Overflow, one of the largest question and answer site for programmers, revealed today that unknown hackers managed to exploit a bug in its development tier and then almost a […]
  • Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016 May 17, 2019
    The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today. TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of […]
  • 'GozNym' Banking Malware Gang Dismantled by International Law Enforcement May 16, 2019
    In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe, primarily in the United States and Europe, for years. GozNym was created by
  • Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement May 16, 2019
    A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update. However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles. In a […]
  • New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011 May 14, 2019
    Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre […]
  • Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues May 14, 2019
    It's Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users' interaction. Out of 79 vulnerabilities, 18 […]
  • Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder May 14, 2019
    Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. […]
  • Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor May 14, 2019
    Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects
  • Cryptocurrency Hacks Still Growing — What Does That Mean for the Industry? May 14, 2019
    Though once synonymous with underground networks and black hat hackers, bitcoin and other cryptocurrencies have gone mainstream over the past two years. In 2017, we saw the skyrocket of bitcoin to an all-time high of close to $20,000 followed by a significant decline the following year. But beyond the ups and downs in the market […]