Original release date: August 23, 2019
The Internal Revenue Service (IRS) has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake (i.e., spoofed) IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details about the targeted recipient’s tax refund, return, or account. The emails instruct the recipient to access their refund information by entering a provided password on the spoofed website. By entering the password, the victim unintentionally downloads malware that could enable the malicious cyber actors to take control of the affected system or obtain sensitive information.
No good dead goes unpunished. Marcus Hutchins, known as @MalwareTechBlog on Twitter, and who was credited with creating a “kill switch” for WannaCry, was arrested in 2017 in Las Vegas after attending DEF CON. British-born Hutchins has remained in the US on bail ever since. He has been spared jail over malware charges.
Original release date: July 26, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of vulnerabilities affecting multiple Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following security advisories and apply the necessary updates:
- Palo Alto Security Advisory PAN-SA-2019-00200
- FortiGuard Security Advisory FG-IR-18-384
- Pulse Secure Security Advisory SA44101
It happened to Apple, and now Linux sees a malware exploit. EvilGnome was written to target the comparatively small but committed community who use Linux on their laptops.
Week after week we’ve documented how internet of things devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and wonderful new surveillance opportunities for hackers and state actors. And CIA leaks have indeed confirmed that “smart” TVs and other devices with embedded microphones make for wonderful surveillance tools.
So it’s not too surprising to see Microsoft’s Security Response Center proclaim this week that it has caught Russian hacking group “Strontium” (aka Fancy Bear and APT28) using poorly secured printers, VoIP phones, and video decoders to gain access to sensitive networks. As is usually the case, Microsoft found that once these devices’ security was bypassed (often an easy feat given there’s sometimes little to no security measures in place), they were able to use them as a beach head to gain broader access to the networks they were connected to…[more]
To be part of your local law enforcement’s surveillance network, all you need is a little tech from Amazon. Amazon’s Ring doorbell/camera is being handed out to cops, who can then give them to citizens with the implication the recipients of this corporate/government largess will deliver recordings upon request.
It’s more of a “post-purchase middle finger” to customers than a privacy plus, say some outraged users who use the cams to catch crooks.
The bug’s in Firefox, but our advice is worth reading whether you use Firefox or not