Fraudulent emails are being received Attack.Phishing by individuals and/or companies with the subject title similar to `` Reinstate Your Account '' or `` [ Audit ] Reinstate Your Account '' . This email appears to be Attack.Phishing from UVA Community Credit Union telling them that an account is dormant and needs to be reinstated . The email includes a link that redirects the individual to a fraudulent web page and may contain a virus or malicious software , or solicit password information . If you receive Attack.Phishing an email like this , do not click on the link as doing so may open your system to damage from viruses . If you clicked through to this fraudulent website , you may be at risk for subsequent fraud . Change passwords to your Online Banking and Email accounts . You should ensure that you have the latest updates from your anti-virus vendor and run a full system scan . Please note that not all anti-virus vendors receive or update the latest virus signatures at the same time . Best practices are to configure your anti-virus software to automatically update and scan your computer on a regular basis . As always , you should closely monitor your accounts for suspicious activity . Visit our Security Center to learn more about protecting your computer , or if you believe you have been a victim of identity theft . UVA Community Credit Union will never contact you by email , cell phone , text message , or telephone asking for your personal information . If you have been a victim of a scam and think your UVA Community Credit Union account information may have been compromised Attack.Databreach , contact us immediately at 434-964-2001 or toll-free , 1-888-887-9136 .

Adobe has released Vulnerability-related.PatchVulnerability updates fixing Vulnerability-related.PatchVulnerability a long list of security vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Mac and Windows versions of Acrobat and Reader . In total , the first October update brings 85 CVEs , including 47 rated as ‘ critical ’ with the remaining 39 classified as ‘ important ’ . It ’ s too early to get much detail on the flaws but those rated critical break down as 46 allowing code execution and one allowing privilege escalation . The majority of the flaws rated important involve out-of-bounds read issues leading to information disclosure . As far as Adobe is aware , none are being actively exploited . The update you should download depends on which version you have installed : For most Windows or Mac users it ’ ll be either Acrobat DC ( the paid version ) or Acrobat Reader DC ( free ) so look for update version 2019.008.20071 . For anyone on the classic Acrobat 2017 or Acrobat Reader DC 2017 , it ’ s version 2017.011.30105 . Those on the even more classic Acrobat DC ( 2015 ) or Acrobat Reader DC ( 2015 ) it ’ s version 2015.006.30456 . Anyone who still has the old Acrobat XI or Reader XI on their computer , the last version was 11.0.23 when support for this ended a year ago . A sign of success ? There was a time when having to patch Vulnerability-related.PatchVulnerability so many flaws in a small suite of products from one company would have been seen as a failure . Arguably , these days , it ’ s a sign of success – researchers are devoting the time to finding Vulnerability-related.DiscoverVulnerability vulnerabilities before the bad guys do and Adobe is turning around fixes . What ’ s surprising is that despite crediting every one of them ( and it ’ s quite a list ) , the company doesn ’ t seem to have a formal bug bounty reward program other than the separate web applications program run via third party company , HackerOne . If Adobe ’ s 85 vulnerabilities sounds excessive , have some sympathy for users of the rival Foxit PDF Reader and Foxit PhantomPDF programs . Foxit last week released what appears to be Vulnerability-related.DiscoverVulnerability 116 vulnerabilities of their own ( confusingly , many of which are not yet labelled with CVEs Vulnerability-related.DiscoverVulnerability ) . For some reason , the number of flaws being found Vulnerability-related.DiscoverVulnerability in Foxit ’ s programs has surged this year , reaching 183 before this September ’ s count , compared to 76 for the whole of 2017 . As for Adobe , these updates are unlikely to be the last we hear of the company this month – expect the usual flaws to be patched Vulnerability-related.PatchVulnerability in Adobe ’ s legacy Flash plug-in when Microsoft releases Vulnerability-related.PatchVulnerability its Windows Patch Tuesday on 9 October .

A Ukrainian cybercrime operation has made an estimated $ 50 million by using Google AdWords to lure Attack.Phishing users on Bitcoin phishing sites . The operation has been temporarily disrupted this month when Ukrainian cyber police shut down servers hosting some of the phishing sites , acting on information they received from Cisco 's Talos security division . No arrests were made , and it 's very likely that the group will make a comeback in the future . The group —which Cisco tracked internally under the codename of Coinhoarder— has been operating for years , but appears to have used the same scheme since February 2017 , possibly earlier . Crooks purchase so-called typosquatted domains that imitate Attack.Phishing the real Blockchain.info Bitcoin wallet management service . Coinhoarder operators then set up Attack.Phishing phishing pages on these domains that log users credentials , which they later use to steal funds from users ' accounts . According to Cisco , instead of using malvertising or spam campaigns , crooks buy legitimate ads via the Google AdWords platform and place links Attack.Phishing to their phishing sites at the top of Bitcoin-related Google search results . This trick is not only simple to execute but very effective . Cisco reported that based on DNS query data , ads for one domain roped in over 200,000 users . It is believed the group lured Attack.Phishing tens of millions of users to its phishing sites . It is unclear how many users tried to log in on the fake sites , but after tracking down various thefts reported on social media and involving some of the Coinhoarder groups typosquatted domains , Cisco says the group made around $ 50 million worth of Bitcoin in the past three years . For example , in one campaign that took place from September 2017 to December 2017 , the group made around $ 10 million , while in another campaign that lasted 3.5 weeks , the group made another $ 2 million . Researchers also point out that crooks used geo-targeting filters for their ads , targeting mostly Bitcoin owners in Africa . `` This threat actor appears to be Attack.Phishing standing up phishing pages to target potential victims African countries and other developing nations where banking can be more difficult , and local currencies much more unstable compared to the digital asset , '' researchers said in a report published yesterday . `` Additionally , attackers have taken notice that targeting users in countries whose first language is not English make for potentially easier targets . '' Cisco says it tracked down the phishing sites hosted on the servers of a bulletproof hosting provider located in Ukraine —Highload Systems . This is where Ukraine 's cyber police department intervened and took down servers . According to Cisco , the Coinhoarder group is by far the largest phishing operation Attack.Phishing that has targeted Blockchain.info , the biggest Bitcoin wallet service online . Bleeping Computer , too , has spotted increases in phishing campaigns Attack.Phishing targeting Blockchain.info in December 2016 and December 2017 . Among the new tricks detected by Cisco since our previous reports , crooks have started using Let 's Encrypt certificates to make their phishing sites load via HTTPS , and have also incorporated homograph attacks .

Prize scams are as old as the hills , but people keep falling for them — sending the fraudsters hundreds , sometimes thousands of dollars to claim their cash , luxury cars or other non-existent prizes . Sweepstakes , lottery and prize scams “ are among the most serious and pervasive frauds operating today , ” according to a new report from the Better Business Bureau . And along with phone calls , letters and email , the crooks are now using text messages , pop-ups and phony Facebook messages to lure Attack.Phishing their victims . In fact , social media is now involved in a third of the sweepstakes fraud complaints received by the FBI ’ s Internet Crime Complaint Center ( IC3 ) . “ Scammers are like viruses . They mutate and adapt and find things that work , ” said Steve Baker , former director of the Federal Trade Commission ’ s Midwest region and author of the BBB report . “ The crooks have discovered social media big time and since social media is free to use , they can easily do a whole lot of damage from other countries. ” The BBB study found that : Nearly 500,000 people reported a sweepstakes , lottery or other prize scam to law enforcement agencies in the U.S. and Canada in the last three years . Monetary losses totaled $ 117 million last year . Facebook Messenger Lottery Fraud Scammers are creating Attack.Phishing bogus websites that look like Attack.Phishing a legitimate lottery or sweepstakes site . Or they are reaching out to potential victims who don ’ t properly set their privacy settings on social media platforms such as Facebook . The BBB report says Facebook Messenger , the private messaging app , is a favorite way for fraudsters to find victims . They can use Messenger — with or without a Facebook profile — and contact people who are not Facebook friends . In many cases , the bogus message appears to be Attack.Phishing from Publishers Clearing House ( PCH ) congratulating you on winning a big prize . To claim that prize , it says , you need to send them money . “ That ’ s a red flag warning , ” said Chris Irving , a PCH assistant vice president . “ If anybody asks you to send money to collect a prize , you know it 's a scam and it 's not from the real Publishers Clearing House . At Publishers Clearing House or any legitimate sweepstakes , the winning is always free — no purchase , no payment , no taxes or customs to pay. ” The crooks also impersonate Attack.Phishing Facebook founder Mark Zuckerberg in some of their phony Messenger messages . “ They post Attack.Phishing a fake profile of Zuckerberg on Facebook , ” Baker said . “ Then they send Attack.Phishing you a message through the Facebook messenger system saying : ‘ Hi this is Mark Zuckerberg . I 'm delighted to be able to tell you that you have won the Facebook Lottery and here is the person you need to contact to get the money . ’ ” Take the bait Attack.Phishing and click the link , and you ’ ll be told to send money to claim your winnings . Of course , there is no Facebook Lottery and Zuckerberg is not sending prize notices to anyone . In a recent story on social media scams , the New York Times reported it found 208 accounts that impersonated Zuckerberg or Facebook COO Sheryl Sandberg on Facebook and Instagram . At least 51 of the impostor accounts , including 43 on Instagram , were lottery scams . ( In 2012 , Facebook purchased Instagram for $ 1 billion . ) Facebook says it ’ s working to stop the scammers who use its platform to trick Attack.Phishing people out of their money . In March , the company announced it was using new machine learning techniques that helped it detect more than a half-million accounts related to fraudulent activity . “ These ploys are not allowed on Facebook and we 're constantly working to better defend against them , ” said Product Manager Scott Dickens . “ While we block millions of fake accounts at registration every day , we still need to focus on the would-be scammers who manage to create accounts . Our new machine learning models are trained on previously confirmed scams to help detect new ones. ” The company has also posted a warning on how to avoid Facebook scams . The BBB report calls on Facebook and other social media platforms to make “ additional efforts ” to prevent fake profiles and to make it easier for users to contact them about fraud .

EdgeWave , Inc.® , a leading provider in cybersecurity and compliance , today revealed Vulnerability-related.DiscoverVulnerability a new , malicious exploit embedded in popular URL shorteners , which are being mistaken as legitimate URLs . URL shorteners may be susceptible to this new exploit when a change is allowed to the long URL after the shortened URL is created . The malicious parties fabricate Attack.Phishing an email that appears to be Attack.Phishing a legitimate marketing email which includes the shortened URL -- - passing by any in-transit virus scanning and potentially other spam checking tools . `` Several days ago , we detected Vulnerability-related.DiscoverVulnerability this new exploit while performing our real-time , human analysis on spam campaigns , '' said Blake Tullysmith , Principal Engineer at EdgeWave . `` With over 100 million URLs being shortened per day , this new exploit can potentially impact billions of users across email and social media campaigns . '' Here is how the EdgeWave ePrism team explains the exploit : Some URL shorteners will allow users to change the long URL after they have already created the shortened URL . The malicious parties will then fabricate Attack.Phishing a seemingly legitimate email and include a shortened URL that passes in-transit virus scanning as well as other filtering solutions , which will allow the shortened URL to be delivered right into the inbox . Once the spam campaign is embedded in the message , the URL is redirected to a site that contains malicious content like a virus or malware . However , the delivered message is already in the inbox ; so unfortunately , there is no protection at this point . Attached is an image of a sample email message extracted from an email campaign while in-transit with a link from http : //tiny.cc pointing to a clean website . After the campaign was delivered , it points to a compromised website including malicious content . The EdgeWave team is still conducting further investigations on this exploit and recommends all URL shortening users utilize services that do not allow the URL to be edited after its creation . EdgeWave customers are being protected by its ePrism Email Security solution . EdgeWave ePrism is an award-winning , hosted cloud email security solution with Zero-Minute Defense against phishing , spam and malware campaigns using our unique combination of automated intelligence and 24/7/365 human analysis in a simple-to-use security suite for all email compliance and business needs .

Many people at GC are receiving Attack.Phishing one of the more popular phishing scam emails . It appears to be Attack.Phishing from Microsoft , a “ Security Alert ” wanting you to revalidate your account . If you did click on the email , please reset you Unify password ( and subsequent email password ) at password.gcsu.edu.­­­­­­­­­­­­ We think that someone else might have accessed the Microsoft account * * * * * * * * @ gcsu.edu . When this happens we require you to verify your identity with a security challenge and then change your password the next time you sign in . If someone else has access to your account , they have your password and might be trying to access Attack.Databreach your personal information or send junk email