iOS 10.3 , released Vulnerability-related.PatchVulnerability to the public on Monday , patches Vulnerability-related.PatchVulnerability a bug that allowed bad actors to use a JavaScript pop-up in Safari in an attempt to extort money Attack.Ransom from iOS users . Security firm Lookout ( via Ars Technica ) said the scammers would target Safari users who viewed pornography by placing malicious scripts on various pornographic website that would create an endless pop-up loop that basically locked the browser , if an uninformed user didn ’ t know how to get around the flaw . The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be “ locked ” out from using Safari unless they paid a fee Attack.Ransom — or knew they could simply clear Safari ’ s cache ( see next section ) . The attack was contained within the app sandbox of the Safari browser ; no exploit code was used in this campaign , unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device . The scammers registered domains and launched the attack from the domains they owned , such as police-pay [ . ] com , which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money . The pop-ups claimed to be Attack.Phishing from law-enforcement personnel , and claimed the only way to get control of the browser back was to pay a fine Attack.Ransom in the form of an iTunes gift card code delivered via text message . Users actually could have gotten out of the pop-up loop by manually clearing the Safari browser cache . However , a new or otherwise uninformed user might believe they actually needed to pay the ransom Attack.Ransom before regaining control of their browser . “ The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk , ” Lookout researchers Andrew Blaich and Jeremy Richards said . iOS 10.3 changes the way pop-up dialogs work in Safari . Previously , a pop-up dialog took over the entire Safari app . Now , pop-ups are only per tab . iOS users who are hit by the scam before updating to iOS 10.3 can clear their browsing cache by going to “ Settings ” - > “ Safari ” and tapping : “ Clear History and Website Data . ”

Staff Reports - INDIANAPOLIS ( WISH ) -- A scammer has received all 4,000 Scotty 's Brewhouse employee 's 2016 W-2 forms after posing as Attack.Phishing the CEO through email . Director of Human Resources Christopher Martin said that his payroll account 's manager received Attack.Phishing an email from someone who claimed to be Attack.Phishing Scott Wise , the company 's CEO . The person then requested all 4,000 employee 's 2016 W-2 forms in a PDF format . After discovering that Wise did not send the email , Martin contacted the Internal Revenue Service about the breach . Reports have also been filed with the Federal Bureau of Investigation and Indiana State Police . Martin plans on contacting all employees affected about what they can do to protect themselves from unauthorized use of their personal information . No suspect information has been released at this time . CEO Scott Wise released a statement saying : `` Unfortunately , Scotty 's was the target of and fell victim to scammers , as so many other companies have . Scotty 's employees and customers are of tremendous importance to the company and Scotty 's regrets any inconvenience to its employees that may result from this scamming incident . Scotty 's will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice . ''