F-Secure says it can not prove which country was behind the hack but the group had links to 'entities ' in China , Russia and Ukraine The UK Foreign Office was targeted by a group of determined and well-funded hackers over several months last year . Research published by cybersecurity firm F-Secure suggested the attack was a “ spear-phishing Attack.Phishing ” campaign in which people are sent Attack.Phishing targeted emails with a link to a false login page to trick Attack.Phishing users into giving up their username and password . The hackers created Attack.Phishing websites that looked like Attack.Phishing legitimate Foreign Office websites , including those for accessing an internal email account online . The scam is believed to have been perpetrated by hackers who call themselves the Callisto Group . F-Secure said it did not know whether the attack was successful and the National Cyber Security Centre did not say whether data had been stolen Attack.Databreach . It was discovered after the spy agency analysed a successful attack on the French broadcaster TV5Monde in 2015 . The group forced the channel ’ s scheduled programming off air for 18 hours and replaced them with a screen showing the terror group ’ s flag . The inference with the UK ’ s government follows on from an ongoing probe into the Kremlin ’ s influence on the US elections last year . Hacking groups such as DC Leaks , Fancy Bears and Guccifer 2.0 who were responsible for the leaking Attack.Databreach of damaging information about the Democrat party . The most significant attack Attack.Databreach , the leaking Attack.Databreach of thousands of private emails between senior members of the DNC to Wikileaks by Fancy Bears , lead to the resignation of DNC Chair Debbie Wasserman-Schultz .

Do you trust your tax preparer not to fall for this simple phishing scam Attack.Phishing ? The Internal Revenue Service is warning tax preparers about a new scam designed to steal Attack.Databreach their usernames and passwords . The hacker ’ s goal is to break in to the preparer ’ s computer system and steal Attack.Databreach client information . The IRS advises the bogus email appears to come from Attack.Phishing the recipient ’ s software provider and typically has a subject line that reads something like : “ Software Support Update ” or “ Important Software System Upgrade. ” The message tells the preparer they need to revalidate their login credentials and it provides a link to a “ fictitious website that mirrors the software provider ’ s actual login page , ” according to an IRS bulletin issued last month . “ Instead of upgrading software , the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers ' accounts and to steal client information . '' This phishing attack Attack.Phishing was cleverly designed to launch at the time of year when many software providers release upgrades to professional preparers . It ’ s also a busy time for preparers who are working to meet the Oct. 15 deadline for clients who filed for extensions . “ This sophisticated scam yet again displays cybercriminals ’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business , ” the IRS alert said . Mike Wyatt , a threat researcher with RiskIQ , a digital threat management firm , told NBC News he ’ s not surprised to see this current attack . Getting people to click on malicious links requires social engineering — and launching a phishing campaign related to calendar events can be a successful tactic . “ Cybercriminals very often leverage holidays , events and other important dates in their threat campaigns , so it makes perfect sense that a group is capitalizing on the extended tax deadlines coming up , ” he said . The IRS said it had received reports of “ multiple takeover incidents ” in the past year in which the criminals accessed client tax returns , completed those returns , e-filed them and secretly directed refunds to their own accounts . The phishing emails that made these takeovers possible “ can look convincing Attack.Phishing , appearing Attack.Phishing to originate from IRS e-Services ” the IRS warned . They have subject lines designed to get a quick response , such as : “ Account Closure Now , ” “ Avoid Account Shutdown , ” or “ Unlock Your Account Now. ” IRS screen captures show that the fake login pages created Attack.Phishing by the crooks look just like Attack.Phishing those on the real IRS site . “ We urge tax professionals to be on the lookout for the warning signs of these schemes and many others that can contribute to data loss and identity theft , ” IRS Commissioner John Koskinen said in a statement . “ A few simple steps can protect tax professionals as well as their clients . ”

Last week , we reported about these alarming cryptocurrency scams spreading via Twitter . These were n't your garden-variety spam posts either , but rather , fraudsters were hacking into the verified accounts of celebrities and brands in an attempt to lure Attack.Phishing unsuspecting victims . But it looks like these crypto-scammers are moving on and are now targeting other social media platforms , as well . This time , they 're gaming Facebook 's official sponsored ad system to fool Attack.Phishing eager people who are looking to make a quick profit . Read on and see what this new scheme is all about . Cybercriminals are relentlessly coming up with new tactics all the time , and it 's always good to be aware of their latest schemes . This new ploy is a classic phishing scam Attack.Phishing that 's meant to steal your personal information like your name , email and credit card numbers . And similar to other elaborate phishing scams Attack.Phishing , these cybercriminals created Attack.Phishing a bunch of fake websites , news articles and ads for that purpose . The whole ploy starts with a fake Facebook sponsored ad promoting an easy `` wealth building '' scheme . Accompanying the post is an embedded report that appears to originate from the news site CNBC . If you take the bait Attack.Phishing and click through the ad , the ruse gets more obvious . First , the link 's web address does n't belong to any CNBC domain . However , the fraudsters mimicked Attack.Phishing the look and feel of the real CNBC site so there 's a chance an unsuspecting eye might get duped Attack.Phishing . But yes sir , the entire news article is completely fraudulent , the fakest of fake news . Basically , it states that Singapore has officially adopted a certain cryptocurrency and has anointed a firm , dubbed the CashlessPay Group , to market and purchase it . Nevermind that CashlessPay sounds just like another third-rate pyramid scheme , but let 's go along for the ride , shall we ? You probably know by now that there are tons of bogus information going on in Facebook at any given time . The social media giant is trying to clean up its act , though . If you can recall , Facebook banned blockchain and cryptocurrency ads earlier this year but softened its stance by allowing pre-approved cryptocurrency advertisers to post sponsored ads . ( Ca n't resist the revenue , eh ? ) But as always , scammers have found a way to exploit this loophole to spread their scams .

Last week , Intel revealed Vulnerability-related.DiscoverVulnerability that a serious security flaw in some of its chips left potentially thousands of devices vulnerable to attackers . Then , security researchers revealed Vulnerability-related.DiscoverVulnerability the problem was way worse than anyone initially thought as the vulnerability could allow attackers to remotely `` hijack '' affected machines . It 's still not clear just how many devices are impacted Vulnerability-related.DiscoverVulnerability as Intel has't said , but some in the industry have put the number as high as 8,000 . Here 's a look at what you need to know and how to protect yourself . The vulnerability stems from something called Intel Active Management Technology , ( AMT ) , a technology that allows devices to be remotely managed to make it easier to update software and perform maintenance remotely . It 's a feature typically used by businesses that may be responsible for many devices that may not all be in the same place . Since the technology is integrated at a chip level , AMT can do a bit more than other software-enabled management tools . Using AMT 's capabilities , for instance , a system administrator could remotely access and control a computer 's mouse and keyboard , or turn on a computer that 's already been powered down . While those can be helpful capabilities for corporate IT departments to have , it 's obviously the type of access you 'd want locked down pretty tightly . And that 's just the problem . Security researchers found that AMT 's web portal can be accessed with just the user admin and literally any password or even no password at all . That 's why some have labeled it a `` hijacking '' flaw since anyone who exploits the vulnerability would be able to remotely control so many processes . Most importantly , the flaw does n't impact Vulnerability-related.DiscoverVulnerability every Intel chip out there . Since it 's rooted in Vulnerability-related.DiscoverVulnerability AMT , the vulnerability primarily affects Vulnerability-related.DiscoverVulnerability businesses , though , as Intel points out , some consumers use computers made for businesses . One of the easiest ways to check if you might be affected is to check that Intel sticker that comes on so many PCs . Look for a `` VPro '' logo as that indicates the presence of AMT . Of course , looking for a sticker is hardly foolproof . Intel has also released a downloadable detections guide , which will guide you through the process of checking your machines . You can find the detection guide here . Though Intel has long supplied Apple with chips for Macs , AMT is only present on processors in Windows-based machines , so all Macs are safe from this particular exploit . If you do have a machine that 's impacted by the security flaw , you 'll need to update your firmware as soon as possible . Intel has already created Vulnerability-related.PatchVulnerability a patch and is now waiting on manufacturers to make it available Vulnerability-related.PatchVulnerability . Some , including Dell , Lenovo , HP , and Fujitsu , have already rolled it out . You can find links to those over on Intel 's website , which will be updated Vulnerability-related.PatchVulnerability as more manufacturers release Vulnerability-related.PatchVulnerability updates .

Save the Children Foundation has revealed that the charity was targeted by fraudsters last year , leading to the loss of $ 1 million . Speaking to the Boston Globe , the US arm of the non-profit , which supports children worldwide , said that con artists managed to compromise Attack.Databreach an employee 's email account in order to masquerade as Attack.Phishing the staff member in question . Once access was gained Attack.Databreach to the account , the hackers behind the scam created Attack.Phishing a number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruse Attack.Phishing , conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacks Attack.Phishing almost to the letter . These campaigns have a number of steps , compromise Attack.Databreach a business email account via brute-force hacking or social engineering ; pretend to be Attack.Phishing a legitimate staff member , and lure Attack.Phishing another individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scams Attack.Phishing , reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scam Attack.Phishing originating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scams Attack.Phishing against enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .