A local resident has reported receiving Attack.Phishing an email claiming to be Attack.Phishing from HMRC that claims that the agency has recalculated their last fiscal activity and determined that they are eligible to receive a tax refund of £684.97 . Similar to the above warning , the fake HMRC email advises Attack.Phishing that you have to click on a link to complete and submit the refund form . This will take you to a fraudulent website that asks you to supply your name , address , and contact details along with other identifying information . The fake HMRC site also asks you to supply your credit card numbers . Supposedly , all of this information is required to allow the processing of your refund claim . In reality , the information you supply will be collected Attack.Databreach by scammers and used to commit fraud and steal your identity . If you have received Attack.Phishing an HMRC related phishing/bogus email , please forward it to : phishing @ hmrc.gsi.gov.uk and then delete it . Do not visit the website contained within the email or disclose any personal or payment information . Our advice is to delete this or any other similar messages .

Struts bugs , Umbrella misconfig and router Guest accounts fixed Vulnerability-related.PatchVulnerability . Cisco has issued security alerts Vulnerability-related.DiscoverVulnerability for 30 vulnerabilities across a range of its products and services , with three being ranked Vulnerability-related.DiscoverVulnerability as critical and remotely exploitable . Some 20 different Cisco products contain Vulnerability-related.DiscoverVulnerability a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems . Of these , 18 are not vulnerable Vulnerability-related.DiscoverVulnerability to any exploitation vectors for the Struts flaw , Cisco said Vulnerability-related.DiscoverVulnerability . Five Cisco products , SocialMiner , Identity Services Engine , Finesse , Unified Contact Centre Enterprise and the Video Distribution Suite for Internet Streaming have received Vulnerability-related.PatchVulnerability patches for the Struts vulnerability . Cisco 's cloud-hosted Network Performance Analysis service is yet to get Vulnerability-related.PatchVulnerability a Struts update though . A critical flaw in the application programming interface ( API ) for Cisco 's cloud-based Umbrella allowed attackers to view and potentially modify data across multiple organisations using the secure internet gateway service . The vulnerability stems from insufficient authentication configurations for the Umbrella API , and has been patched Vulnerability-related.PatchVulnerability by Cisco with no user action required . Two high-impact vulnerabilities in the Umbrella Enterprise Roaming Client and Enterprise Roaming Module that could be exploited Vulnerability-related.DiscoverVulnerability by attackers to elevate user privileges to Administrator level have also been patched Vulnerability-related.PatchVulnerability by Cisco . A third critical vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to run code remotely on the Cisco RV110W VPN firewall and RV130W and RV215W wireless VPN routers , or freeze the devices in denial of service attacks . Patches for the vulnerability address Vulnerability-related.PatchVulnerability an improper boundary restriction on input via the Guest user account in the devices ' web-based remote management interface , Cisco said . Cisco also patched Vulnerability-related.PatchVulnerability three high impact vulnerabilities in the above network devices , which could be exploited Vulnerability-related.DiscoverVulnerability to remotely execute arbitrary commands and read sensitive information on them . Of the thirty vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability , 13 are ranked Vulnerability-related.DiscoverVulnerability as high impact .

The Bitcoin Core developers recently fixed Vulnerability-related.PatchVulnerability a major vulnerability in the Bitcoin ( BTC ) network ’ s ( client ) codebase . Explaining the potentially serious nature of the software bug , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-17144 and classified as a denial-of-service ( DoS ) attack , Casaba Security co-founder Jason Glassberg said Vulnerability-related.DiscoverVulnerability : “ [ It ] can take down the network. ” Glassberg also told Vulnerability-related.DiscoverVulnerability ZDNet the vulnerability in the Bitcoin Core codebase “ would [ have ] affected transactions in the sense that they can not be completed , but does not appear to open up a way to steal or manipulate wallets. ” Denial-of-Service ( DoS ) , 51 % Attacks The Bitcoin Core client software is used by BTC miners to validate transactions on the cryptocurrency ’ s blockchain and the recent vulnerability found Vulnerability-related.DiscoverVulnerability in its source code could have been used to intentionally crash bitcoin ’ s full-node operators . Although not logistically feasible , this particular software bug could have been remotely exploited Vulnerability-related.DiscoverVulnerability by an attacker to launch a 51 % attack in which one entity controls the majority of the hashing ( or computing ) power of a cryptocurrency network . Advisory Notice , Critical Patch Released Vulnerability-related.PatchVulnerability In most cases , a bad actor has orchestrated a 51 % attack in order to manipulate transactions on a cryptocurrency ’ s blockchain for financial gains . At present , it would cost approximately $ 490,000 to launch such an attack ( for 1 hour ) on the Bitcoin network , according to Crypto51 . However , if the recent Bitcoin Core software bug had not been patched Vulnerability-related.PatchVulnerability , a bad actor could have initiated a 51 % attack on the cryptocurrency ’ s network at a considerably lower cost . The Bitcoin Core developers posted Vulnerability-related.DiscoverVulnerability an advisory notice ( on September 19th ) regarding this DoS vulnerability . Users of Bitcoin Core have been instructed to upgrade Vulnerability-related.PatchVulnerability to version 0.16.3 of the software . Previous versions ( 0.14.0 to 0.16.3 ) of the client contain the DoS vulnerability . Bitcoin Knots , one of at least 96 bitcoin forks to date , was considered vulnerable Vulnerability-related.DiscoverVulnerability as well and its client software was patched Vulnerability-related.PatchVulnerability . `` Copycat '' Cryptos Are At Risk Notably , the CVE-2018-17144 vulnerability could have also affected Vulnerability-related.DiscoverVulnerability the litecoin ( LTC ) network but its client has received Vulnerability-related.PatchVulnerability a patch . Commenting on the serious nature of these software bugs , Cornell computer science professor Emin Gün Sirer said Vulnerability-related.DiscoverVulnerability : “ Copycat currencies are at risk ” - meaning that all bitcoin forks are vulnerable Vulnerability-related.DiscoverVulnerability to the attack . The Turkish-American cryptographer , who identified Vulnerability-related.DiscoverVulnerability critical vulnerabilities in Ethereum ’ s codebase before its network was hit with the DAO attack , was referring to all the currently 69 active bitcoin forks that could still be exploited Vulnerability-related.DiscoverVulnerability with a 51 % attack as their clients might still not have received Vulnerability-related.PatchVulnerability a patch and are not as secure as bitcoin network due to their smaller size . In fact , Crypto51 has estimated it would only cost $ 122 to launch a 51 % attack on the Bitcoin Private ( BTCP ) network . However , this estimate has not been confirmed by another source .

Adobe has posted an update to address Vulnerability-related.PatchVulnerability 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS . The PDF apps have received Vulnerability-related.PatchVulnerability a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited Vulnerability-related.DiscoverVulnerability . Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities . Fortunately , Adobe said that none of the bugs was currently being targeted in the wild - yet . For Mac and Windows Acrobat/Reader DC users , the fixes will be present Vulnerability-related.PatchVulnerability in versions 2019.008.20071 . For those using the older Acrobat and Reader 2017 versions , the fix will be labeled Vulnerability-related.PatchVulnerability 2017.011.30105 . Because PDF readers have become such a popular target for email and web-based malware attacks , users and admins alike would do well to test and install the updates as soon as possible . Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone 's machine . In total , Adobe credited 19 different researchers with discovering Vulnerability-related.DiscoverVulnerability and reporting Vulnerability-related.DiscoverVulnerability the vulnerabilities . Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software , who was credited for finding Vulnerability-related.DiscoverVulnerability and reporting Vulnerability-related.DiscoverVulnerability 35 CVE-listed bugs , and Ke Liu and Tencent Security Xuanwu Lab , who was credited with finding Vulnerability-related.DiscoverVulnerability 11 of the patched Adobe vulnerabilities . Beihang University 's Lin Wang was given credit for nine vulnerabilities . While we 're on the subject of massive security updates , both users and admins will want to mark their calendars for a week from Tuesday . October 9 is slated to be this month 's edition of the scheduled 'Patch Tuesday ' monthly security update .

There ’ s a new scam on the block and over 200 people have already been hit . Here ’ s what you need to know about the TV Licence con . Action Fraud is warning that criminals are sending out Attack.Phishing emails pretending to be Attack.Phishing from TV Licensing . The watchdog says it has already received over 200 reports about the phishing scam Attack.Phishing . The email lures Attack.Phishing you in by saying you are owed a refund on your TV Licence payments . But , it ’ s a con and all the senders are really after is your bank details . What does the email say ? So far all the emails have been the same . They say : “ This is an official notification from TV Licensing ! “ We would like to notify you that , after the last annual calculation we have determined that you are eligible to receive a TV Licensing refund of 85.07 GBP . “ Due to invalid account details records , we were unable to credit your account . Please fill in the TV Licensing refund request and allow us 5-6 working days to the amount to be credited to your account. ” All this is untrue . If you receive this email the best thing to do is report it to Action Fraud and then delete it . Do not click on any links within the email . “ A small number of our customers have received Attack.Phishing scam email messages saying they are due a refund , ” a spokesperson for TV Licensing has said . “ A link directs Attack.Phishing customers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details . “ If you receive a similar email message please delete it . If you have already clicked the link , do not enter or submit any information . TV Licensing never sends refund information by email and is investigating the source of the fraud. ” While these emails are a scam they carry an element of truth – you might be due a refund from TV Licensing . There are a number of ways you can avoid paying the full licence fee . If you are a student you are entitled to a £37 discount on the £147.50 colour TV licence . You can also apply for a refund if you ’ ve paid for a TV Licence beyond your 75th birthday . Anyone over the age of 75 is entitled to watch TV for free . TV Licences apply to households not individuals so if anyone if your household is a student , or over 75 then you all get the benefit of their discount . Similarly , if someone in your house is severely visually impaired they are entitled to a half-price TV licence . You can apply for a refund via the official TV Licensing Website .

A single SMS can force Samsung Galaxy devices into a crash and reboot loop , and leave the owner with no other option than to reset it to factory settings and lose all data stored on it . This is because there are certain bugs in older Samsung Galaxy phones and tablets that can be triggered via SMS , and used by attackers to force maliciously crafted configuration messages onto the users ’ device . The bugs allow these types of messages to be executed without user interaction . As the ContextIS researchers who discovered Vulnerability-related.DiscoverVulnerability the vulnerabilities explained , this avenue of attack can be abused by crooks to hold users ’ devices for ransom . “ First a ransom note is sent , if ignored then the malicious configuration message can be sent , ” they noted . If the victim pays up Attack.Ransom , a configuration message can later be sent to stop the rebooting . The vulnerabilities in question Vulnerability-related.DiscoverVulnerability , CVE-2016-7988 and CVE-2016-7989 , can be triggered through SMS on the S4 , S4 Mini , S5 and Note 4 , but not on newer Samsung devices . “ It ’ s worth noting that although newer phones such as the S6 and S7 aren ’ t affected over the air , [ a similar result ] could be accomplished by a malicious app abusing CVE-2016-7988 , ” they added Vulnerability-related.DiscoverVulnerability . These specific issues are related to modifications Samsung made to to the Android telephony framework and are found in a Samsung-specific application for handling carrier messages . “ We responsibly disclosed Vulnerability-related.DiscoverVulnerability this to Samsung who handle the patching process Vulnerability-related.PatchVulnerability with carriers . We extended our standard 90 day disclosure policy to allow Samsung time to arrange Vulnerability-related.PatchVulnerability for the patches to be made available , ” the researchers told Help Net Security . Whether all users of vulnerable devices have received Vulnerability-related.PatchVulnerability the patches is difficult to tell . “ The Android update process is a bit of a minefield and is well illustrated in this HTC diagram , ” they commented . They also noted that it ’ s possible that the same avenue of attack could be abused to target other devices – it all depends on how this same technology is handled by other vendors