the CEO through email . Director of Human Resources Christopher Martin said that his payroll account 's manager receivedAttack.Phishingan email from someone who claimed to beAttack.PhishingScott Wise , the company 's CEO . The person then requested all 4,000 employee 's 2016 W-2 forms in a PDF format . After discovering that Wise did not send the email , Martin contacted the Internal Revenue Service about the breach . Reports have also been filed with the Federal Bureau of Investigation and Indiana State Police . Martin plans on contacting all employees affected about what they can do to protect themselves from unauthorized use of their personal information . No suspect information has been released at this time . CEO Scott Wise released a statement saying : `` Unfortunately , Scotty 's was the target of and fell victim to scammers , as so many other companies have . Scotty 's employees and customers are of tremendous importance to the company and Scotty 's regrets any inconvenience to its employees that may result from this scamming incident . Scotty 's will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice . ''
After national reports in the press this week where bank customers have been targeted by a ‘smishing’ scamAttack.Phishing, including a man from Coventry , Trading Standards is advising all residents to be on their guard . Smishing messages (SMS + fishing)Attack.Phishingusually contain a phony telephone number to call or link to a counterfeit website that will ask you to enter personal details or transfer money as your account is at risk . They can also ask you to call or text a premium-rate number they have created to run up a large bill . In the reports this week , three customers of the same bank receivedAttack.Phishingtext messages to say that there had been unusual activity on their accounts and given a phone number to call . When called , the people were convincedAttack.Phishingto give access to their online banking which generated a security code , which was then used to siphon money from accounts . ‘ Take Five ’ is a new campaign by Financial Fraud Action UK ( FFA UK ) designed to tackle financial fraud and is the first national campaign to be backed by all the major banks and other financial service providers across the UK . You can protect yourself from financial fraud by remembering some simple advice : Never disclose security details , such as your PIN or full password - it ’ s never okay to reveal these details . Don ’ t assume an email request or caller is genuine - people aren ’ t always who they say they are . Don ’ t be rushed – a genuine bank or organisation won ’ t mind waiting to give you time to stop and think . Listen to your instincts – if something feels wrong then it is usually right to pause and question it . Stay in control – have the confidence to refuse unusual requests for information . With financial fraud getting ever more sophisticated , anyone can be targeted and incidents are on the increase . Trading Standards advise to always be cautious with any unsolicited approaches .
Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attemptsAttack.Phishingbetween July 7 and August 8 , reported today the Electronic Frontier Foundation ( EFF ) . Both organizations targeted in the attacksAttack.Phishingare currently fighting against for Net Neutrality in the US . Based on currently available evidence , the attacks appear to have been orchestrated by the same attacker , located in a UTC+3-5:30 timezone , said EFF Director of Cybersecurity Eva Galperin and EFF security researcher Cooper Quintin . At least one victim fell for the attacks `` Although this phishing campaignAttack.Phishingdoes not appear to have been carried out by a nation-state actor and does not involve malware , it serves as an important reminder that civil society is under attack , '' said the two today . `` It is important for all activists , including those working on digital civil liberties issues in the United States , to be aware that they may be targeted by persistent actors who are well-informed about their targets ’ personal and professional connections . '' At least one victim fell for the 70 fake emails sentAttack.Phishingduring the phishing attemptsAttack.Phishing. Attackers did n't deliver malware but luredAttack.Phishingvictims away on a remote site designed to phish Google , Dropbox , and LinkedIn credentials . `` The attackers were remarkably persistent , switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time , '' EFF said . The most creative of the spear-phishing emails was when victims receivedAttack.Phishingemails with the subject line `` You have been successfully subscribed to Pornhub.com , '' or `` You have been successfully subscribed to Redtube.com , '' two very popular adult video portals . Minutes later , victims receivedAttack.Phishinganother email made to look likeAttack.Phishingit was coming fromAttack.Phishingthe same two services . These second emails contained explicit subject lines . Because spear-phishing emails were aimedAttack.Phishingat work emails , most victims would have been inclined to unsubscribe from the incoming emails . This was the catch , as attackers doctored the unsubscribe link , leadingAttack.Phishingvictims to a fake Google login screen . Attackers used different tactics as the campaign progressed The PornHub and RedTube phishesAttack.Phishingwere not the only ones . Attackers also used other tactics . ⬭ Links to generic documents that asked users to enter credentials before viewing . ⬭ LinkedIn message notifications that tried to trickAttack.Phishingusers into giving away LinkedIn creds . ⬭ Emails disguised to look likeAttack.Phishingthey were coming fromAttack.Phishingfamily members , sharing photos , but which asked the victim to log in and give away credentials instead . ⬭ Fake email notifications for hateful comments posted onAttack.Phishingthe target 's YouTube videos . When the victim followed the link included in the email , the target would have to enter Google credentials before performing the comment moderation actions . ⬭ Emails that looked likeAttack.Phishinga friend was sharingAttack.Phishinginteresting news stories . Used topics and subject lines include : - Net Neutrality Activists 'Rickroll ' FCC Chairman Ajit Pai - Porn star Jessica Drake claims Donald Trump offered her $ 10G , use of his private jet for sex - Reality show mom wants to hire a hooker for her autistic son In one case , one of the targeted activists received a request from a user asking for a link to buy her music . When the target replied , the attacker answered backAttack.Phishingwith a Gmail phishing link , claiming the buy link did n't work . EFF experts say that victims who had two-factor authentication turned on for their accounts would have prevented attackers from logging into their profiles even if they had managed to obtainAttack.Databreachtheir password .
Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attemptsAttack.Phishingbetween July 7 and August 8 , reported today the Electronic Frontier Foundation ( EFF ) . Both organizations targeted in the attacksAttack.Phishingare currently fighting against for Net Neutrality in the US . Based on currently available evidence , the attacks appear to have been orchestrated by the same attacker , located in a UTC+3-5:30 timezone , said EFF Director of Cybersecurity Eva Galperin and EFF security researcher Cooper Quintin . At least one victim fell for the attacks `` Although this phishing campaignAttack.Phishingdoes not appear to have been carried out by a nation-state actor and does not involve malware , it serves as an important reminder that civil society is under attack , '' said the two today . `` It is important for all activists , including those working on digital civil liberties issues in the United States , to be aware that they may be targeted by persistent actors who are well-informed about their targets ’ personal and professional connections . '' At least one victim fell for the 70 fake emails sentAttack.Phishingduring the phishing attemptsAttack.Phishing. Attackers did n't deliver malware but luredAttack.Phishingvictims away on a remote site designed to phish Google , Dropbox , and LinkedIn credentials . `` The attackers were remarkably persistent , switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time , '' EFF said . The most creative of the spear-phishing emails was when victims receivedAttack.Phishingemails with the subject line `` You have been successfully subscribed to Pornhub.com , '' or `` You have been successfully subscribed to Redtube.com , '' two very popular adult video portals . Minutes later , victims receivedAttack.Phishinganother email made to look likeAttack.Phishingit was coming fromAttack.Phishingthe same two services . These second emails contained explicit subject lines . Because spear-phishing emails were aimedAttack.Phishingat work emails , most victims would have been inclined to unsubscribe from the incoming emails . This was the catch , as attackers doctored the unsubscribe link , leadingAttack.Phishingvictims to a fake Google login screen . Attackers used different tactics as the campaign progressed The PornHub and RedTube phishesAttack.Phishingwere not the only ones . Attackers also used other tactics . ⬭ Links to generic documents that asked users to enter credentials before viewing . ⬭ LinkedIn message notifications that tried to trickAttack.Phishingusers into giving away LinkedIn creds . ⬭ Emails disguised to look likeAttack.Phishingthey were coming fromAttack.Phishingfamily members , sharing photos , but which asked the victim to log in and give away credentials instead . ⬭ Fake email notifications for hateful comments posted onAttack.Phishingthe target 's YouTube videos . When the victim followed the link included in the email , the target would have to enter Google credentials before performing the comment moderation actions . ⬭ Emails that looked likeAttack.Phishinga friend was sharingAttack.Phishinginteresting news stories . Used topics and subject lines include : - Net Neutrality Activists 'Rickroll ' FCC Chairman Ajit Pai - Porn star Jessica Drake claims Donald Trump offered her $ 10G , use of his private jet for sex - Reality show mom wants to hire a hooker for her autistic son In one case , one of the targeted activists received a request from a user asking for a link to buy her music . When the target replied , the attacker answered backAttack.Phishingwith a Gmail phishing link , claiming the buy link did n't work . EFF experts say that victims who had two-factor authentication turned on for their accounts would have prevented attackers from logging into their profiles even if they had managed to obtainAttack.Databreachtheir password .
Thousands , if not more , Jenkins servers are vulnerableVulnerability-related.DiscoverVulnerabilityto data theft , takeover , and cryptocurrency mining attacks . This is because hackers can exploit two vulnerabilities to gain admin rights or log in using invalid credentials on these servers . Both vulnerabilities were discoveredVulnerability-related.DiscoverVulnerabilityby security researchers from CyberArk , were privately reportedVulnerability-related.DiscoverVulnerabilityto the Jenkins team , and receivedVulnerability-related.PatchVulnerabilityfixes over the summer . But despite patches for both issues , there are still thousands of Jenkins servers availableVulnerability-related.PatchVulnerabilityonline . Jenkins is a web application for continuous integration built in Java that allows development teams to run automated tests and commands on code repositories based on test results , and even automate the process of deploying new code to production servers . Jenkins is a popular component in many companies ' IT infrastructure and these servers are very popular with both freelancers and enterprises alike . Over the summer , CyberArk researchers discoveredVulnerability-related.DiscoverVulnerabilitya vulnerability ( tracked asVulnerability-related.DiscoverVulnerabilityCVE-2018-1999001 ) that allows an attacker to provide malformed login credentials that cause Jenkins servers to move their config.xml file from the Jenkins home directory to another location . If an attacker can cause the Jenkins server to crash and restart , or if he waits for the server to restart on its own , the Jenkins server then boots in a default configuration that features no security . In this weakened setup , anyone can register on the Jenkins server and gain administrator access . With an administrator role in hand , an attacker can access private corporate source code , or even make code modifications to plant backdoors in a company 's apps . This lone issue would have been quite bad on its own , but CyberArk researchers also discoveredVulnerability-related.DiscoverVulnerabilitya second Jenkins vulnerability -- CVE-2018-1999043 . This second bug , they saidVulnerability-related.DiscoverVulnerability, allowed an attacker to create ephemeral user records in the server 's memory , allowing an attacker a short period when they could authenticate using ghost usernames and credentials . Both vulnerabilities were fixedVulnerability-related.PatchVulnerability, the first in July and the second in August , but as we 've gotten accustomed to in the past few years of covering security flaws , not all server owners have bothered to install these security updates .
Adobe has patchedVulnerability-related.PatchVulnerabilitya number of security vulnerabilities on the last scheduled monthly update of this year . All these patches specifically addressedVulnerability-related.PatchVulnerabilitybugs in Adobe Reader and Acrobat . Allegedly , Adobe December Patch Tuesday Update fixedVulnerability-related.PatchVulnerabilityas much as 86 different vulnerabilities , including 38 critical security flaws . This week , Adobe rolled outVulnerability-related.PatchVulnerabilitythe last scheduled monthly updates for its products . While the previous month ’ s update included bug fixes in Flash Player , the Adobe December Patch Tuesday update bundle remained focused on Adobe Reader and Acrobat . As much as 38 different critical security bugs receivedVulnerability-related.PatchVulnerabilitypatches with this update . The vulnerabilities include 2 buffer errors , 2 Untrusted pointer dereference vulnerabilities , 5 out-of-bounds write vulnerabilities , 3 heap overflow bugs , and 23 use after free vulnerabilities . All these vulnerabilities could allegedly lead to arbitrary code execution by a potential attacker . In addition , 3 security bypass vulnerabilities also receivedVulnerability-related.PatchVulnerabilityfixes with this update . These flaws could allow privilege escalation on the targeted systems . In addition to the above , Adobe also releasedVulnerability-related.PatchVulnerabilityfixes for 48 important security vulnerabilities . These include , 43 out-of-bounds read vulnerabilities , 4 integer overflow bugs , and a single security bypass bug . All these could allegedly result in information disclosure . As stated in Adobe ’ s advisory , the affected software include the following for Windows , Acrobat DC and Acrobat Reader DC ( continuous track ) versions 2019.008.20081 and earlier , Adobe Acrobat 2017 and Acrobat Reader 2017 ( Classic 2017 track ) versions 2017.011.30106 and earlier , Acrobat DC and Acrobat Reader DC ( Classic 2015 track ) versions 2015.006.30457 and earlier . Whereas , in the case of MacOS , the affected programs include , Acrobat DC and Acrobat Reader DC ( continuous track ) versions including and prior to 2019.008.20080 , Adobe Acrobat 2017 and Acrobat Reader 2017 ( track Classic 2017 ) versions 2017.011.30105 and above , Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) versions 2015.006.30456 and above . Adobe has patchedVulnerability-related.PatchVulnerabilityall 86 vulnerabilities in the recently released versions of the respective software . The patched versions include Acrobat DC and Acrobat Reader DC versions 2019.010.20064 ( continuous track ) , Acrobat 2017 and Acrobat Reader DC 2017 ( Classic 2017 ) version 2017.011.30110 , and Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) version 2015.006.30461 . Users of both Windows and MacOS should , therefore , ensure updatingVulnerability-related.PatchVulnerabilitytheir systems and download the latest versions of the affected software to stay protected from these vulnerabilities . This month ’ s scheduled update bundle did not addressVulnerability-related.PatchVulnerabilityany security flaws in Flash Player . Nonetheless , lately , Adobe already patchedVulnerability-related.PatchVulnerabilitya critical Flash vulnerability already disclosedVulnerability-related.DiscoverVulnerabilityto the public .
Adobe has patchedVulnerability-related.PatchVulnerabilitya number of security vulnerabilities on the last scheduled monthly update of this year . All these patches specifically addressedVulnerability-related.PatchVulnerabilitybugs in Adobe Reader and Acrobat . Allegedly , Adobe December Patch Tuesday Update fixedVulnerability-related.PatchVulnerabilityas much as 86 different vulnerabilities , including 38 critical security flaws . This week , Adobe rolled outVulnerability-related.PatchVulnerabilitythe last scheduled monthly updates for its products . While the previous month ’ s update included bug fixes in Flash Player , the Adobe December Patch Tuesday update bundle remained focused on Adobe Reader and Acrobat . As much as 38 different critical security bugs receivedVulnerability-related.PatchVulnerabilitypatches with this update . The vulnerabilities include 2 buffer errors , 2 Untrusted pointer dereference vulnerabilities , 5 out-of-bounds write vulnerabilities , 3 heap overflow bugs , and 23 use after free vulnerabilities . All these vulnerabilities could allegedly lead to arbitrary code execution by a potential attacker . In addition , 3 security bypass vulnerabilities also receivedVulnerability-related.PatchVulnerabilityfixes with this update . These flaws could allow privilege escalation on the targeted systems . In addition to the above , Adobe also releasedVulnerability-related.PatchVulnerabilityfixes for 48 important security vulnerabilities . These include , 43 out-of-bounds read vulnerabilities , 4 integer overflow bugs , and a single security bypass bug . All these could allegedly result in information disclosure . As stated in Adobe ’ s advisory , the affected software include the following for Windows , Acrobat DC and Acrobat Reader DC ( continuous track ) versions 2019.008.20081 and earlier , Adobe Acrobat 2017 and Acrobat Reader 2017 ( Classic 2017 track ) versions 2017.011.30106 and earlier , Acrobat DC and Acrobat Reader DC ( Classic 2015 track ) versions 2015.006.30457 and earlier . Whereas , in the case of MacOS , the affected programs include , Acrobat DC and Acrobat Reader DC ( continuous track ) versions including and prior to 2019.008.20080 , Adobe Acrobat 2017 and Acrobat Reader 2017 ( track Classic 2017 ) versions 2017.011.30105 and above , Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) versions 2015.006.30456 and above . Adobe has patchedVulnerability-related.PatchVulnerabilityall 86 vulnerabilities in the recently released versions of the respective software . The patched versions include Acrobat DC and Acrobat Reader DC versions 2019.010.20064 ( continuous track ) , Acrobat 2017 and Acrobat Reader DC 2017 ( Classic 2017 ) version 2017.011.30110 , and Acrobat DC and Acrobat Reader DC ( track Classic 2015 ) version 2015.006.30461 . Users of both Windows and MacOS should , therefore , ensure updatingVulnerability-related.PatchVulnerabilitytheir systems and download the latest versions of the affected software to stay protected from these vulnerabilities . This month ’ s scheduled update bundle did not addressVulnerability-related.PatchVulnerabilityany security flaws in Flash Player . Nonetheless , lately , Adobe already patchedVulnerability-related.PatchVulnerabilitya critical Flash vulnerability already disclosedVulnerability-related.DiscoverVulnerabilityto the public .
A vulnerability affectsVulnerability-related.DiscoverVulnerabilityall versions of the OpenSSH client released in the past two decades , ever since the application was released in 1999 . The security bug receivedVulnerability-related.PatchVulnerabilitya patch this week , but since the OpenSSH client is embedded in a multitude of software applications and hardware devices , it will take months , if not years , for the fix to trickle downVulnerability-related.PatchVulnerabilityto all affected systems . This particular bug was analyzedVulnerability-related.DiscoverVulnerabilitylast week by security researchers from Qualys who spottedVulnerability-related.DiscoverVulnerabilitya commit in OpenBSD 's OpenSSH source code for a bug report submittedVulnerability-related.DiscoverVulnerabilityby Darek Tytko from securitum.pl . After analyzing the commit , researchers realized that the code inadvertently fixedVulnerability-related.PatchVulnerabilitya security bug lying dormant in the OpenSSH client since its creation . This bug allows a remote attacker to guess the usernames registered on an OpenSSH server . Since OpenSSH is used with a bunch of technologies ranging from cloud hosting servers to mandate IoT equipment , billions of devices are affected . As researchers explain , the attack scenario relies on an attacker trying to authenticate on an OpenSSH endpoint via a malformed authentication request ( for example , via a truncated packet ) . A vulnerable OpenSSH server would react in two very different ways when this happens . If the username included in the malformed authentication request does not exist , the server responds with authentication failure reply . If the user does exist , the server closes the connection without a reply . This small behavioral detail allows an attacker to guess valid usernames registered on a SSH server . Knowing the exact username may not pose an immediate danger , but it exposes that username to brute-force or dictionary attacks that can also guess its password . Because of OpenSSH 's huge install base , the bug is ideal for both attacks on high-value targets , but also in mass-exploitation scenarios . The bug — tracked asVulnerability-related.DiscoverVulnerabilityCVE-2018-15473— has been patchedVulnerability-related.PatchVulnerabilityin the stable version of OpenSSH —1:6.7p1-1 and 1:7.7p1-1— and the 1:7.7p1-4 unstable branch . Patches have also trickled downVulnerability-related.PatchVulnerabilityto Debian , and most likely other Linux distros .
A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes . Kubernetes makes it easier to manage a container environment by organizing application containers into pods , nodes ( physical or virtual machines ) and clusters . Multiple nodes form a cluster , managed by a master that coordinates cluster-related activities like scaling , scheduling , or updating apps . Each node has an agent called Kubelet that facilitates communication with the Kubernetes master via the API . The number of nodes available in a Kubernetes system can be hundreds and even thousands . Pulling this off is easy on default configurations , where `` all users ( authenticated and unauthenticated ) are allowed to perform discovery API calls that allow this escalation , '' says Jordan Liggitt , staff software engineer at Google . The security bug was discoveredVulnerability-related.DiscoverVulnerabilityby Darren Shepherd , co-founder of Rancher Labs company that provides the Kubernetes-as-a-Service solution called Rancher . Now tracked asVulnerability-related.DiscoverVulnerabilityCVE-2018-1002105 , the flaw is critical , with a Common Vulnerability Scoring System ( CVSS ) score of 9.8 out of 10 . According to the latest version of the vulnerability severity calculator , exploiting the security glitch has low difficulty and does not require user interaction . Red Hat 's OpenShift Container Platform uses Kubernetes for orchestrating and managing containers is also impactedVulnerability-related.DiscoverVulnerabilityby the vulnerability . In an advisory on the matter , the company explains that the flaw can be used in two ways against its products . One involves a normal user with 'exec , ' 'attach , ' or 'portforward ' rights over a Kubernetes pod ( a group of one or more containers that share storage and network resources ) ; they can escalate their privileges to cluster-admin level and execute any process in a container . The second attack method exploits the API extension feature used by ‘ metrics-server ’ and ‘ servicecatalog ’ in OpenShift Container Platform , OpenShift Online , and Dedicated . No privileges are required and an unauthenticated user can get admin rights to any API extension deployed to the cluster . `` Cluster-admin access to ‘ servicecatalog ’ allows creation of service brokers in any namespace and on any node , '' the advisory details . The problem has been addressedVulnerability-related.PatchVulnerabilityin the latest Kubernetes revisions : v1.10.11 , v1.11.5 , v1.12.3 , and v1.13.0-rc.1 . Kubernetes releases prior to these along with the products and services based on them are affectedVulnerability-related.DiscoverVulnerabilityby CVE-2018-1002105 . Red Hat releasedVulnerability-related.PatchVulnerabilitypatches for the OpenShift family of containerization software ( OpenShift Container Platform , OpenShift Online , and OpenShift Dedicated ) and users receivedVulnerability-related.PatchVulnerabilityservice updates they can install at their earliest convenience . The software company warns that a malicious actor could exploit the vulnerability to stealAttack.Databreachdata or inject malicious code , as well as `` bring down production applications and services from within an organization ’ s firewall . ''
Oracle releasedVulnerability-related.PatchVulnerabilityits latest Critical Patch Update on July 18 , fixingVulnerability-related.PatchVulnerability334 vulnerabilities across the company 's product portfolio . The company rated 61 of the vulnerabilities as having critical impact . Among the products patchedVulnerability-related.PatchVulnerabilityby Oracle are Oracle Database Server , Oracle Global Lifecycle Management , Oracle Fusion Middleware , Oracle E-Business Suite , Oracle PeopleSoft , Oracle Siebel CRM , Oracle Industry Applications , Oracle Java SE , Oracle Virtualization , Oracle MySQL and Oracle Sun Systems Products Suite . While there are issues of varying severity in the update , Oracle is blaming third-party components as being the cause of the majority of the critical issues . `` It is fair to note that bugs in third-party components make up a disproportionate amount of severe vulnerabilities in this Critical Patch Update , '' Eric Maurice , director of security assurance at Oracle , wrote in a blog post . `` 90 percent of the critical vulnerabilities addressedVulnerability-related.PatchVulnerabilityin this Critical Patch Update are for non-Oracle CVEs . '' Of the 334 issues fixedVulnerability-related.PatchVulnerabilityin the July Critical Patch Update , 37 percent were for third-party components included in Oracle product distributions . While many flaws were from third-party libraries , there were also flaws in Oracle 's own development efforts . Oracle 's namesake database was patchedVulnerability-related.PatchVulnerabilityfor three issues , one of which is remotely exploitable without user authentication . Oracle 's Financial Services application receivedVulnerability-related.PatchVulnerabilitythe highest total number of patches at 56 , with 21 identified as being remotely exploitable without user authentication . Oracle 's Fusion Middleware , on the other hand , gotVulnerability-related.PatchVulnerability44 new security fixes , with 38 of them rated as being critical . Oracle Enterprise Manager Products were patchedVulnerability-related.PatchVulnerabilityfor 16 issues , all of which are remotely exploitable without authentication . Looking at flaws in Java , Oracle 's July CPU providesVulnerability-related.PatchVulnerabilityeight security fixes , though organizations likely need to be cautious when applyingVulnerability-related.PatchVulnerabilitythe patches , as certain functionality has been removed . `` Several actions taken to fixVulnerability-related.PatchVulnerabilityJava SE vulnerabilities in the July CPU are likely to break the functionality of certain applications , '' security firm Waratek warned in an advisory . `` Application owners who applyVulnerability-related.PatchVulnerabilitybinary patches should be extremely cautious and thoroughly test their applications before puttingVulnerability-related.PatchVulnerabilitypatches into production . '' The reason why the Oracle fixes could break application functionality is because Oracle has decided to remove multiple vulnerable components from its Java Development Kit ( JDK ) . At 334 fixed flaws , the July update is larger than last Critical Patch Update releasedVulnerability-related.PatchVulnerabilityon Jan 15 , which providedVulnerability-related.PatchVulnerabilitypatches for 237 flaws . While the number of patches issues has grown , Matias Mevied , Oracle security researcher at Onapsis , commented that Oracle is working in the right way , fixingVulnerability-related.PatchVulnerabilitythe reported vulnerabilities and is getting faster every year . `` Unfortunately , based in our experience , the missing part is that the companies still do n't implement the patches as soon as they should be , '' Mevied told eWEEK .
BT MAIL users should be on alert as a new email scamAttack.Phishingis discovered which could be used to gain accessAttack.Databreachto personal details . Users of BT ’ s popular email service should be aware of a new scam which is targeting customers across the UK . The latest threat , which was unleashed over the weekend , suggests that customers ’ bills are overdue and need to be paid as soon as possible . The full message reads , “ Your latest bill is now overdue . You can view it online at My BT or on the app . To log in , you 'll need your BT ID . This is usually your email address . “ You need to pay it as soon as possible to avoid service intreruption ! ” This scam then attempts to trickAttack.Phishingusers by suggesting they should click a link to pay their outstanding bill . There ’ s plenty of warning signs about this message including obvious spelling errors and the fact there ’ s no official BT branding on the email . Another reason why this is clearly a fake is that it 's been sentAttack.Phishingto people who do n't even use BT as their email provider . One person hit by the scam told Express.co.uk that they receivedAttack.Phishingthe email on Sunday and have never had a BT broadband or BT email account . UK Police have also sent out an alert warning BT customers about this latest scamAttack.Phishingand advising them not to be cautious when clicking in links embedded within emails . In a tweet Warwickshire Police said they had “ received an email from BT re an outstanding bill today - there are links on it to pay the bill . `` This is an obvious scam , '' the message on Twitter continued . `` Please if you receive a similar one DO NOT CLICK ON THE LINKS - BT have been made aware . '' Express.co.uk has contacted BT for comment on this latest scam . BT has plenty of advice on its website about staying safe online . The broadband supplier states that internet scams can take many forms , from ' phishingAttack.Phishing' , where a fake email or web site will try to get you to part with your bank account information , to scams pretending to beAttack.Phishingfrom online auction , job or other websites that try to collect your personal data . Not sure if an email you 've received is genuine ? Do n't click on it , and never give out your account or bank details . Stay safe by being aware of `` phishingAttack.Phishing`` and other scams that might find their way into your inbox .
A NEW DVLA car tax scamAttack.Phishingis doing the rounds online which could see motorists dupedAttack.Phishinginto entering sensitive information and being ripped off by criminals . Here ’ s what to do if you receive this message . DVLA car tax scam are not a new thing and every couple of months a new one does the rounds . Criminals pose asAttack.Phishingthe Driver and Vehicle Licensing Agency in a bid to extort motorists of their cash by requesting this bank details . These crooks usually try to achieve this by threatening a monetary punishment of some sort or in other cases by stating that the driver is entitled to a refund . The problem for some motorists could fallAttack.Phishingfor the fraudulent messages especially as they often look fairly professional and can even contain the logo of the DVLA Motorists Jason Price , however , was not fooledAttack.Phishingby the latest attempt by fraudsters trying to get him to hand over his details . Mr Price tweeted a link to the email that he receivedAttack.Phishingfrom the criminal pretending to beAttack.Phishingthe DVLA . The subject of the email is “ You are not up-to-date with your vehicle tax ” followed by a bogus item reference number , which presumably is to , in some way , make the email seem more legitimate . The contents of the email claim that the driver is not up to date with their vehicle tax and states that this is their ‘ last chance ’ to pay the remainder of the fee . It reads : “ Our records show that you are not up-to-date with your vehicle tax . “ This is a reminder ( V11 ) and a ‘ last chance ’ warning letter from us . “ Tax your car , motorcycle or other vehicle today to avoid unpleasant consequences . “ You must tax your vehicle even if you don ’ t have to pay anything , for example if you ’ re exempt because you ’ re disabled . “ You ’ ll need to meet all the legal obligations for drivers before you can drive. ” It also states that “ You can be fined up to £1,000 if you do not renew your car tax ” The DVLA has issued numerous warnings to customers in the past about how it will never contact the motorist in this way . “ # SCAM WARNING : We 're reminding customers that the only official place to find our services and information is on http : //GOV.UK “ Cyber scams are common so we want to help our customers to spot fraudulent activity. ” If you receive an email or message like this you should either report it or instantly delete it and not click the link in the message . If you ’ re unsure on the validity of a message then you can ring the licensing agency .
MONTREAL—On Sept 10 , municipal employees in a region between Montreal and Quebec City arrived at work to discover a threatening message on their computers notifyingAttack.Ransomthem they were locked out of all their files . In order to regain access to its data , the regional municipality of Mekinac was told to depositAttack.Ransomeight units of the digital currency Bitcoin into a bank account — roughly equivalent to $ 65,000 . Mekinac ’ s IT department eventually negotiatedAttack.Ransomthe cyber extortionists down and paidAttack.Ransom$ 30,000 in Bitcoin , but not before the region ’ s servers were disabled for about two weeks . The attack highlights the inability of many small municipalities to adequately protect their data , but also the lack of guidance on cybersecurity provided to them by the Quebec government , according to Prof. Jose Fernandez , a malware expert at Montreal ’ s Polytechnique engineering school . “ Quebec is an embarrassment , ” Fernandez said in an interview , adding that he has tried without success to contact government representatives to alert them to the problem . “ There hasn ’ t been any traction on this issue in the past 15 years , ” he said . “ I try to speak to ( the government ) but there is nobody . Who are you going to call ? Nobody. ” Bernard Thompson , reeve for the Mekinac regional municipality , said the ransom demandAttack.Ransompresented a real dilemma for his small organization . Mekinac groups together 10 municipalities with a population of roughly 13,000 people . “ It was hard , clearly , on the moral side of things that we had to pay a bunch of bandits , ” Thompson said . Mekinac ’ s attackers used malicious software — known as malware or ransomware — to demand moneyAttack.Ransomin return for keys to unlock the data . Fernandez said it is ironic that Quebec is home to a thriving cybersecurity industry and is an emerging hub for artificial-intelligence research , yet the provincial government is “ decades ” behind other provinces in defending against cyberattacks . Still , Quebec is not the only province experiencing attacks . Several municipal governments and businesses in Ontario were recently hit by ransomware attacksAttack.Ransom, prompting the Ontario Provincial Police to issue an advisory in September . In response to the growing problem , Communications Security Establishment — the Defence Department ’ s electronic intelligence agency — launched the Canadian Centre for Cyber Security last month . It is responsible for monitoring “ new forms of ransomware ” and advising the federal and provincial governments . Spokesman Evan Koronewski said the centre has no provincial or territorial equivalent . Fernandez , however , notes that some provinces are taking significant steps . British Columbia and New Brunswick have established offices dedicated to protecting government data . Meanwhile in Quebec , he said , small towns are left unprotected . “ I ’ m hoping the new government does something about it , ” he said . Patrick Harvey , spokesman for the Public Security Department , disputed the claim the provincial government is unprepared for cyberattacks . He said the Treasury Department has a director of information responsible for ensuring government data is protected . The Public Security Department has a unit dedicated to responding to cyberattacks within the administration and provincial police . But municipalities are not part of the unit ’ s mandate . “ Municipalities are autonomous entities that are responsible for ensuring the security of their digital infrastructure , ” Harvey said . Mekinac ’ s servers were compromised after an employee opened and clicked on a link in a fraudulent email sentAttack.Phishingby the hackers . Once opened , the malware was downloaded onto the computer , giving the hackers access to the entire network . The hackers then encrypted all the data and held it hostage until they receivedAttack.Ransomtheir bitcoins . Once a system ’ s data is encrypted , it ’ s virtually impossible to crack the code without a key — and there is nothing police can do about it . Most professional criminals use commercial grade encryption and to locate a key to decrypt data would take “ astronomical effort in terms of computing , ” Fernandez said . “ You either payAttack.Ransomor you don ’ t get the data. ” The identity and location of Mekinac ’ s hackers were never discovered . Thompson said police seized some of his computers for analysis and told his office not to negotiate or payAttack.Ransomthe criminals . But Thompson said his region couldn ’ t heed that advice , because it would have meant months of data re-entry , costing significantly more than $ 30,000 . So they paidAttack.Ransom, got their data back and learned a valuable lesson . “ In the end , in terms of the security of our system , ( the attack ) was actually positive , ” Thompson said . A local cybersecurity company — for $ 10,000 a year — helped the regional municipality build firewalls and encrypt its own data . “ We are practically no longer vulnerable , ” Thompson said . “ Everything is encrypted now . Every email is analyzed before we even receive it. ” He warns that small towns across the province are just as susceptible to attack as his region was . “ Every day , our system catches malicious emails trying to penetrate — but they are stopped , ” he said . “ But the attacks keep coming . ”
If you own a Google Pixel or Google Pixel XL , you ’ re probably wondering where your November security patch update is . Although most Google devices — including older Nexus devices — receivedVulnerability-related.PatchVulnerabilitythe patch at the beginning of the month as detailed below , the original Pixel lineup was left high and dry . Today , finally , the patch is here . You can wait for the OTA to hit your device , or you can use the links below to manually install . We ’ re not quite sure why this took so long , but hopefully , the December patch will be a bit more uniform . Right on schedule , Google has releasedVulnerability-related.PatchVulnerabilityAndroid ’ s October security patch . As it ’ s the first update to make its way to the Pixel 3 and Pixel 3 XL , it should include some bug fixes . Unfortunately , it won ’ t resolveVulnerability-related.PatchVulnerabilitythe memory issues just yet . The November patch itself includes fixes for 17 security vulnerabilities . The most severe bugs included an issue in the media framework and the ability for a remote attacker to execute arbitrary code through a crafted file . Fortunately , Google doesn ’ t believe that either of these were used to harm users . The November security patch includes several bug fixes and improvements specifically for Pixel devices . As Google notes , this update should help with notification stability on Pixel 2 and Pixel 3 handsets as well as improve picture-in-picture performance on the four handsets . Sadly , the November security patch will likely be the last update pushedVulnerability-related.PatchVulnerabilityto the Pixel C , Nexus 6P , and Nexus 5X . As Google only guarantees firmware upgrades for two years after a device is released and security patches for three , the search giant is no longer obligated to support the two phone or tablet . Of course , this doesn ’ t mean that your devices are no longer usable . Even if you no longer get official support from Google , there are large developer communities that build ROMs that bringsVulnerability-related.PatchVulnerabilitythe latest security patches and Android features to all of Google ’ s abandoned devices . If you don ’ t want to wait for the November security patch to make its way to your phone , you can download the latest factory image or OTA file from the links below . From there , you can either flash a fresh build to your phone or sideload the OTA update . The November security patch is also making its way to the Essential Phone . In addition to the resolved issues addressedVulnerability-related.PatchVulnerabilityabove , this update brings support for the company ’ s Audio Adapter HD module .
Noticed more emails and texts lately claiming to beAttack.Phishingfrom your bank – and not just yours ? You ’ re not the only one . Action Fraud , the UK police ’ s dedicated fraud tracking team , has revealed a significant increase in reports about phishing attacksAttack.Phishingconnected to TSB ’ s massive IT outage have been reported . A total of 176 complaints have been received , or around ten a day since April 30 . “ There has been an uptick in phishing attemptsAttack.Phishingacross the piece , ” says an Action Fraud spokesperson . TSB ’ s banking meltdown , caused by a botched IT upgrade , still has not been remedied – nearly four weeks on . And the crisis has become paydirt for scammers and hackers , who have waded into a confusing , chaotic situation and are making out with thousands of pounds worth of savings from people ’ s accounts . And it ’ s not just TSB - the number of phishing texts claiming to beAttack.Phishingfrom other banks such as Barclays and NatWest also seems to be on the rise . “ When a ‘ change ’ goes wrong and so publicly like TSB ’ s , it ’ s like cyber blood in the water , ” explains Ian Thornton-Trump , chief technical officer of Octopi Managed Services , an IT company . “ Cyber criminals pay attention to companies rocked by internal scandals or public ‘ ball drops ’ and react accordingly. ” With the bank ’ s staff overloaded trying to fix the problems that caused the outage in the first place , fraudulent transactions aren ’ t being tracked or checked as quickly as they should be . “ It is a sad fact that fraudsters might try to take advantage of situations like these , ” says a TSB spokesperson . The scammers are using one of the most common tools in their arsenal : phishing attacksAttack.Phishing. They send outAttack.Phishingmass texts and emails to customers – many of whom identify themselves as TSB ’ s customers in increasingly irate social media posts – with links to legitimate-sounding but fraudulent websites . Customers are encouraged to click a link and input their username and password to process their complaints against the company – and lose control of their bank account . Lucy Evans , 23 , is one customer who has had her cash stolen . Her TSB current account was looted , and she ’ s receivedAttack.Phishinga number of texts purporting to beAttack.Phishingfrom TSB . She was defraudedAttack.Phishingby a combination of phone calls and texts . “ I think I was targeted whilst we couldn ’ t actually view our money , ” says Evans . “ Criminals are happy to exploit people ’ s misery , whatever form that might take , ” says professor Alan Woodward , a cybersecurity specialist from the University of Surrey . “ Criminals can pretend to beAttack.Phishingthe bank and ask customers to undertake strange actions that under normal operations would seem suspicious . Customers might be so delighted to actually be able to access their web banking that they might just let their guard down that little bit more than usual. ” TSB has to act more proactively to shut down fraudulent domains and to make the public more aware of the scams circulating , Woodward argues . “ TSB need to up their game in responding to customers – as that very lack of response can be used to lure customers in. ” For those who have fallen victim , the loss of money is adding insult to injury . “ I ’ m certain I ’ ll move banks , ” says Evans , who lost the contents of her current account . “ Most of the staff have been helpful and apologetic , but this should have been resolved by now . It seems they are not fit for purpose . ”
A massive phishing campaignAttack.Phishingtargeting Google accounts ripped through the internet on Wednesday afternoon . Several people online across a range of industries said they receivedAttack.Phishingemails containing what looked likeAttack.Phishinga link to a Google Doc that appeared to come fromAttack.Phishingsomeone they know . These , however , were malicious emails designed to hijack their accounts . It 's unclear exactly how the attack works at the moment , but it does appear to be highly sophisticated . A Reddit user has a good breakdown of what happens exactly when you click on the Google Doc button . In a few words , when you click on the link , the login screen takes you to a genuine Google domain , but that domain asks you to grant access to an app called Google Docs that is not the real Google Docs . And the `` Google Docs '' app reads all your email and contacts , and then self-propagates by sending more emails . We 've also heard reports that Google Drive was down , and experienced the outage ourselves , but can not yet confirm if that is related to the attack . ( It 'd be a hell of a coincidence , although Drive appears to be working again . ) `` We have taken action to protect users against an email impersonating Google Docs , and have disabled offending accounts , '' Google said in a statement sent to Motherboard . `` We 've removed the fake pages , pushedVulnerability-related.PatchVulnerabilityupdates through Safe Browsing , and our abuse team is working to prevent this kind of spoofingAttack.Phishingfrom happening again . We encourage users to report phishing emails in Gmail . '' In a subsequent statement , Google said that the phishing campaignAttack.Phishingwas halted `` within approximately an hour '' and that it `` affected fewer than 0.1 % of Gmail users . '' While that sounds low , considering that Gmail has around 1 billion users , that 's still around one million victims .
Google users today were hitAttack.Phishingwith an extremely convincing phishing spreeAttack.Phishinglaunched by attackers who manipulated Google Docs ' legitimate third-party sharing mechanism . Targets receivedAttack.Phishingmessages with the subject like `` [ Sender ] has shared a document on Google Docs with you '' often from senders they knew . The messages contained links , which led to a page that clearly requested access to the user 's Gmail account . If the target user provides access , the attackAttack.Phishingbegins sendingAttack.Phishingspam to all the user 's contacts . Theoretically , the attacker could also accessAttack.Databreachthe victim 's messages and stealAttack.Databreachsensitive data , but thus far there have been no reports of such activity . Because it takes advantage of Google 's legitimate third-party sharing mechanism , the phishing message is much more difficult to identify as malicious . The icons and messaging are familiar to Google users . Gmail itself did not filter the messages as phishingAttack.Phishingor flag them as spam , but rather sent them to Gmail users ' `` Primary '' inbox mail folders . The senders were familiar enough to have the target in their contact lists . One way to spot the attack : some targets report that the message includes a recipient with an address that begins `` hhhhhhhhhhhhhh '' and ends with the domain `` mailinator.com . '' Google responded with a fix and issued a statement : `` We have taken action to protect users against an email impersonatingAttack.PhishingGoogle Docs , and have disabled offending accounts . We ’ ve removed the fake pages , pushedVulnerability-related.PatchVulnerabilityupdates through Safe Browsing , and our abuse team is working to prevent this kind of spoofingAttack.Phishingfrom happening again . We encourage users to report phishing emails in Gmail . If you think you were affected , visit http : //g.co/SecurityCheckup '' Those who have already fallen victim to this attack should also go to their Google account permissions settings and revoke access to the false `` Google Docs '' application . They 're also advised to set up two-factor authentication .
A massive phishing campaignAttack.Phishingtook place today , but Google 's security staff was on hand and shut down the attacker 's efforts within an hour after users first reported the problem on Reddit . According to multiple reports on Twitter , the attacksAttack.Phishingfirst hitAttack.Phishingjournalists , businesses , and universities , but later spread to many other users as well . The attack itself was quite clever if we can say so ourselves . Victims receivedAttack.Phishinga legitimate ( non-spoofed ) email from one of their friends , that asked them to click on a button to receive access to a Google Docs document . If users clicked the button , they were redirected to the real Google account selection screen , where a fake app titledAttack.Phishing`` Google Docs '' ( not the real one ) asked the user 's permission to authorize it to access the shared document . In reality , the app only wanted access to the user 's Gmail inbox and contact list . After gaining accessAttack.Databreachto these details , the fake app copied the user 's contact list and sentAttack.Phishinga copy of itself to the new set of targets , spreading itself to more and more targets . The email was actually sentAttack.Phishingto `` hhhhhhhhhhhhhhhh @ mailinator.com , '' with the user 's email address added as BCC . Following the incident , Mailinator intervened and blocked any new emails from arriving into that inbox . Because of this self-replicating feature , the phishing attackAttack.Phishingspread like wildfire in a few minutes , just like the old Samy worm that devasted MySpace over a decade ago . Fortunately , one Google staff member was visting the /r/Google Reddit thread , and was able to spot a trending topic detailing the phishing campaignAttack.Phishing. The Google engineer forwarded the Reddit thread to the right person , and within an hour after users first complained about the issue , Google had already disabled the fake app 's ability to access the Google OAuth screen . Later on , as engineers had more time to investigate the issue , Google issued the following statement : We have taken action to protect users against an email impersonatingAttack.PhishingGoogle Docs & have disabled offending accounts . We ’ ve removed the fake pages , pushedVulnerability-related.PatchVulnerabilityupdates through Safe Browsing , and our abuse team is working to prevent this kind of spoofingAttack.Phishingfrom happening again . We encourage users to report phishing emails in Gmail . There are no reports that malware was deployed in the phishing attackAttack.Phishing. Cloudflare was also quick to take down all the domains associated with the phishing attackAttack.Phishing. Users that clicked on the button inside the phishing email can go to the https : //myaccount.google.com/permissions page and see if they granted the app permission to access their account . The real Google Docs is n't listed in this section , as it does not need permissions , being an official Google property .
A Twitter user by the name @ EugenePupov is trying to take credit for the massive phishing attackAttack.Phishingthat hitAttack.PhishingGmail users last night , and which attempted to trickAttack.Phishingusers into granting permission for a fake Google Docs app to access their Gmail inbox details . While Google intervened and stopped the self-spreading attack about an hour after it started — which is a pretty good response time — questions still linger about who was behind it . If there 's one thing we know for sure , is that the fake Google Docs app was registered using the email eugene.pupov @ gmail.com . The owner of the aforementioned @ EugenePupov Twitter account , who took credit for the attacks , claimed in a series of tweets [ assembled below ] it was only a test . While some might think this is an open & close case , it is not quite so . For starters , the Twitter account was registered yesterday , on the same day of the attack , which is n't necessarily suspicious , but it 's odd . Second , if you would try to reset that Twitter account 's password , you 'll see that the Twitter account is n't registered with the same address used in the phishing attacksAttack.Phishing. Registering a Twitter account with the eugene.pupov @ gmail.com email would n't haven been possible either way , as this Gmail address is n't registered at all . Furthermore , a Coventry University spokesperson told Bleeping Computer today that no person with the name Eugene Pupov is currently enrolled at their institution . Later they confirmed it on Twitter . If things were n't shady enough , the Twitter account used a profile image portraying a molecular biologist named Danil Vladimirovich Pupov , from the Institute of Molecular Genetics , at the Russian Academy of Sciences . When other users called out [ 1 , 2 ] the Twitter account for using another person 's image , the man behind the @ EugenePupov account simply changed it to a blank white image . To clarify what exactly is going on with the Twitter account images , we 've reached out to the real Danil Pupov hoping for some answers , as we were n't able to find any good reasons for why a molecular biologist would fiddle around with Gmail spam campaings and fake Google Docs apps . As things are looking right now , it appears that someone is either in the mood for a prank , or the real person behind the attack is trying to plant a false flag and divert the attention of cyber-security firms investigating the incident [ 1 , 2 ] . As for Google , after a more thorough investigation , the company says that only 0.1 % of all Gmail users receivedAttack.Phishingthe phishing email that contained the link to Pupov 's fake Google Docs app that requested permission to access users ' inboxes . That 's around one million users of Gmail 's one billion plus userbase .
Google has stopped Wednesday ’ s clever email phishing schemeAttack.Phishing, but the attack may very well make a comeback . One security researcher has already managed to replicate it , even as Google is trying to protect users from such attacks . “ It looks exactly likeAttack.Phishingthe original spoofAttack.Phishing, ” said Matt Austin , director of security research at Contrast Security . The phishing schemeAttack.Phishing-- which may have circulatedAttack.Phishingto 1 million Gmail users -- is particularly effective because it fooledAttack.Phishingusers with a dummy app that looked likeAttack.PhishingGoogle Docs . Recipients who receivedAttack.Phishingthe email were invited to click a blue box that said “ Open in Docs. ” Those who did were brought to an actual Google account page that asks them to handover Gmail access to the dummy app . While foolingAttack.Phishingusers with spoofed emails is nothing new , Wednesday ’ s attack involved an actual third-party app made with real Google processes . The company ’ s developer platform can enable anyone to create web-based apps . In this case , the culprit chose to name the app “ Google Docs ” in an effort to trickAttack.Phishingusers . The search company has shut down the attack by removing the app . It ’ s also barred other developers from using “ Google ” in naming their third-party apps . More traditional phishing email schemesAttack.Phishingcan strike by trickingAttack.Phishingusers into giving up their login credentials . However , Wednesday ’ s attack takes a different approach and abuses what ’ s known as the OAuth protocol , a convenient way for internet accounts to link with third-party applications . Through OAuth , users don ’ t have to hand over any password information . They instead grant permission so that one third-party app can connect to their internet account , at say , Google , Facebook or Twitter . But like any technology , OAuth can be exploited . Back in 2011 , one developer even warned that the protocol could be used in a phishing attackAttack.Phishingwith apps that impersonateAttack.PhishingGoogle services . Nevertheless , OAuth has become a popular standard used across IT . CloudLock has found that over 276,000 apps use the protocol through services like Google , Facebook and Microsoft Office 365 . For instance , the dummy Google Docs app was registered to a developer at eugene.pupov @ gmail.com -- a red flag that the product wasn ’ t real . However , the dummy app still managed to foolAttack.Phishingusers because Google ’ s own account permission page never plainly listed the developer ’ s information , unless the user clicks the page to find out , Parecki said . “ I was surprised Google didn ’ t show much identifying information with these apps , ” he said . “ It ’ s a great example of what can go wrong. ” Rather than hide those details , all of it should be shown to users , Parecki said . Austin agreed , and said apps that ask for permission to Gmail should include a more blatant warning over what the user is handing over . “ I ’ m not on the OAuth hate bandwagon yet . I do see it as valuable , ” Austin said . “ But there are some risks with it. ” Fortunately , Google was able to quickly foil Wednesday ’ s attack , and is introducing “ anti-abuse systems ” to prevent it from happening again . Users who might have been affected can do a Google security checkup to review what apps are connected to their accounts . The company ’ s Gmail Android app is also introducing a new security feature to warn users about possible phishing attemptsAttack.Phishing. It 's temptingAttack.Phishingto install apps and assume they 're safe . But users and businesses need to be careful when linking accounts to third-party apps , which might be asking for more access than they need , Cloudlock 's Kaya said . `` Hackers have a headstart exploiting this attack , '' she said . `` All companies need to be thinking about this . ''
Last late April a friend of mine had his iPhone stolen in the streets—an unfortunately familiar occurrence in big , metropolitan areas in countries like Brazil . He managed to buy a new one , but kept the same number for convenience . Nothing appeared to be out of the ordinary at first—until he realized the thief changed his Facebook password . Fortunately , he was able to recover and update it , as his phone number was tied to his Facebook account . But a pickpocket accessing his victim ’ s Facebook account is quite unusual . After all , why would a crook be interested with his victim ’ s Facebook account for when the goal is usually to use or sell the stolen device ? It didn ’ t stop there ; a day after , my friend curiously receivedAttack.Phishinga phishing SMS message on his new phone . What ’ s interesting here is the blurred line between traditional felony and cybercrime—in particular , the apparent teamwork between crooks and cybercriminals that results in further—possibly more sophisticated—attacks . Figure 1 : SMS message with a link to a phishing page The SMS message , written in Portuguese , translates to : “ Dear user : Your device in lost mode was turned on and found ; access here and view its last location : ” . The message was accompanied with a link pointing to hxxp : //busca-devices [ . ] pe [ . ] hu , which we found to be a phishing page with a log-in form asking for Apple ID credentials . We then checked the last location of his stolen iPhone , the official iCloud website indeed confirmed that it was where he had the phone snatched . Figure 2 : Phishing page asking for Apple ID credentials Connecting the dots , it appears the modus operandi is to physically steal the victim ’ s phone ( while in use , so they can still access the apps ) , uncover the device ’ s number , then try changing the password of installed social networking ( and possibly email ) apps—probably to extort the victim in the future—before turning the stolen device off as soon as possible . Attackers then try to grab the victim ’ s Apple ID credentials using a phishing page and a socially engineered SMS message pretending to beAttack.PhishingApple . Apart from perpetrating identity theft , getting their hands on Apple credentials allows them to disable the Activation Lock feature in iOS devices which would enable them to wipe the phone ( as part of an attack , or for them to reuse the device ) . Figure 3 : iCloud phishing page advertised in the Brazilian underground Interestingly , we came across an iCloud phishing page peddled for R $ 135 ( roughly equivalent to US $ 43 as of May 4 , 2017 ) during one our recent forays into the Brazilian underground . The phishing page offered for rent came with a video tutorial explaining how the service works . Coincidence ? While there may be no direct correlation , it wouldn ’ t be surprising if it somehow intersects with my friend ’ s iPhone scam situation—given how Apple credentials are one of the commodities sold in Brazil ’ s online underworld . In fact , this kind of attack has been reported in Brazil as early as 2015 . The moral of my friend ’ s story ? Traditional crime and cybercrimes are not mutually exclusive and can , in fact , work together in seemingly bigger attacks or malicious schemes . Another lesson learned ? Physical security strengthens cybersecurity . This rings true—even intuitive—not only to individual end users . Organizations understand that the risks of attacks are just as significant if their workplace ’ s perimeters aren ’ t as properly secure as their virtual/online walls . Indeed , today ’ s increasingly intricate—and in a lot of cases , brazen—attacks , whether physical or in cyberspace , call for being more proactive . Being aware of red flags in phishing scamsAttack.Phishing, securing the privacy of mobile apps , and adopting best practices for BYOD devices , are just some of them . These are complemented by physically securing mobile devices—from password-protecting important documents to employing biometrics or strong PINs to prevent unauthorized access to the device ’ s apps . Users can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Apple devices ( available on the App Store ) that can monitor and block phishing attacksAttack.Phishingand other malicious URLs . For organizations , especially those that use BYOD devices , Trend Micro™ Mobile Security for Enterprise provides device , compliance and application management , data protection , and configuration provisioning , as well as protect devices from attacks that leverage vulnerabilities , preventing unauthorized access to apps , as well as detecting and blocking malware and fraudulent websites . With help from our colleagues from PhishLabs , we were able to take down the phishing pages that were still online . We also disclosed to Apple our findings related to this threat . The domains we uncovered related to this scam are in this appendix .