• Top four file attachments that are widely used by threat actors to deliver their malicious payloads
    To provoke the recipients, usually, these emails include some enticing content or offer or gift. Once the victims are convinced, they are asked to click on an attachment (s) that come with the email.Read More
  • Quasar RAT: A sneak peek into the Remote Access Trojan’s capabilities
    Quasar Remote Access Trojan uses two methods to achieve persistence such as scheduled tasks and registry keys. Its capabilities include capturing screenshots, recording webcam, reversing proxy, editing registry, spying on the user’s actions, keylogging and stealing passwords.Read More
  • Rhode Island physician network alerts 3,000 patients of data breach
    Mackenzie Garrity - Friday, August 23rd, 2019 Print  | Email An unauthorized user gained access June 19 to a server that stored patient information at Providence-based Rhode Island Ear, Nose and Throat Physicians, according to the HIPAA Journal. The physician network is alerting 2,943 patients about the data breach. RIENT was able to secure the network the same day the hackers gained access.  Upon further investigations, RIENT discovered the server contained medical records of patients who received care between May 1 and June 12. There is no indication that patient information has been viewed, copied or misused.  Patient data stored in the server included names, dates of birth and clinical information.Read More
  • IRS Warns Taxpayers of New Scam Campaign Distributing Malware
    The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads. This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages with "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder" subjects, coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses. "The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer's refund, electronic return or tax account," says IRS' warning. "The emails contain a 'temporary password' or 'one-time password' to 'access' the files to submit the refund. "The IRS does not send emails about your tax refund or sensitive financial information," stated IRS Commissioner Chuck Rettig.Read More
  • Sonoma Valley Hospital Website, Email Addresses Hijacked
    Currently, hospital officials are encouraging patients to update their contact details for Sonoma Valley, as previous emails sent to SVH.org are not being received. AMCA Data Breach Adds Integrated Regional Laboratories Patients About 30,000 Integrated Regional Laboratories’ patients have been added to the massive American Medical Collection Agency data breach, which has already claimed nearly 25 million patient records from about 22 covered entities. AMCA notified IRL of the breach on June 3 and confirmed IRL patient data was breached on June 13. The compromised data included information from patients or those financially responsible for their care, such as names, contact details, amounts owed to IRL, dates of service, and patient account numbers. Email Hack on Mid-Valley Behavioral Care Network Nearly 11,000 Mid-Valley Behavioral Care Networks (BCN) are being notified of a potential breach of their data, after a phishing attack on two employee email accounts. An investigation determined the accounts contained the patient information from 10,710 Willamette Valley Community health plan members and the data of 2,092 OHP providers.Read More
  • WordPress Plugins Exploited in Active Attack Redirecting Traffic
    Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic. Impacted by the campaign is a plugin called Simple 301 Redirects – Addon – Bulk Uploader as well as several plugins made by developer NicDark (now rebranded as “Endreww”). “So attacks probing for all of them began pretty quickly, despite many of the plugins having fairly small install bases.” Veenstra told Threatpost that he found at least five plugins by NicDark with flaws being exploited as part of the campaign. “In effect, this replaces all of a site’s loaded JavaScript with a file under the attacker’s control.” The other impacted plugin, Simple 301 Redirects – Addon – Bulk Uploader, developed by Webcraftic, adds functionality to a plugin called the Simple 301 Redirects plugin, which enables the redirect of requests to another pages. The plugin has a recently-patched vulnerability that enables unauthenticated attackers to inject their own 301 redirect rules onto a victim’s website.Read More
  • Regis University’s technology systems targeted by “malicious threat” likely from outside the country
    A forensic investigation at Denver’s Regis University confirmed Friday that the private college’s technology systems were attacked by a “malicious threat” likely from outside the country. “Immediately upon discovering this issue, we quickly and intentionally took our information technology systems offline in an effort to protect the university and your information while we initiated an investigation and notified law enforcement,” Regis said in a statement Friday. It will be restored in stages in a systematic, careful manner.” The “external data security threat” prompted Regis to yank down its technology services — including its website, phone lines, email services and online programs that students use to submit work and professors grade it. On campus Friday — Day 2 of Regis’ information services being down — parents toted Clorox wipes and bookshelves as students moved into the dorms, many unaware of any technological problems.Read More
  • Instagram Phishing Emails Use Fake Login Warning Baits
    In this case, the phishing e-mails distributed by the attackers behind this campaign use fake Instagram login alerts stating that someone attempted to log in to the target's account, asking them to confirm their identity via a sign-in page linked within the message. Authentication codes used to add legitimacy These messages are designed to look as close as possible to what official messages coming from Instagram to avoid raising any suspicions before the target is redirected to the attackers' phishing landing page. Instagram phishing email sample Once on the phishers' landing page, the targets see a perfectly cloned Instagram login page secured with a valid HTTPS certificate and displaying a green padlock to alleviate any doubts that it's the real deal. Phishing page vs Instagram login page What to do after being phished or hacked This is not the first or the last phishing campaign targeting Instagram users and some users are bound to fall for the scam given that the crooks come back with new attacks.Read More
  • Lenovo High-Severity Bug Found in Pre-Installed Software
    Security researchers at Pen Test Partners have found a privilege escalation flaw in the much-maligned Lenovo Solution Center software. Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. Research come from Pen Test Partners, who found the flaw (CVE-2019-6177) and said the vulnerability is tied to its much-maligned Lenovo Solution Center (LSC) software. “The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control,” wrote researchers at Pen Test Partners in a technical description of the bug posted Thursday. “When the Lenovo process runs, it overwrites the privileges of the hardlinked file with permissive privileges, which lets the low-privileged user take full control of a file they shouldn’t normally be allowed to,” researchers wrote. Lenovo’s LSC software has been a source of many headaches for Lenovo.Read More
  • New Tool From Cisco Hunts Flaws in Automotive Computers
    Cisco has released a new hardware tool designed to help researchers, developers and automakers discover vulnerabilities in automobile computers. The global connected car market is expected to exceed $225 billion by 2025 and Cisco aims to help secure this emerging technology, with the release of a new hardware tool called 4CAN. Released as open-source, the tool is meant for all automobile security researchers who want to test their on-board computers for potential vulnerabilities. Access to the vehicle computer, Cisco notes, is possible via Wi-Fi, Bluetooth, or cellular communication protocols, but the backbone of a vehicle’s network is a Controller Area Network (CAN). Typically, a car has multiple CAN buses combined with a gateway, and vehicles that Cisco’s researchers tested have 4 CAN buses. With a single Raspberry Pi, we can simultaneously test four CAN channels, and since the 4CAN exposes the entire 40-pin GPIO header, we can remotely control the test vehicle,” Cisco explains.Read More