Category: News

Coronavirus [COVID-19] Phishing Emails

The current COVID-19 pandemic has cybercriminals on the loose. They have been taking advantage of this global crisis, preying on people’s fear, in order to obtain personal information and infect computers for profit. They scam people by sending phishing emails claiming to be from legit sources like the World Health Organization (WHO) or from the Centers for Disease Control and Prevention (CDC). These spoofed emails supposedly contain safety measures and treatment for the virus, travel advisories, or the latest health bulletin. It may also have advertising links selling bogus COVID-related products like vitamins and supplements.

When receiving such emails, one must exercise these safety precautions:

  • Always bear in mind that health agencies like the CDC and WHO will never ask for personal details or login credentials thus do not give out any information. You may go directly to the agency’s official website if you need to verify facts and data.
  • Double check the sender’s email address by hovering over its name. Scammers will type in a fake one that closely resembles that of a legitimate source so watch out for spelling errors. Simply ignore or delete emails from senders you don’t know.
  • Avoid clicking any of the links included in the suspicious email you have received. Do not also open any attachments as this may download a malware into your device. Once installed, this would allow cybercriminals to monitor your computer activity and record your keystrokes giving them eventual access to your personal info like banking details.
  • Make sure that your computer is always up to date with the latest antivirus and anti-spyware programs. Watch out for the latest security updates, apply necessary patches, and have a good firewall.
  • News coverage about the coronavirus is truly overwhelming. Make yourself informed by going directly to reliable sources. Be vigilant not to fall prey into any of the phishing scams these cybercriminals are trying to exploit in the midst of public paranoia and panic.

    Shlayer Trojan: Mac Malware Infecting 10% of Mac Users

    A lot of computer users assume that Macs rarely or don’t get infected at all with malware. But this is not the case. Just recently, antivirus provider Kaspersky has cited in their report that in 2019, the top Mac malware infecting 1 in 10 macOS users is the Shlayer trojan. According to their press release, OSX/Shlayer is the “most widespread for macOS users. A smart malware distribution system, it spreads via a partner network, entertainment websites and even Wikipedia, demonstrating that even users that only visit legal sites still need additional protection online.

    What happens is that Apple users are being directed to fake pages from their search results. From there, they could not proceed in accessing the site because their Adobe Flash Player must supposedly be updated first. Clicking the “Download Flash” button to update will actually download the Shlayer Trojan itself. When this trojan is executed, it will install a malware cocktail onto the computer.

    To protect one’s self from getting infected with Trojans such as Shlayer, whether you’re a Mac or Windows users, make sure to install a reliable antivirus (AV) program on your PC and keep it updated. Perform necessary updates to your AV software if necessary. It is also a good practice to always check websites you visit that they are safe and only install browser extensions, programs, games, apps, and updates from a trusted source.

    Special Olympics NY Server Compromised, Sends Phishing Emails

    Special Olympics New York, a non-profit organization that helps provide opportunities for people with intellectual disabilities and their communities to compete in Olympic-style, coached sports had its email server hacked during the holidays. The hackers were able to compromise and launch a phishing campaign targeting its donors. It tells the recipients that an automatic donation of $1,942.90 would register on their accounts in the next two hours. The phishing email tricks the victims into clicking the hyperlink which is supposedly the PDF statement verifying the transaction details.

    In a post via their Instagram account, Stacey Hengsterman, President & CEO of Special Olympics NY, published this: “Boo! As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies. While donating to Special Olympics NY is always a good idea, we would never ask in such a grinchy way.

    They urged the donors to disregard the emails they received and assured them that the issue has already been fixed. They can now continue donating again securely without any complications. Furthermore, Special Olympics NY explained that the incident has only impacted their communication system and hasn’t affected any financial data. Contact information remained protected and kept confidential.

    First Aid Beauty, P&G’s online beauty store, Hacked

    It seemed that hackers were successful in stealing customer payment information by planting an e-skimmer on prestige skin-care brand First Aid Beauty’s website. This popular beauty line was recently acquired by Procter & Gamble (P&G) reportedly at $250 million.

    It is again the notorious Magecart software skimmer who is responsible for this attack on P&G’s e-commerce site. It specifically targets victims from the United States using the Windows OS. The malicious code went undetected for several months.

    Procter & Gamble has already issued their statement via BleepingComputer which says: “Consumer trust is fundamental to us, and we take data privacy very seriously. As soon as we learned about the compromise of the First Aid Beauty site, we moved quickly to take the site down and minimize the impact to our consumers. We are currently investigating the source of the malware and working to identify and notify those consumers who might have been impacted to ensure we provide them the necessary support.

    TransUnion Credential Stuffing Attack: Credit Information Exposed

    Credential Stuffing, a cyberattack where login details are stolen through a data breach, was on topic in the news recently. An unauthorized person used this attack to successfully gain access to a TransUnion Canada web portal where it was able to pull consumer credit files when doing a credit search. This includes a consumer’s Social Insurance Number (SIN), birthdate, current and past addresses.

    The credit bureau has already reached out to their affected consumers whose information was exposed in this credential stuffing attack through postal mail.

    “Simjacker” Could Silently Affect 1 Billion Mobile Devices Worldwide

    Cybersecurity researchers from Dublin-based firm AdaptiveMobile Security have recently uncovered a new and previously undetected vulnerability and associated exploits, called Simjacker. What Simjacker does is track phones by simply sending an SMS. Based on the report, these specially crafted texts “instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands”. Once compromised, important information like geographical locations can be obtained and it may also force the phone to make calls or send text messages. 

    How Simjacker works from https://simjacker.com

    Simjacker is reportedly being exploited by groups as surveillance to spy and track targeted individuals. It is estimated that about a billion mobile devices worldwide will be vulnerable to this attack.

    Actress Bella Thorne Defies Hacker, Tweets Her Personal Photos

    The 21-year-old actress and singer is not giving in to a hacker’s threat that it will release her nude photos. Bella Thorne posted them herself, via her official Twitter account, together with the screenshots of text messages the hacker sent to her. In the said post, Thorne tweeted, “For the last 24 hours, I have been threatened with my own nudes I feel gross, I feel watched, I feel someone has taken something from me that I only wanted one special person to see”. The hacker was apparently demanding money in exchange not to post Thorne’s personal photos.

    “I’m putting this out because it’s MY DECISION NOW YOU DON’T GET TO TAKE YET ANOTHER THING AWAY FROM ME. I can sleep better knowing I took my power back. U can’t control my life u never will.”

    “Here’s the photos he’s been threatening me with”, the tweet continued.

    Thorne’s fans fully expressed their support against this extortion. The former Disney star was in New York over the weekend promoting her book The Life Of A Wannabe Mogul: Mental Disarray when the harassment happened.

    No Pre-Installed Facebook App on New Huawei Phones

    New Huawei phones will no longer be pre-installed with the Facebook app along with its subsidiaries Instagram and WhatsApp. This applies to devices that hasn’t left the factory yet. Facebook’s decision is the latest blow to the Chinese telecom giant after facing a ban in the United States, due to national security concerns, for its purchase of American parts such as microchips and software. For software, Google has revoked licenses for Huawei to install its software. This includes Gmail and Google’s application marketplace, the Google Play app store. It will only run until August.

    The Facebook, WhatsApp and Instagram restriction is only for pre-installs. Huawei users can still download the social media apps, and will continue to receive updates, from the Play store and use them normally while it’s still available for download. With the current ban, future models can no longer access the Google Playstore.

    Title-Insurance Company May Have Exposed Hundreds of Millions Financial Records

    Fortune 500 real estate title-insurance giant and Santa Ana, California-based First American Financial Corporation’s website may have leaked 885 million records online. These digitized records are documents related to mortgage deals of home/property buyers and sellers dating way back from 2013. They can be accessed on the web by anyone without any authentication in place. Such personal personal information include emails and home addresses, bank account details, mortgage and tax records, Social Security numbers, and drivers license image.

    When they learned of the flaw that exposed hundreds of millions of financial records, the company shut down external access to the application and has already fixed the said vulnerability in its website as of Friday afternoon.

    “We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed”, First American said through an emailed statement.

    Ransomware Hits Local Authorities in Texas & Maryland

    Two local US government servers were recently hit by ransomware attacks. They were from Potter County, Texas and Baltimore City Hall, Maryland. Baltimore City Hall shut down most of its servers out of precaution while in Potter County, the entire network was shut down which forced its employees to perform their tasks manually.

    Baltimore City Hall initial statement says “critical services, such as police, firefighters, etc., operate normally; however, the computer network of the city is infected by a variant of ransomware. We do not have evidence that a data breach has been presented, but we will continue to take precautions; more information will be revealed shortly”.

    It was later disclosed that Baltimore City’s computers were encrypted by the RobbinHood ransomware.

    In Potter County, their computers are already about to complete its recovery process. However, following the attack, with the entire network on off limits, all 550 employees were forced to use paper and pencils temporarily.

    “This is what we’re using now. Paper and pencil, we’re going old fashion around here. Seriously, that’s what we’re having to do,” said Potter County Sheriff Brian Thomas at the time.

    It is unknown whether both of these attacks are linked to recent attacks on the computer infrastructure of some local governments in the U.S.