Security News

Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet. A report from Fortinet on the threat landscape for the final quarter of 2019 reveals that cybercriminals will exploit every possible opportunity, both new and old, to attack organizations and users alike.

Tax season is upon us and cybercriminals have taken notice, unleashing a tidal wave of attacks targeting every US citizen and tax prep company. "This information is also valuable and could be used or resold for identity fraud purposes. Additionally, the employees legitimate tax documents can also be found here. This could be used by the attackers to file fraudulent tax returns on the employee's behalf to direct their tax returns to the attacker's coffers." Threat researchers at Zix-AppRiver released a report last week detailing their efforts monitoring and actively battling a series of Business Email Compromise attacks on CPAs and law firms over the past month.

Cybercriminals were already using convincing but fake emails from the WHO, CDC and Japanese government to trick people into downloading PDF, MP4 and Microsoft Word DOCX files. The shipping and manufacturing industry have taken massive hits because of the quarantines in China, and cybercriminals have sought to exploit that by bombarding companies with malware, spam and fake emails with links to sites like Office 365, Adobe and DocuSign hoping to steal emails and passwords.

Which ten software vulnerabilities should you patch as soon as possible? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

Be extra careful when looking for a job online, the Internet Crime Complaint Center warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money. "While hiring scams have been around for many years, cyber criminals' emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels," they noted.

Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according to a report by blockchain analysis firm Chainalysis. The emergence of these types of rogue cryptocurrency exchanges, along with technical advances, have made tracking virtual currency used in cybercrime, as well as terrorist financing, more difficult for law enforcement, the Chainalysis report finds.

Last year, Microsoft did roll out phishing detection to Microsoft Forms, an online product that lets people create surveys, quizzes, and polls. "Contrary to Avanan's marketing claims, Microsoft does not automatically trust any domain, including the Office and Sway domains. All links are analyzed, assessed and compared to known attack vectors, including local domains. Additionally, Microsoft performs a complete assessment of Sway content, including the scanning of links on the pages."

At CES 2020 in Las Vegas, TechRepublic's Teena Maddox spoke with Security Researcher on McAfee's Advanced Threat Research Team Sam Quinn about McAfee's Just in Time jamming technique and what consumers should keep in mind as they live a more connected lifestyle. Sam Quinn: We implemented a Just in Time jamming technique for the state sensor of the MyQ garage door device.

How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.

Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. Dobieski however believes that with the shift in liability for attacks on card data looming, gas stations will indeed spend the next 10 months either finally upgrading their fuel pumps to chip-and-PIN, or, finding a workaround, such as implementing tokenization or point-to-point encryption.