By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Phishing campaigns, some launched as recently as March, aimed at stealing credentials from Verizon mobile customers by spoofing the company's support service. Being mobile-focused and using an identifier for an official service from Verizon is what prompted researchers to categorize it as sophisticated above average. The link delivering the phishing kit includes the abbreviation 'ecrm,' which Verizon uses as a sub-domain - ecrm.verizonwireless[.]com - for its Electronic Customer Relationship Management platform. Researchers at Lookout mobile security company noticed one such attack in late November 2018; another one occurred in February this year and the activity intensified in March when three waves were recorded in two consecutive days. Loaded on the desktop, the phishing page looks suspicious, but on mobile devices, it renders as if it were genuine and could easily fool the receiver into sending the attacker the login credentials (phone number or user ID, and password) for the Verizon account. "This kit targeted Verizon customers through malicious links masquerading as Verizon Customer Support. This shows that the attackers did their research," writes Jeremy Richards, a principal security researcher at Lookout. Verizon customers are constantly targeted by phishing campaigns and the company is perfectly aware of this. A page is available with variations of the fraud attempts to warn users to be on guard. Customers of AT&T have also been targeted in a phishing campaign that was active on Monday. Microsoft researchers found it via Windows Defender Advanced Threat Protection platform. For more including domain names visit OUR FORUM.

Cybersecurity is in a terrible state, possibly the worst it's ever been. Literally not a day goes by without another report of a security breach or a data spill or a hack spilling corporate secrets. There is plenty of blame to go around, of course. Let's start with the obvious ones, the crooks and scammers – from petty criminals to organized crime – who are able to extort us with ransomware or steal corporate data or our credit-card details with phishing attacks. Few police forces have the time, money and skill to catch these groups or bring them to justice. Then there are state-backed hackers who switch between espionage and cyber warfare – and the governments that either turn a blind eye to their activities or positively encourage them. Who else to blame? Perhaps the tech companies that are desperate to rush a new product to market to beat their rivals, and think that cutting corners on testing security is a good way to do it. And it's not just startups, either; witness the constant stream of security patches that flow from all the big tech companies every month, fixing problems with software that simply wasn't secure enough when it was sold. What about the enterprise? There are software patches for all of the most regularly abused software flaws, just as there was a patch for the flaw that allowed WannaCry to spread. And yet those flaws go unpatched because firms don't want to spend the time and money fixing those flaws and patching those systems. Follow up on OUR FORUM.

Those who remember earlier days of the internet are familiar with the “Nigerian Prince letter,” also known as the 419 scam. While that fraud typically runs from personal email accounts, another one uses an official Nigerian government website to host a phishing page for the DHL international courier service. Nigeria has a large culture of fraud, which is defined in the country's criminal code at number '419,' under Chapter 38: Obtaining Property by false pretenses; Cheating," but this is ridiculous. For over two weeks, the Nigerian National Assembly (NASS) site has been serving a fraudulent page that asks for DHL account credentials. This is just a landing location, most likely pushed through spam. The phishing resource is "u.php" and it is present on multiple legitimate websites that have been hacked to host it. We also found it on domains that look like they've been registered specifically for DHL phishing purposes. At the moment of writing, loading most of them triggered the "Deceptive site" warning in Chrome and Firefox, but not all of them have been indexed as unsafe, yet. Security researcher MalwareHunterTeam found the phishing page on the NASS website and noticed a history of malicious URLs available on the official domain. Read more on OUR FORUM.

TP-Link's SR20 Smart Home Router is impacted by a zero-day arbitrary code execution (ACE) vulnerability which allows potential attackers on the same network to execute arbitrary commands as disclosed on Twitter by Google security developer Matthew Garrett. Garrett disclosed the ACE 0-day after TP-Link did not provide a response during the 90 days since his report and, as he explained in the Twitter thread, the zero-day stems from the fact that "TP-Link routers frequently run a process called "tddp" (TP-Link Device Debug Protocol) as root" which has been previously found to contain multiple other vulnerabilities. TDDP allows running two types of commands on the device: type 1 which do not require authentication and type 2 which ask for administrator credentials. As detailed by Garret, the vulnerable router exposes a number of type 1 commands, with one of them—command 0x1f, request 0x01—"appears to be for some sort of configuration validation," allowing would-be attackers to send a command containing a filename, a semicolon, and an argument to initiate the exploitation process. This will instruct the TP-Link router to the machine sending the specially crafted request over Trivial File Transfer Protocol (TFTP). Once connected to the potential attacker's machine, the SR20 smart hub "requests the filename via TFTP, imports it into a LUA interpreter and passes the argument to the config_test() function in the file it just imported. The interpreter is running as root." Next, the os.execute() method will allow unauthenticated attackers to execute any command they want as root, leading to a full take over of any compromised TP-Link SR20 devices. For more visit OUR FORUM.

Six months after Microsoft first released Windows 10 1809 to the mainstream, that Windows 10 feature update from last fall finally been deemed as ready for broad deployment. On March 28, Microsoft officials said they would be changing the Windows 10 release information page to note that it was ready for rollout by the vast majority of customers, including businesses. Microsoft finalized the code for Windows 10 1809, also known as the Windows 10 October 2018 Update, in September 2018 and started to roll it out to consumers on October 2, 2018. Shortly after mainstream rollout began, Microsoft had to pull Windows 10 1809 -- and its Server equivalent, Windows Server 2019/1809 -- because of a bug that caused some users to lose their data and encounter issues involving ZIP compressed files. In mid-November 2018, Microsoft re-released Windows 10 1809 and Windows Server 2019, taking a very cautious and slow approach to making them available to mainstream users. Microsoft restarted its support timeline clock, making November 13 as the revised start of servicing date for both the Semi-Annual Channel and Long-Term Servicing Channel for the products. Microsoft officials recently announced that, as of Windows 10 1903, they would be discontinuing the Semi-Annual Channel Targeted (SAC-T) designation which some businesses were using as part of the way they roll out feature updates to Windows 10. Microsoft officials publicly said they dropped SAC-T because they're trying to align the way they talk about Windows 10 and Office 365 servicing. Today in a very short blog post about the broad-deployment status for 1809, Microsoft officials did note that they'd "continue to communicate for future releases the transition from targeted to broad deployment status." Further details posted on OUR FORUM.

Federal Reserve Bank (FRB) systems are exposed to an increased risk of unauthorized access because of security weaknesses found in the U.S. Treasury Department's computing systems according to a management report issued by the U.S. Government Accountability Office (GAO). GAO used "an independent public accounting (IPA) firm, under contract, to assist with information system testing, including follow-up on the status of FRBs’ corrective actions to address control deficiencies contained in our prior years’ reports that were not remediated as of September 30, 2017." As part of its audit for the fiscal year that ended on September 30, 2018, performed an extensive review of all computing system controls over key financial systems maintained and operated by FRBs connected to the Schedule of Federal Debt. During the fiscal year 2018 audit, GAO found "one new information system general control deficiency" affecting configuration management which is designed to block unauthorized or untested modifications to critical information on computing systems. GAO also discovered two not yet addressed deficiencies found in the prior year in information system controls over key financial systems, operated by FRBs and also relevant to the Schedule of Federal Debt. Fiscal Service's information system controls were also found to contain deficiencies which, when taken into account with previously unearthed unresolved control deficiencies, collectively classify as a significant flaw in internal control over Schedule of Federal Debt's financial reporting. Visit OUR FORUM to learn more.