Malware Devil

Saturday, October 31, 2020

Four Days to the Election— Don’t Fall for These Phishing Scams

With the Presidential election just a few days away, bad actors are ramping up their efforts to lure in victims with phishing attacks designed to harvest credentials and personal information that could lead to the next large-scale breach. The threat is so prevalent that the Better Business Bureau, the Identity Theft Resource Center and the National Association of State […]

The post Four Days to the Election— Don’t Fall for These Phishing Scams first appeared on SlashNext.

The post Four Days to the Election— Don’t Fall for These Phishing Scams appeared first on Security Boulevard.

Read More

The post Four Days to the Election— Don’t Fall for These Phishing Scams appeared first on Malware Devil.



https://malwaredevil.com/2020/10/31/four-days-to-the-election-dont-fall-for-these-phishing-scams-2/?utm_source=rss&utm_medium=rss&utm_campaign=four-days-to-the-election-dont-fall-for-these-phishing-scams-2

Safely Celebrate Halloween Online | Avast

Halloween is looking a little different this year, as communities decide what’s safe and what isn’t in the midst of the global Covid-19 pandemic. And, like many of our activities now, there are ways to celebrate Halloween online — safely.

The post Safely Celebrate Halloween Online | Avast appeared first on Security Boulevard.

Read More

The post Safely Celebrate Halloween Online | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/safely-celebrate-halloween-online-avast-8/?utm_source=rss&utm_medium=rss&utm_campaign=safely-celebrate-halloween-online-avast-8

Four Days to the Election— Don’t Fall for These Phishing Scams

With the Presidential election just a few days away, bad actors are ramping up their efforts to lure in victims with phishing attacks designed to harvest credentials and personal information that could lead to the next large-scale breach. The threat is so prevalent that the Better Business Bureau, the Identity Theft Resource Center and the National Association of State […]

The post Four Days to the Election— Don’t Fall for These Phishing Scams first appeared on SlashNext.

The post Four Days to the Election— Don’t Fall for These Phishing Scams appeared first on Security Boulevard.

Read More

The post Four Days to the Election— Don’t Fall for These Phishing Scams appeared first on Malware Devil.



https://malwaredevil.com/2020/10/31/four-days-to-the-election-dont-fall-for-these-phishing-scams/?utm_source=rss&utm_medium=rss&utm_campaign=four-days-to-the-election-dont-fall-for-these-phishing-scams

Safely Celebrate Halloween Online | Avast

Halloween is looking a little different this year, as communities decide what’s safe and what isn’t in the midst of the global Covid-19 pandemic. And, like many of our activities now, there are ways to celebrate Halloween online — safely.

The post Safely Celebrate Halloween Online | Avast appeared first on Security Boulevard.

Read More

The post Safely Celebrate Halloween Online | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/safely-celebrate-halloween-online-avast-7/?utm_source=rss&utm_medium=rss&utm_campaign=safely-celebrate-halloween-online-avast-7

Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Security Boulevard.

Read More

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-9/?utm_source=rss&utm_medium=rss&utm_campaign=why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-9

Safely Celebrate Halloween Online | Avast

Halloween is looking a little different this year, as communities decide what’s safe and what isn’t in the midst of the global Covid-19 pandemic. And, like many of our activities now, there are ways to celebrate Halloween online — safely.

The post Safely Celebrate Halloween Online | Avast appeared first on Security Boulevard.

Read More

The post Safely Celebrate Halloween Online | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/safely-celebrate-halloween-online-avast-6/?utm_source=rss&utm_medium=rss&utm_campaign=safely-celebrate-halloween-online-avast-6

Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Security Boulevard.

Read More

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-8/?utm_source=rss&utm_medium=rss&utm_campaign=why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-8

Safely Celebrate Halloween Online | Avast

Halloween is looking a little different this year, as communities decide what’s safe and what isn’t in the midst of the global Covid-19 pandemic. And, like many of our activities now, there are ways to celebrate Halloween online — safely.

The post Safely Celebrate Halloween Online | Avast appeared first on Security Boulevard.

Read More

The post Safely Celebrate Halloween Online | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/safely-celebrate-halloween-online-avast-5/?utm_source=rss&utm_medium=rss&utm_campaign=safely-celebrate-halloween-online-avast-5

Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Security Boulevard.

Read More

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-7/?utm_source=rss&utm_medium=rss&utm_campaign=why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-7

Friday, October 30, 2020

Safely Celebrate Halloween Online | Avast

Halloween is looking a little different this year, as communities decide what’s safe and what isn’t in the midst of the global Covid-19 pandemic. And, like many of our activities now, there are ways to celebrate Halloween online — safely.

The post Safely Celebrate Halloween Online | Avast appeared first on Security Boulevard.

Read More

The post Safely Celebrate Halloween Online | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/safely-celebrate-halloween-online-avast-4/?utm_source=rss&utm_medium=rss&utm_campaign=safely-celebrate-halloween-online-avast-4

Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Security Boulevard.

Read More

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-6/?utm_source=rss&utm_medium=rss&utm_campaign=why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-6

Apple neglects to fix “fake headlines” bug usable for election interference

Security & Privacy

Election 2020 Safari iOS Fake Headline Exploit Demonstration

For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines that appear to come from credible sources.

Although we covered the flaw nearly two years ago, it’s worth questioning why Apple still has not fixed it. This is especially concerning given that we’re in the final days leading up to the 2020 U.S. presidential election.

Other “Big Tech” companies (in particular Twitter, Facebook, and Google) have recently been accused of engaging in or enabling election interference. Perhaps Apple’s neglect should be examined in this context as well.

How does the exploit work?

Originally discovered in February 2019 by the editorial team at MacRumors, there exists an implementation flaw in a Safari browser feature related to link sharing.

The mobile version of Safari (for iPhone, iPad, and iPod touch) allows users to select text from within a Web page before tapping on the Share button, as a means of highlighting a particular portion of a page for the recipient of an iMessage. The feature is intended to allow users to include a quote from an article in the iMessage link preview.

However, Apple does not limit the preview text selection to the contents of the page as received from the Web server, and therein lies the flaw. Users can type something into a page’s search bar (or any other text field), select the text they just typed, tap the browser’s Share button, and then tap the green-and-white Messages icon to send it to an iMessage recipient of their choice.

https://www.intego.com/mac-security-blog/wp-content/uploads/2019/02/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4

The bug as it appeared in iOS 13. It still works the same in iOS 14.1.

Nothing prevents a user from typing a misleading headline or other deceptive text into a field and making it part of the page preview.

It’s worth mentioning that the Messages app on macOS desktop and laptop computers (e.g. iMac, MacBook, etc.) will also display misleading previews sent from Safari on an iOS or iPadOS device.

Why hasn’t Apple done anything to stop this?

When MacRumors editors originally discovered this, they called the flaw “fun” and noted that it could easily be exploited for harmless pranks. However, as we pointed out in February 2019, we feel that all iMessage users should take caution, as the flaw could also potentially be used in more sinister attacks.

We warned last year that this could be exploited as a means to try to get financial investors to buy or sell stocks in a panic based on false headlines, for example.

Now, in the context of a contentious presidential election, it’s disturbing to see that Apple still has not fixed this flaw. Apple has not even announced plans to mitigate the issue.

The flaw has evidently been present in iOS for years; today we tested devices running the final version of iOS 12 (12.4.8), the current version of iOS (14.1), and even the most recent beta version of iOS (14.2 beta 4). All of these versions of iOS—and corresponding versions of iPadOS—can be used to spread fake news headlines.

Since it seems like this would be an easy thing for Apple to fix (by simply disallowing user input to be part of a link preview), it’s difficult to imagine why Apple has ignored the flaw for nearly two years.

We invited Apple to comment on this story, but company representatives had not responded by publication time. If Apple provides a statement, we will update this article.

Most major news sites are affected

The majority of news sites we tested were vulnerable to this attack.

Following are screenshots showing, as a demonstration, example fake headlines that could be sent from the ABC News, CNN, Fox News, Los Angeles Times, MSNBC, and New York Times homepages.

Although most of these example headlines are a bit silly and unrealistic, one can imagine much more subtle and deceptive headlines that could influence people into changing how they might vote on election day.

Election 2020 Safari iOS Fake Headline Exploit Demonstration

Exploit demo; not seen in the wild. Watermarked to prevent abuse.

A few sites we tested, such as the the main homepages of CBS News and Forbes, seem to be resistant to the bug. More research needs to be done to determine why some sites are resistant while most are not.

Has the attack been used against the 2020 election?

It is impossible to know with any degree of certainty whether this bug has been exploited to spread misinformation to Apple users about this (or any other) election.

Although we have not yet been made aware of any real-world abuse of this exploit, we do know that this bug has been widely known for 20 months, and Apple has chosen not to do anything about it. Apple’s neglect has left ample opportunity for domestic or foreign threat actors to engage in targeted campaigns to deceive individuals in specific communities or demographics, including in swing states.

If you hear of any abuse of this bug for any unethical purposes, whether election interference or stock manipulation or otherwise, please report it to the FBI’s Internet Crime Complaint Center (IC3), and consider leaving a detailed comment on this article. You can also contact the author of this article via Twitter direct message.

How can I learn more?

You can find our original coverage of this Safari bug, from February 2019, here:

iOS Safari flaw allows deceptive news headlines in Messages

Subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates to this story and all the latest Apple security news.

You can also subscribe to the Intego Mac Podcast in Apple Podcasts, Amazon Music or Audible, or wherever else you listen to make sure you never miss the latest episode. We discussed this Safari bug way back in episode 71:

Follow Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos).

About Joshua Long

Joshua Long (@theJoshMeister), Intego’s Chief Security Analyst, is a renowned security researcher and writer. Josh has a master’s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh’s security research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh’s articles at security.thejoshmeister.com and follow him on Twitter.
View all posts by Joshua Long →

Read More

The post Apple neglects to fix “fake headlines” bug usable for election interference appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference/?utm_source=rss&utm_medium=rss&utm_campaign=apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference

Safely Celebrate Halloween Online | Avast

Halloween is looking a little different this year, as communities decide what’s safe and what isn’t in the midst of the global Covid-19 pandemic. And, like many of our activities now, there are ways to celebrate Halloween online — safely.

The post Safely Celebrate Halloween Online | Avast appeared first on Security Boulevard.

Read More

The post Safely Celebrate Halloween Online | Avast appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/safely-celebrate-halloween-online-avast-3/?utm_source=rss&utm_medium=rss&utm_campaign=safely-celebrate-halloween-online-avast-3

Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Security Boulevard.

Read More

The post Why Cyber Risk and Compliance Needs to Be the Foundation for Healthcare Digital Transformation Initiatives appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-5/?utm_source=rss&utm_medium=rss&utm_campaign=why-cyber-risk-and-compliance-needs-to-be-the-foundation-for-healthcare-digital-transformation-initiatives-5

Vastaamo psychotherapy data breach sees the most vulnerable victims extorted

“Hell is too nice a place for these people.” Never have we seen outrage about a cybercrime at such a level. The outrage is aimed at cybercriminals behind the data breach that occurred at Finnish psychotherapy practice Vastaamo. Vastaamo, which has treated some 40,000 patients, is a subcontractor to several major public-sector hospital districts. Finland’s president Sauli Niinisto called the blackmailing “cruel and repulsive.” Prime Minister Sanna Marin said the hacking of such sensitive information was ”shocking in many ways.”

What happened at Vastaamo?

For once it wasn’t a ransomware attack on a health care organization. Vastaamo was first breached in 2018, with a follow-up in March 2019, and on both occasions the attackers managed to steal tens of thousands of patient records. Due to the nature of the practice, the records contained extremely sensitive and confidential information about some of the most vulnerable people.

Sadly, it appears as though security levels were raised at Vastaamo only after the 2019 hack, and by then the data had already gone. Vastaamo was informed of the extortion in late September, 2020, when the three Vastaamo employees received an extortion message.

What did the attackers do to monetize the Vastaamo breach?

Vastaamo has been summoned to pay roughly half a million US dollars in Bitcoin. But that’s not the worst bit. Recently, the attackers started to send extortion messages to the patients, asking them to pay around $240 to prevent their data from being published. And that is a first, as far as we know—not just demanding a ransom from the breached organization, but also from all those that were unlucky enough to have their data on record there.

The aftermath

Here’s what’s been going on since the attack:

  • Vastaamo’s CEO Ville Tapio was fired by the board because he was considered to be aware of the breaches and of shortcomings in the psychotherapy provider’s data security systems.
  • Vastaamo’s owner, who bought the practice a few months after the second breach but was not informed about it, began legal proceedings related to its purchase.
  • Finnish police are still investigating, hindered by the long interval between breach and extortion demands. They are not even sure whether the extortionists are the same people as the initial attackers.
  • Finland’s infosec community has set up a website with guidance for the victims on how to recover from the breach.
  • Many of the victims are considering legal action against Vastaamo. Unfortunately, Finnish procedural law does not allow for class-action lawsuits.
  • The extortionists have already published some 300 files using the anonymous Tor communication software.
  • Various Finnish organizations have rapidly mobilized ways to help the victims of the breach, including direct dial numbers for churches and therapy services.

It will probably take some time before it becomes clear what went down exactly, if ever. And the number of leaked patient files and the way the patients are being extorted makes this case one of a kind. Let’s hope it stays that way.

Healthcare and cybersecurity in general

We at Malwarebytes have warned about security issues in the healthcare industry many times before, pointing out some major causes of inadequate cyber defenses:

  • The Internet of Things (IoT): Due to their nature and method of use, you will find a lot of IoT devices in hospitals. They likely all run on different operating systems and require specific security settings in order to shield them from the outside world.
  • Legacy systems: Quite often, older equipment will not run properly on newer operating systems, which results in an outdated OS or even software that has reached the end-of-life point. End-of-life means the software will no longer receive patches or updates even when there are known issues.
  • Lack of adequate backups: Even when the underlying problem has been resolved, it can take far too long for an attacked target to get back to an operational state. Organizations need to at least have a backup plan and maybe even backup equipment and servers for the most vital functions so they can keep them running when disaster strikes.
  • Extra stressors: Additional issues like COVID-19, fires, and other natural disasters can cut time and push aside the need to perform updates, make backups, or think about anything cybersecurity related. These stressors and other reasons are often referred to as “we have more important things to do.”

What should Vastaamo victims do now?

Some of the guidance given to Vastaamo clients applies to other situations, but some is very specific for this one. Should your data be leaked in a data breach, Malwarebytes published a quick checklist in 2018.

Vastaamo’s website has the following suggestions for victims:

  • Do not call 112 (Finnish 911 equivalent), as the emergency center will not be able to help with this.
  • Record and preserve any emails, messages, and other evidence you receive.
  • Record all information about the sender at the time of receiving the message in the crime report.
  • Do not pay the ransom
  • Do not distribute mails, as they contain personal information.

Victim Support Finland, backed by the Ministry of Justice, has more guidance in English for those who suspecttheir data may have been comprised in the Vastaamo breaches.

Stay safe everyone!

The post Vastaamo psychotherapy data breach sees the most vulnerable victims extorted appeared first on Malwarebytes Labs.

The post Vastaamo psychotherapy data breach sees the most vulnerable victims extorted appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/vastaamo-psychotherapy-data-breach-sees-the-most-vulnerable-victims-extorted/?utm_source=rss&utm_medium=rss&utm_campaign=vastaamo-psychotherapy-data-breach-sees-the-most-vulnerable-victims-extorted

Top 3 Risks Facing Manufacturers in the Age of Digital Transformation (and How You Can Mitigate Them)

As industries continue to embrace digital transformation, the manufacturing industry has lagged in terms of digitalization. As manufacturers have begun to embrace digitalization strategies, we have seen a massive shift towards data protection, industry 4.0, and ‘smart factories.’ For manufacturing companies, undergoing a digital transformation will look different for each case, but doing so can help increase productivity and reduce resources. We have identified the top three key risks CISOs and cybersecurity practitioners face when undergoing a digital transformation in the manufacturing industry.

The post Top 3 Risks Facing Manufacturers in the Age of Digital Transformation (and How You Can Mitigate Them) appeared first on Security Boulevard.

Read More

The post Top 3 Risks Facing Manufacturers in the Age of Digital Transformation (and How You Can Mitigate Them) appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/top-3-risks-facing-manufacturers-in-the-age-of-digital-transformation-and-how-you-can-mitigate-them/?utm_source=rss&utm_medium=rss&utm_campaign=top-3-risks-facing-manufacturers-in-the-age-of-digital-transformation-and-how-you-can-mitigate-them

Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns

Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention.   
Read More

The post Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/wisc-gops-2-3m-maga-hat-debacle-showcases-fraud-concerns/?utm_source=rss&utm_medium=rss&utm_campaign=wisc-gops-2-3m-maga-hat-debacle-showcases-fraud-concerns

A Look Into JumpCloud’s Q3 2020: Surging Demand for Access in a Remote World

We continue to invest in making JumpCloud the easiest to use cloud directory platform and delivering value for customers. Try JumpCloud Free.

The post A Look Into JumpCloud’s Q3 2020: Surging Demand for Access in a Remote World appeared first on JumpCloud.

The post A Look Into JumpCloud’s Q3 2020: Surging Demand for Access in a Remote World appeared first on Security Boulevard.

Read More

The post A Look Into JumpCloud’s Q3 2020: Surging Demand for Access in a Remote World appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/a-look-into-jumpclouds-q3-2020-surging-demand-for-access-in-a-remote-world/?utm_source=rss&utm_medium=rss&utm_campaign=a-look-into-jumpclouds-q3-2020-surging-demand-for-access-in-a-remote-world

Aproveite análises avançadas para proteger seus dispositivos de endpoint

Desde março de 2020, milhões de funcionários ao redor do mundo adotaram o home office como prática de trabalho. Além dos muitos desafios trazidos pela pandemia, agora as questões de segurança ficaram ainda maiores, porque a responsabilidade de garantir um …

The post Aproveite análises avançadas para proteger seus dispositivos de endpoint appeared first on ManageEngine Blog.

The post Aproveite análises avançadas para proteger seus dispositivos de endpoint appeared first on Security Boulevard.

Read More

The post Aproveite análises avançadas para proteger seus dispositivos de endpoint appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/aproveite-analises-avancadas-para-proteger-seus-dispositivos-de-endpoint/?utm_source=rss&utm_medium=rss&utm_campaign=aproveite-analises-avancadas-para-proteger-seus-dispositivos-de-endpoint

$2.3M Stolen from Wisconsin GOP via BEC Attack

 
With Election Day just around the corner, the
Republican Party of Wisconsin  revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump.  According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor.
 

The post $2.3M Stolen from Wisconsin GOP via BEC Attack appeared first on Security Boulevard.

Read More

The post $2.3M Stolen from Wisconsin GOP via BEC Attack appeared first on Malware Devil.



https://malwaredevil.com/2020/10/30/2-3m-stolen-from-wisconsin-gop-via-bec-attack/?utm_source=rss&utm_medium=rss&utm_campaign=2-3m-stolen-from-wisconsin-gop-via-bec-attack

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...