June 3rd, 2022 by hankshelp
“A vulnerability dubbed “Follina” could allow attackers to gain full system control of affected systems. Learn more about it and how to protect yourself from it,”
“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
Posted in Malware, Phishing, Scams | No Comments »
April 5th, 2022 by hankshelp
“Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.”
Posted in Identity Theft, Phishing, Scams, Security Breeches, Uncategorized | No Comments »
July 20th, 2021 by hankshelp
“Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers.
The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients.
According to the complaint filed by Microsoft last week (more details available in the court order), they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.”
Posted in Identity Theft, Malware, Ransomware, Scams | No Comments »
January 30th, 2021 by hankshelp
“The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.”
Posted in Finance/Taxes, Identity Theft, Scams | No Comments »
May 6th, 2019 by hankshelp
“Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys choose companies, Government departments and organisations with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening. “
Posted in Identity Theft, Malware, Scams | No Comments »
April 28th, 2019 by hankshelp
Yet another reason to avoid so-called “Cleaners” for Windows. First off, I don’t trust things that will “automatically” make changes to my PC without my knowing exactly what they are doing. Yet these programs keep showing up, even advertised on-line as well as on TV.
“Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan.
AZORult is a trojan that when installed attempts to steal a user’s browser passwords, FTP client passwords, cryptocurrency wallets, desktop files, and much more.
Instead of renting distribution methods such as spam, exploit kits, or being dropped by other trojans, the attackers decided to create a fake Windows utility and an accompanying web site to distribute the trojan instead.“
Posted in Identity Theft, Malware, Scams | No Comments »
January 25th, 2019 by hankshelp
“The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.”
Posted in Malware, Scams, Security Breeches | No Comments »
December 17th, 2018 by hankshelp
“A phishing campaign has been discovered that pretends to be a non-delivery notifications from Office 365 that leads you to a page attempting to steal your login credentails.
This new campaign was discovered by ISC Handler Xavier Mertens and states that “Microsoft found Several Undelivered Messages”. It then prompts you to click on the “Send Again” link in order to try sending the emails again. “
Posted in Malware, Phishing, Scams | No Comments »