Computer News & Safety – Harry Waldron Rotating Header Image

January, 2018:

IRS – ISC warning for 2018 Tax Phishing scams

While it is early in the tax season, the SANS ISC warns of dangers in responding to email messages (as IRS always uses US postal mail for official business). Scammers have found it advantegous to file fake returns very early in the tax season to obtain refund monies, well before many folks normally file.

Its that time of the year where you will start receiving fake tax information emails. So far today we have seen just a small campaign,  but I think people will more likely be susceptible to this kind of email this year as most people have heard about changes to the tax code, but not sure what has changed and how it affects them.

The below attack had nothing significant about it as its a PDF that appears to be a link to a google document. The site then mimics google login and harvests credentials. I expect to see some very well crafted and targeted emails shortly that will trick users.

EXAMPLE of email leading to fake phishing website designed to gather sensitive information

From: xxxxxxxxxxxxxxxxxxxxx
Subject:Federal Tax Refund Information

Attachment:Federal Tax Refund Information.pdf

URL:  xxxxxxxxxxxxxxxxxxxxxxxxxx

Good afternoon, I have a very important information for you concerning the Federal Tax Refund which I know that it will help you. Kindly check the attached file to view the details.

Malware – 2,000 Word Press sites infected with keylogger JAN-2018

Using special JavaScript injection on Word Press sites with weaker controls, over 2,000 infections were noted in following article.  Website ADMINS should strengthen security and users should exercise caution even when visiting legitimate sites that might seem safe.

More than 2,000 websites running the open source WordPress content management system are infected with malware, researchers warned late last week. The malware in question logs passwords and just about anything else an administrator or visitor types.

The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that’s surreptitiously run on the computers of people visiting the infected sites. Data provided here, here, and here by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.

Website security firm Sucuri said this is the same malicious code it found running on almost 5,500 WordPress sites in December. “Unfortunately for unsuspecting users and owners of the infected websites, the keylogger behaves the same way as in previous campaigns,” Sucuri researcher Denis Sinegubko wrote in a blog post. “The script sends data entered on every website form (including the login form) to the hackers via the WebSocket protocol.”

The attack works by injecting a variety of scripts into WordPress websites. Besides logging keystrokes typed into any input field, the scripts load other code that causes site visitors to run JavaScript from Coinhive that uses visitors’ computers to mine the cryptocurrency Monero with no warning.

Apple iOS 11.3 – Seven features in new version

Apple iOS 11.3 addresses recent battery issues & will be introduced during spring 2018.  This article shares 7 key features in the new version:

iOS 11.3, the latest version of Apple’s iPhone and iPad operating system, is coming this spring — and it’ll offer more features than you might expect from a “.3” release. Whether you’re interested in augmented reality, cute Animoji or just a way to keep Apple from throttling your old iPhone, there’s something in this update to pique your curiosity.

Apple’s next update brings fixes for Apple’s battery snafu, new Animoji, AR upgrades and more.  Apple devs rip apart the new iOS 11.3 beta to see what the company’s changed. Apple released iOS 11.3 beta 1 to developers today.

Apple iOS 11.3 – Seven features in new version
1. Take control of your battery
2. More Animoji
3. Augmented reality goes vertical
4. AirPlay 2
5. Read and delete iMessages anywhere
6. No-hassle chat with your bank or store
7. New health records tracking facility

Facebook – Features more Local News starting JAN-2017

Facebook will shift the from its mostly national news focus to also feature more local new stories, as documented below

On Monday, Zuckerberg indicated that national issues can become divisive and problematic to building communities through the social networking service.  Move over national news. High school sports, arts, and local happenings around your neighborhood will start popping up more frequently in your Facebook News Feed.

Starting on Monday, Facebook will promote local news as part of its shift to make the social networking service better for society. “Local news helps build community—both on and offline. It’s an important part of making sure the time we all spend on Facebook is valuable,” the company’s CEO Mark Zuckerberg said in a Facebook post.

The change goes into effect today in the US, and will be rolled out in other countries throughout 2018. It comes as Facebook’s CEO has vowed to fight fake news on the platform, and make the service better for people’s well being.

Facebook Security – 7 Privacy Principles for 2018

Facebook has just issued a list of 7 Privacy Principles to commemorate “Data Privacy” day on FEB 28th. 

Giving You More Control of Your Privacy on Facebook

Facebook’s Privacy Principles – Facebook was built to bring people closer together.  It’s important that you have choices when it comes to how your data is used. These are the principles that guide how we approach privacy at Facebook.

1. We give you control of your privacy
2. We help people understand how their data is used
3. We design privacy into our products from the outset
4. We work hard to keep your information secure
5. You own and can delete your information
6. Improvement is constant
7. We are accountable

Mobile Phone Technology – Samsung Galaxy S9 early preview

Some early previews of the new Samsung Galaxy S9 model are starting to circulate prior to the official announcement on Feb. 25th.

Samsung Galaxy S9 and S9+ could feature Intelligent Scan, 3D stickers, and Tag shot camera mode

We already know what the Samsung Galaxy S9 and Galaxy S9+ look like, their specs, and other details, before they’re officially unveiled on February 25 at Mobile World Conference in Barcelona. We’re also learning about possible included features, including Intelligent Scan, 3D stickers, and a new camera mode called Tag Shot.

Intelligent Scan – The strings reveal that Intelligent Scan “combines face and iris scanning to improve accuracy and security even in low or very bright light.” The above video will likely be included as an explainer when you’re setting up the feature.  Intelligent Scan looks to be a replacement for entering a password, inputting a PIN, or drawing a pattern.

3D stickers – Depth-sensing editing will apparently let you add stickers or images to pictures that were taken with dual cameras and then adjust the depth of the stickers or images.

Tag shot – lets you take pictures and tag them with the current location and weather information.

IRS – How to prevent TAX Fraud in 2018

US CERT is sharing IRS theme of “Tax Identity Theft Awareness Week”.  One new tip for 2018 is that W2 forms now contain a new code that can be optionally used with electronic filers.  These 3 links below contain a # of beneficial tips to help prevent tax filers from fraud.

NCCIC/US-CERT encourages consumers to review IRS publication Taxes.Security.Together. and NCCIC/US-CERT Tip Preventing and Responding to Identity Theft. Users can also participate in a series of free webinars and chats on avoiding tax identity theft, hosted by the Federal Trade Commission, IRS, Department of Veterans Affairs, and others.

Leadership – Five steps to build trust in the workplace during 2018

The John Maxwell leadership training center shares an excellent article in looking ahead to challenges of 2018.  This article offers 5 techniques for trust-building within the workplace

The importance of trust between you and your leaders cannot be overstated. Leaders can cultivate a high-trust culture or create culture of distrust that increases tension, puts people “on guard” at all times, and hurts productivity.

Here are five practical ways to build trust with the leaders in your company.

1.Practice the 30-second rule. Simply put, within the first 30 seconds of a conversation you should say something encouraging to the person you’re addressing. It’s an easy way to build rapport and deposit good will into that person’s emotional bank account.

2.Say the right words at the right time. This tactic requires some patience and discretion. Remember to consider what you are saying before you say it. Ask yourself: Is it necessary? Is it helpful? Is it uplifting?  Be authentic, especially when offering a compliment. Nothing destroys trust faster than insincere praise.

3.Offer your very best.  This rule basically states that you should be prepared to voluntarily give of yourself beyond what is required. All too often, people try to skate through a project or initiative with the minimum amount of effort. Giving maximum effort—especially when you don’t have to and your team knows it—will only solidify and build trust.

4.Keep your eye off the mirror. Most people readily admit that unselfishness is a positive quality.  Begin by looking each day for a way to set aside personal needs and intentionally help someone else without expecting anything in return.

5.Remember a person’s story. A great way to establish relationship is to ask another person to share his or her story.  Learning a person’s story is a great way to connect—while remembering the details of his or her unique journey is a great way to reinforce relationship

Malware – Recent YouTube ads infected with Cryptocurrency Mining code

As extensive computing power is required to harvest cryptocurrency using complex algorithms, a recent malware trend has been to link computers visiting a website into the process.  While most of the malware agents have likely been removed, users must remain careful at all times while online.

Cryptocurrency Mining Ads Sighted On YouTube: Report

Video giant YouTube is the latest site to be hit with reports of advertisements that secretly utilize unwitting users’ computing power to mine cryptocurrency. According to a number of scattered international reports gathered by Ars Technica from Japan, France, Taiwan, Spain, and Italy, antivirus programs are finding cryptocurrency mining code running on users’ computers when they go to YouTube. Most of the mining ads in question seem to be mining a type of cryptocurrency called Monero and are JavaScript-based, allowing them to do their work through a seemingly normal ad on any web page. YouTube, for its part, has yet to put out any sort of official statement about this phenomenon. Most of the information about the ads was gleaned by security analyst firm TrendMicro, as well as various antivirus programs such as Avast.

Microsoft Security — OOB Windows Update to fix recent Intel Spectre issues

A Microsoft Security out of band release for Windows Update has been just issued.  It is designed to fix recent Intel Spectre issues


If you’ve noticed any unexpected reboots or PC instability as a result of the recent Spectre patches, there’s a solution: Microsoft has issued an emergency Windows patch that rolls back the recent Spectre mitigations.

Confused? It’s a bit complicated. After the intial Spectre and Meltdown vulnerabilites were disclosed, both Intel and Microsoft hustled out patches to mitigate the problem. Unfortunately, Intel’s latest microcode updates—and the BIOS updates from PC makers based upon them—were themselves buggy, causing instability, reboots, and data loss in some PCs.

Microsoft’s latest patch (KB4078130) allows people with affected systems to download the patch via the Microsoft Update Catalog, which disables the mitigations for the “Spectre variant 2.”