When someone appearing to be your boss emails you and says
they urgently need you to send them employees’ W-2 information from 2016, what
do you do? Well, if you haven’t been
trained properly or reminded often enough – or if your employer doesn’t have
safeguards in place that might prevent you from just sending an email with an
attachment out of the system – you might fall for the scam and email
criminals the requested information.
If you don’t want to be hated by your colleagues whom you
have put at risk of tax refund fraud and identity theft, when you get a request
to email W-2 information, STOP and consult with a supervisor and ask them to
confirm up the chain that this is a legitimate request.
Last year, this
site compiled 145 such incidents before I somewhat waved a white flag in
terms of trying to keep up. Let’s see
how 2017 goes. Here’s the list I’ve got
so far, and it will be updated as I become aware of new incidents. Steve Ragan of Salted Hash has
indicated that he will keep track, so do check his space also.
- Dracut Schools.
- Tipton County Schools
- Odessa School District
- Campbell County Health
- Marin Software
- UGI Utilities
- Sunrun
- Lexington School District Two in SC.
- Mercedes ISD in Texas.
- eHealthInsurance (eHealth, Inc.)
- Kuhana Associates
- Point Coupee Hospital
- Morton School District (IL)
- Scotty’s Brewhouse (IN)
- Mitchell Gold + Bob Williams
- Persante
- TransPerfect
- Davidson County Schools (NC)
- Belton Independent School District (TX)
- Argyle School District (TX)
- Renovate America (CA)
Everyone blames the Russians. Probably because the Russians are hacking
everyone.
The Labour Party’s parliamentary
group suffered a hack in autumn that was carried out by Russians, TV2 reported.
The attack against Labour is
being compared to the hack of the Democratic National Committee that American
intelligence agencies said was carried out by Russia in an effort to influence
the outcome of the US election.
According to TV2’s report,
Labour’s parliamentary group was notified of the hack by the Norwegian Police
Security Service (Politiets Sikkerhetstjeneste – PST).
Read more on TheLocal.no.
Everyone tries to hack everyone to get intel. [Some are
better at avoiding detection, Bob]
(Related). Of
course, the Russians blame the Chinese.
Chinese Cyberspies Target Russia With New Malware
A China-linked cyber
espionage group has been using new malware and new techniques in attacks aimed
at military and aerospace organizations in Russia and Belarus.
In July 2016, security firm Proofpoint reported that the
threat actor had been using NetTraveler
(aka TravNet) and the PlugX RAT to
target Russia and neighboring countries.
Update. It didn’t
take long to find these hackers. They
must not be Russian!
Peter Hermann reports:
Two people have been arrested in
London in the hacking of storage devices that record data from D.C. police
surveillance cameras, law enforcement authorities said Thursday.
The arrests were made in the
south London neighborhood of Streatham and followed a search warrant that was
served Jan. 19, the day before the presidential inauguration in the District.
Read more on Washington
Post.
[From the
article:
D.C. officials said last week that the hack appeared to be
an extortion effort that “was localized.”
… City officials
revealed the hack last week and said ransomware had been left on the camera
system between Jan. 12 and Jan. 15.
(Related).
Ransomware is becoming more common.
Government computer systems are too easily hacked.
Officials in Licking County tell
10TV that ransom was demanded for an IT hack that impacted the county’s phone
and computer systems.
A computer virus shut down more than a thousand computers inside
the Licking county government center late Tuesday.
A county commissioner says that
the virus demanded a payment in Bitcoin for the county to regain control of
their systems. Officials declined to
specify the amount of money that was requested.
Read more on 10TV.
Next time the FBI need to break into a phone they can call
my Ethical Hacking students.
Hacker Dumps iOS Cracking Tools Allegedly Stolen from
Cellebrite
In January, Motherboard reported that a
hacker had stolen 900GB of data from mobile phone forensics company
Cellebrite. The data suggested that
Cellebrite had sold its phone cracking technology to
oppressive regimes such as Turkey, the United Arab Emirates, and Russia.
Now the hacker responsible has publicly released a cache
of files allegedly stolen from Cellebrite relating to Android and BlackBerry
devices, and older iPhones, some of which may have been copied from publicly
available phone cracking tools.
For my Computer Security students.
Javelin 2017 Identity Fraud Study
by Sabrina
I. Pacifici on Feb 2, 2017
“The 2017 Identity Fraud Study released
today by Javelin Strategy & Research (@JavelinStrategy), revealed that the number of
identity fraud victims increased by sixteen percent (rising to 15.4 million
U.S. consumers) in the last year, a record high since Javelin Strategy &
Research began tracking identity fraud in 2003. The study found that despite the efforts of
the industry, fraudsters successfully adapted to net two million more victims
this year with the amount fraudsters took rising by nearly one billion dollars
to $16 billion. There was a resurgence
in existing card fraud in 2016, which saw an increase
of 40 percent in card-not-present (CNP) fraud. The study also found that the increase in EMV
cards and terminals was a catalyst for driving fraudsters to shift to
fraudulently opening new accounts. On a
positive note, while fraudsters are becoming better at evading detection,
consumers with an online presence are getting better at detecting fraud
quicker, leading to less stolen overall per attempt”
You don’t have to tell your computer what’s in a picture –
it can tell you.
Facebook AI Lumos Can Find Your Photos Even Those You Are Not
Tagged In
… the company
announced that its artificial intelligence technology Lumos can now
search for pictures not just based on dates, places, and tags. Rather, the technology can also find specific
photos just because it understands what's in them.
All tech companies want a vacuum cleaner like connection
to your wallet. This is Apple’s.
Apple is truly determined to disrupt banking with Apple Pay
Apple
Pay is much more than a frictionless and secure payments service, Apple
also thinks it will help accelerate the digital transformation of the banking
industry.
… In recent court
filings reported
by the Sydney Morning Herald, the company explained how Apple
Pay-driven disruption of the banking system may help customers:
- By opening up the market to smaller lenders through the provision of an alternative to card payment systems.
- Increased competition should force better rates.
- Lenders should begin offering better promotional deals, such as air miles or cash back.
Perspective. Imagine
using your building lights to play Tetris, stream the news or advertise your
company.
Now Cisco can even network your building systems
The Catalyst Digital Building Series Switch is an Ethernet
switch designed to link different kinds of building infrastructure over a
network.
… It uses Cisco’s
enhanced version of PoE (Power over Ethernet) to run things like lights and
cameras while collecting data about those devices over the same standard cable.
The switch embodies the merger
of IT and OT (operational technology), one of the big enterprise trends that
the internet of things is driving.
… Cisco’s new
switches can power all the lights in a building by themselves. Instead of being connected to the traditional
AC power grid that feeds wall sockets, the lights will run off Ethernet cables
from ports in the switch.
This wasn’t possible until LED lights became affordable
for use in new buildings and renovations.
No comments:
Post a Comment