Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming

Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming

A zero-day Adobe Type Manager Library exploit is now wielded in limited, targeted attacks against Windows users, technically allowing for remote code execution. The good news is that Microsoft knows about the problem, but the bad news is that a patch is not yet available.

When Microsoft notifies people of vulnerabilities in Windows 10, it’s usually after a patch is deployed to fix the problems. The latest announcement from Microsoft regarding the zero-day Adobe Type Manager Library exploit is different because attackers are using it in the wild.

It’s not something that’s technically possible which should be fixed. The exploit is in use right now, which means the company is quickly notifying users about its possible use and about some mitigations that can be implemented until a patch is available.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” says Microsoft in the advisory. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

While the tool is called the Adobe Type Manager Library, it’s not actually made by Adobe. It’s an implementation of a similar tool, made originally by Adobe, used to read PostScript Type 1 fonts. It turns out that it’s possible to embed information in malicious font files and use the Windows Preview pane to open it.

Microsoft is working on a fix and it should be available in the next Update Tuesday, which usually falls on the second Tuesday of the month. In the meantime, users can follow the instructions in the advisory regarding various workarounds. Some of these measures will have to be reversed after the patch is applied to regain full functionality of the operating system.

Don’t Fall for These COVID-19 Scams, FBI Warns

The FBI has warned that scammers are using email scams to capitalize on the coronavirus scare, including messages purporting to be from national authorities like the Centers for Disease Control and Prevention.

“Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let them,” the Federal Bureau of Investigation warns in a notice posted by its cybersecurity division, the IC3.

“Protect yourself and do your research before clicking on links purporting to provide information on the virus,” according to the agency.

That includes donating to a charity, contributing to a crowdfunding campaign, purchasing products online, or giving away personal information to receive money or other benefits.

Scammers are increasingly posing as the Centers for Disease Control and Prevention (CDC) and other organizations claiming to offer information on the virus, the FBI warns. Fraudsters are lacing links inside the message with malware designed to steal personal information or lock your computer and demand payment (ransomware).

Internet users should be wary of websites and apps claiming to track COVID-19 cases worldwide, for example, as cybercrooks are using this method to deliver malware.

If you receive any email asking you to verify your personal information to receive an economic stimulus check from the government, steer clear, it’s a phishing scam.

“While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money,” the FBI elaborates.

Other examples of phishing emails making the rounds include messages related to charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines, and fake COVID-19 testing kits.

Last, but not least, the public needs to be cautious of anyone selling products with claims to prevent, treat, diagnose, or cure the raging coronavirus.

“Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves,” the Bureau warns.

The notice includes instructions on how to spot scams and how to contact the real government agencies in charge of helping the public in times like these.

Fake Email from WHO Installs Malware

An email seemingly from the General Director of the World Health Organization, Dr. Tedros Adhanom Ghebreyesus, contains a new HawkEye malware variant, designed to steal valuable information from infected computers.

The attackers are using the current Coronavirus epidemic to attract potential victims by pretending to offer information about drugs that could help prevent or cure COVID-19, which is, of course, false information.

The email contains an attachment, which is actually there to deploy the HawkEye malware that installs a keylogger and an info stealer. This is not exactly a novel approach. Just a couple of weeks ago, security researchers found a RAT dropper inside an email, hidden under the name of CoronaVirusSafetyMeasures_pdf.

In the case of the Hawkeye malware, found by the IBM X-Force researchers, the file in the attachment is named Coronavirus Disease (Covid-19) CURE.exe, and follows the same method. After the victim opens the executable, the malware takes a number of quick steps to try to hide the installation of the malware from any security solutions.

The HawkEye keylogger eventually installed can be used to capture screenshots, log all keystrokes, steal credentials, and send all data gathered by using the SMTP protocol. It can also steal credentials from Firefox, Thunderbird, and all other products using Mozilla-developed technology.

There’s no reason to think it’s a one-off. If anything, we’ll see more of this type of spam. Users need to remember not to open emails, attachments, or messages from unknown sources, especially the ones claiming to come from the World Health Organization.

Data breach at online guitar lesson platform may have exposed user credit card information

TrueFire, a leading online guitar-tutoring platform, has suffered a “Magecart-style” security incident that may have exposed customers’ personal identifiable information and credit card numbers.

The facts

The data breach was discovered on January 10, when the company noticed that an unauthorized individual had gained access to their systems, “more specifically, to information that consumers had entered through the website,” reads the Notice of Data Breach.

Although TrueFire said it doesn’t store any credit card information directly on its website, the letter confirms “the unauthorized person gained access to the Website and could have accessed the data of consumers who made payment card purchases, while that data was being entered, between August 3, 2019 and January 14, 2020.”

The technical details behind the incident are yet to be revealed. However, it is clear that the threat actor had access to the platform’s systems for six months period and could have captured, in real time, names, addresses, credit card numbers, expiry dates and CVV codes of unsuspecting shoppers.

Security researchers speculate that the attack may have involved malicious credit card-skimming malware that sniffs out credit card and personal information while it is being entered on a website. This dangerous type of malware could fill the cyber criminals’ pockets, as CC information and other identifiable data is highly sought after on the dark web markets.

What should you do?

While TrueFire states it is continuously monitoring activity on Trufire.com and working alongside cybersecurity forensics experts to “ensure that the intrusion remains contained,” users are advised to keep an eye out form suspicious activity on credit and debit card statements.

The company also recommends reviewing information regarding identity theft protection services (enclosed alongside the notification sent to affected customers), and report any fraudulent transactions to the financial institution or credit card company.

At first glance, an online guitar lesson website may not seem like a very attractive victim for threat actors. But keep in mind that no company, service provider or website can be 100% bullet proof. Cashing out is the number one priority on the bad actor’s agenda. In this case, the stolen credit card information may have an immediate reward, but any piece of personal identifiable information you provide online can be valuable.

Due to the recent developments that have affected most of the world’s population, you might have let down your guard. Try to watch out, though, and keep tabs on your online activity, wherever your browsing patterns may take you.

Sextortion scam with a twist lures friends into opening malicious attachments

In a peculiar take on the traditional sextortion scam, bad actors have started threatening to distribute stolen nude pics of your friend’s girlfriend.

The novel campaign targets the friends of an already ‘sextorted’ victim who did not agree to the ‘terms’ and refused to pay, according to new research by IBM’s X-Force team.

Threat actors deliver a message claiming they are now sending the private images to every person in the contact list of your friend, including you. To see them, you’re told to check the attachment.

If you’re curious to see who was targeted, and open the attachment, you’ll see a Microsoft Office document containing a blurred image. The contents are viewable only if you click on the Enable Content button. That’s when the malicious payload is downloaded on your device. The malware delivered is known as Raccoon, an info stealer detected by security researchers in underground forums about a year ago.

This malicious tool is distributed as malware-as-a-service to any hacker willing to invest $75 per week or $200 per month to target login credentials, credit card information, cryptocurrency wallets and browser information.
The delivery method is not limited to phishing campaigns though. Security researchers state that unpatched browsers and operating systems also pose a risk of infection, as exploit kits may be embedded on different websites.

Sextortion scams are a popular way for criminals to capitalize on the fear of having any indecent photos exposed online, to your family, friends or coworkers. The scammer will always make sure that, even if you’re positive no such material exists, your system is infected in some way and sexual explicit images were snapped using your webcam.

A word to the wise – ignore any such message that pops up in your Inbox. Definitely don’t click on the malicious attachment and do not enable any Macros in the document. Better safe than sorry! Simply delete the message. It’s always a good idea to have a security solution in place to ward off malware, spyware and phishing attempts.

Be Safe!

Instant communication platforms are prime targets for cybercriminals during Covid-19 pandemic

The COVID-19 outbreak has transformed into a 24/7 nightmare for people all over the globe. Safety measures have forced workers to comply with Coronavirus recommendations or their employer’s policy, and start working from home, where possible.

Remote work is not the only measure recommended by officials, as thousands of people have chosen self-isolation to avoid contacting the novel virus as well. As social distancing becomes the norm, people increasingly rely on the digital world to communicate, interact, work, shop and offer support to one another.

Cybercriminals know this, and they’re using every trick in their book to dupe you into becoming one of their next victims. Attacks range from good old-fashioned phishing emails and malicious websites to fraudulent ads and fake messages sent out on social media platforms and instant messaging apps.

The next time you feel the urge to go online and communicate with others on Facebook, Twitter, WeChat or WhatsApp, keep an eye out for scammers. Threat actors will go to any lengths to profit off consumers, especially now, when people rely on the Internet more than ever to stay up to date with the news on the pandemic.

As Amazon has cleaned out its closet and removed more than 1 million products advertising fake health benefits against Coronavirus, scammers have taken social media platforms and cross-platform messaging apps by storm, promoting bogus products and spreading fear and misinformation.

Earlier this week, Facebook, Google, Twitter and Reddit also said they’re committed to fending off misinformation and helping keep everyone connected as safely as possible.

To tackle a wave of fake news and scams, WhatsApp has partnered with the World Health Organization to launch a Coronavirus information hub to aid educators, businesses and workers on how to use the app during this period. The joint effort of online platforms scrubbing fake Coronavirus news is appreciated and needed.

However, fake news and fraud are not the only menace that deserve attention. Cyber criminals will most likely turn to instant messaging apps to send out messages with COVID-19 content that urge you to click on a spoofed link that looks legit. Imagine having your devices infected with malware or ransomware at a time like this.

Should you receive any suspicious messages from an unfamiliar source, follow these simple rules:

• Disregard the message entirely
• Do not click on any links or provide any personal identifiable information or payments
• If you receive the message via WhatsApp, block the number
• If your service provider or phone allows personalized filtering, report the message as spam
• Report any misuse, spam or fraudulent activity to the platform provider
• Gather information from your healthcare provider and local authorities
• Keep your security solution up to date

Stay Safe!

One Hacking Group Promises to Stop Attacking Medical Units Until COVID-19 Cools Down

Perhaps they want to avoid provoking the white-hot rage of an already wounded public. Or maybe they’ve realized their victims can’t pay. Or, just possibly, some black hats do have a smidgen of ethics. At least in grim times like these.

The Maze Team ransomware gang, infamous for shutting down hospitals and clinics with ransomware, has said it will stop attacking the healthcare sector – at least until the Coronavirus crisis is under control.

Threat actors have shown a hint of sympathy on rare occasions in the past. In 2018, for example, the infamous GandCrab ransomware operators decided to avoid hacks on Syrian ground, and to help victims recover their files in the war-torn country.

However, ruthlessness is the norm.

Last week, a major hospital in the Czech Republic, which served as a COVID-19 testing facility, grinded to a halt after its systems were locked down with ransomware. It is unclear if the malware used was the one commanded by the Maze Team, but it could have been, considering the team’s aggressive global campaign against major industries, including the medical sector.

In a move that generates a guarded sigh of relief along with healthy skepticism, Maze Team this week announced it will dial down its malice during the Coronavirus pandemic, offering discounts for some victims while completely halting targeted attacks against the healthcare industry.

A screen capture of the team’s ‘press release’ obtained by Databreaches.net (reproduced above) reveals that Maze promises to reduce its ransom demands and provide the decryptor to its “partners” (read victims), as well as delete any stolen data, “in case of agreement.”

“The offer applies to both new parties and the archived ones,” reads the announcement. “We are always open for cooperation and communication.”

As for the healthcare industry, Maze Team had this to say:

“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus.”

Maze Ransomware Continues to Hit Healthcare Units amid Coronavirus (COVID-19) Outbreak

The infamous Maze Team has struck again, this time infecting an urgent walk-in care center in Texas with its system-crippling ransomware. Sticking to its traditional modus operandi, the hacking group is threatening to leak the caregiving unit’s patients’ data if ransom is not paid.

The Affordacare Urgent Care Clinic offers expert medical care for most common illnesses and injuries, complete with on-site X-ray and lab testing. The clinic’s site doesn’t say whether it also conducts tests for COVID-19 infections.

“Next time you or your family need medical care, simply walk in to one of our conveniently located clinics or check in online. We’ll get you feeling better fast,” reads a promotional message on the clinic’s home page.

Whether that statement is still valid remains to be confirmed, as hackers have allegedly infected the clinic’s systems with ransomware, which typically cripples digital equipment and hampers normal operation.

According to Databreaches.net, AffordaCare was infected by Maze Team with ransomware on Feb. 1, but not before the hacker group stole more than 40 GB of data, including protected health information. The medical unit has yet to confirm the hack. However, Maze Team, in its trademark style, made the breach public on a website it uses to leak data stolen from victims who refuse to pay ransom.

“According to the hackers, when AffordaCare didn’t pay the demanded ransom to get a decryption key and to deter the attackers from publicly dumping the stolen data, Maze Team added the clinic to its website where it names its victims who are not cooperating with ransom demands,” Databreaches.net reports.

And there is no reason to distrust the hackers’ claims. Maze Team is releasing samples of the stolen data, which includes: patients’ full names, Social Security number, date of birth, diagnosis code, treatment code, patient address and phone number, relevant medical history and reason for visit, billing information, insurance policy information, and more.

The dump also includes samples of data belonging to AffordaCare staff, including workers’ compensation documentation and employee payroll information.

If the hack is confirmed, AffordaCare is bound by law to disclose the breach publicly and report it to the US Department of Health and Human Services (HHS) within 60 days of learning of the incident.

With the Coronavirus outbreak in full swing, the timing couldn’t be worse for any clinic anywhere to get hit with ransomware, as evidenced by the attack on a Czech hospital and COVID-19 testing facility last week.

Miracle cures and dodgy advice for Coronavirus

Miracle cures and dodgy advice for Coronavirus

As the Covid-19 pandemic spreads across the world, fraudsters are preying on the fears of consumers everywhere. Misinformation is spreading like wildfire, and misbranded or unapproved products claiming to have curative effects or to prevent COVID-19 have mushroomed overnight.

Despite their earnest hopes, consumers who pay for these bogus products won’t get their money’s worth.

Homeopathy, colloidal silver and toothpaste

No, your eyes are not playing tricks on you. Scammers are promoting treatments for the novel Coronavirus ranging from silver-laced hand soaps to toothpaste and essential oil products. These resellers are eager to make a quick buck by setting up Facebook pages and websites claiming to treat or prevent the disease.

Healthcare officials are warning consumers not to fall victim to their shenanigans. FTC and FDA have already taken action against these fraudulent resellers, and urge customers to file complaints about any suspicious products or ads they receive.

Cyber criminals routinely latch onto current events, so they have quickly weaponized the Coronavirus outbreak to deploy more than simply malware attacks. They’re piggybacking on the wave of misinformation and setting up fake websites of their own that advertise miracle drugs and offer prevention tips.

They can use fake emails, social media posts or even SMS texts in their hoaxes to trick you into providing personal identifiable information and money.

Be on the lookout

The easiest way to avoid falling victim to fraud during the Coronavirus outbreak is by using common sense and making sure that you adopt healthy browsing practices. Most importantly, keep an eye out for:

  • Suspicious links from unfamiliar sources
  • Emails claiming to come from the Centers for Disease Control and Prevention and the World Health Organization (WHO) promoting cures or pseudo-drugs that treat or prevent the virus
  • Ignore and report any false advertisement you see on social media platforms such as Facebook and Twitter

Remember, your safety always comes first. Don’t let your guard down and be proactive when it comes to your online activity and search patterns. Make sure you also promote good online practices to your friends and family, and do your virus-related research diligently on trustworthy websites.

Stay Safe!

How scammers exploit Spring Break in the time of COVID-19

How scammers exploit Spring Break in the time of COVID-19

Millions of US students and their families have looked forward to a fun-in-the-sun vacation for months now. However, with the Coronavirus outbreak declared a worldwide pandemic, most have either postponed trips or put them off entirely.

The socially responsible will most likely stay home alongside their families, but some might find it difficult to remain in place. A few will fight the odds and join their group for myriad outdoor activities or travel on the much-anticipated Spring Break.

We’ve seen the bogus websites and so-called resellers of medical equipment and cleaning or sanitation products that have flooded the Internet. But let’s stop for a second and think about the hidden dangers of travelling or having to quarantine yourself in an area far from home.

Not to further burden your already busy schedule as you try to keep you and your loved ones safe, but awareness of the rising threat of spring break scams is required.

Spring break vacation scams and bogus property rentals

In case you’re planning some time in the sun alongside your family or friends, keep an eye out for scammers who create false ads or websites proposing a week far from hustle and bustle of the city.

Cyber criminals are known for scraping data from the web and, in this case, they might gather street addresses and photos of properties available for rent from other websites. They can also re-list estates and homes that are not actually for rent.

  • Be suspicious of below-market rates for rentals or 50% discount offers.
  • Scammers may pose as the owner or booking agency, or they can even use a known online service provider for vacation rentals. Even homeowners can find their properties listed without their knowledge.
  • Don’t browse through suspicious websites or access any limited-time offer you receive in your Inbox.
  • Pay attention to the payment method. If you’re receiving a link asking you to pay in Bitcoin or even wire the money, look for a booking elsewhere.

Spring break’s not cancelled for cyber criminals

Scammers and cyber criminals do their homework. They are on top of all the comings and goings on social media, and they keep track of changes taking place worldwide. As such, we expect an increase in swindles that focus on the health crisis that has fallen upon us. What should you expect?

  • Scammers may try to fool you or an unsuspecting family member to wire money, or send goods or vouchers to a child or grandchild who is either on vacation or not able to get back home due to last-minute changes in their schedule.
  • Criminals impersonating a family member may take advantage of the recent Coronavirus outbreak and either call, text or email you.
  • They will blame a bad connection for the call static and pretend an urgent situation arose while travelling.  
  • On top of medical problems, criminals may also refer to traffic accidents and legal troubles in their schemes.

Don’t let your guard down, and be aware of the red flags:

  • Hidden phone numbers or unknown caller IDs 
  • Suspicious messages received via SMS or other social media platform 
  • Emails tagged urgent that seem to be from a family member

If you know that your child or loved one is travelling, and received a distress message, take a deep breath and analyze the situation before wiring money or sending any goods. Try contacting your family member to avoid becoming another victim of scammers. Your time and money should be focused on the wellbeing of your household, and not wasted for the gain of fraudsters. Stay Safe!

Posts navigation

1 2 3 4 5 6
Scroll to top