FBI Warns of 63 Spoofed Domains Impersonating the US Census Bureau

Cybercriminals register fake US Census Bureau domains to dupe unsuspecting citizens to provide personal information and install malware, the FBI warns.

In a flash alert published in coordination with the federal government statistical agency, the FBI notes that they have observed around 63 domains impersonating the US Census Bureau.

Partial list of suspicious domains impersonating the US Census Bureau

“Spoofed domains (aka typosquatting) mimic legitimate domains by either altering character(s) within the domain or associating another domain with similar characteristics to the legitimate domain, such as ‘Censusburea[.]com’ or “census-gov[.]us’,” the FBI said.

Although the Census Bureau is working hard to disable these spoofed domains, the alert emphasized the dangers of accessing look-alike websites. Threat actors will “attempt to exploit respondents and users of the data for financial gain and other nefarious purposes,” such as harvesting usernames, passwords, email addresses and spread malware.

“As part of the US government’s facilities sector, the Census Bureau remains a target for both criminal and nationstate actors aiming to negatively affect the US Government and create distrust among US citizens,” the FBI added.

The warning also provides a list of recommended mitigations to help users and businesses fend off malicious activity:

• Pay close attention to the spelling of websites you access
• Regularly patch operating systems and software
• Make sure that the SSL (Secure Sockets Layer) certificate is present, and the top-level domain for the website is “.gov”
• Keep security solutions up to date on all devices
• Use two-factor or multi-factor authentication where possible
• Audit networks and systems for unauthorized remote communication
• Disable or remove unneeded software, protocols, macros, and portals

Last but not least, report any suspicious activity to your local FBI field office or Internet Crime Complaint Center (IC3).

Albion Online gamers told to change passwords following forum hack

Albion Online gamers told to change passwords following forum hack

  • Hacker exploited forum vulnerability, and offered stolen database for sale
  • Players advised to change their passwords

Sandbox Interactive, the developers of the free medieval fantasy video game Albion Online, have warned players that a hacker managed to break into its systems and gain access to its user database.

In a post on the Albion Online forum, players were advised that a hacker was able to exploit a vulnerability to gain access to the forum’s user database.

Exposed data included players’ email addresses, as well as passwords that had been salted and hashed with bcrypt.

At the very least this means that the hacker now has in their hands a list of Albion Online users’ email addresses – information which could be exploited in phishing and social engineering attacks in an attempt to trick players into handing over more information.

However, if some players chose weak passwords for their Albion Online forum account (which, lets face it, is hardly unlikely) then they might still be singled-out by a determined hacker.

If a hacker was able to correctly determine a user’s forum password it can also be used to play the Albion Online game itself. But more worryingly, it might be put to malicious use if the player has made the mistake of reusing the same password elsewhere on the internet.

The confirmation by Sandbox Interactive of a security breach came at approximately the same time that it was reported a hacker was offering the Albion Online database for sale on a hacking forum.

Sandbox Interactive is recommending that affected users can update their password via the Albion Online website. My advice would be for affected Albion Online players to do so, but also to ensure that they choose a strong, complex password and that they are not reusing passwords anywhere else on the internet.

That’s good advice whether there has been a security breach or not. All passwords should be hard-to-crack, hard-to-guess, and unique.

The use a good password manager can help ensure that passwords are being chosen sensibly rather than dreamt up by the human brain, and that unique, sensible and secure choices are made.

Albion Online says that it is contacting affected users via email. Of course, a malicious hacker might be contacting affected users at the same time – using the stolen email address list – so please be on your guard.

According to Sandbox Interactive, the vulnerability used by the hacker to access the sensitive data from the Albion Online forum has been patched, and a full security review is under way.

Rapper Who Bragged About Defrauding US CARES Act Program Could Face Up to 22 Years in Prison

A rapper who bragged about fleecing the US Pandemic Unemployment Assistance (PUA) on YouTube was arrested for allegedly defrauding the government of $1.2 million in benefits, the Department of Justice (DOJ) disclosed on Friday.

According to a press release, Fontrell Antonio Baines, AKA “Nuke Bizzle,” is accused of fraudulently applied for unemployment benefits using the stolen identities of multiple individuals.

“Baines possessed and used debit cards pre-loaded with unemployment benefits administered by the California Employment Development Department (EDD),” the DOJ said.

“The debit cards were issued in the names of third-parties, including identity theft victims. The applications for these debit cards listed addresses to which Baines had access in Beverly Hills and Koreatown.”

During the investigation, the DOJ discovered 92 debit cards totaling over $1.2 million in illegally obtained benefits, including $704,000 that was withdrawn and used to purchase merchandise and services.

Baines added fuel to the flames when he bragged about his new-found fortune in a music video posted on YouTube and two of his Instagram accounts.

“For example, Baines appears in a music video called “EDD” in which he boasts about doing “my swagger for EDD” and, holding up a stack of envelopes from EDD, getting rich by ’go[ing] to the bank with a stack of these‘ – presumably a reference to the debit cards that come in the mail,” the DOJ added.

Baines is charged with access device fraud, aggravated identity theft, and interstate transportation of stolen property. If found guilty, he could face a maximum sentence of 22 years in federal prison.

BBB Warns of Health Insurance Open Enrollment Scams

With health insurance open enrollment season just around the corner, US consumers preparing to change or add to their health coverage should watch out for scammers, the Better Business Bureau (BBB) warns.

According to the consumer protection organization, fraudsters call unsuspecting citizens and pose as official Medicare agents or “health care benefits advocates.”

During the phone call, these so-called agents will try to “sell” you a better Medicare program by offering the same benefits at a lower price.
What do you need to do? Provide your personal information alongside your Medicare ID number, and you’re all set.

To assure success, some scammers deploy petty scare tactics by insisting that your health insurance will be canceled unless you re-enroll. The advisor also provides a quick fix – share your personal information, and you will be set up with a renewed health insurance plan.

By offering your Medicare ID number and additional personal identifiable information, consumers may fall victim to identity theft.

How to protect against open enrollment scams

A seasoned fraudster can be very convincing, both in person and over the phone. However, you can safeguard your personal and financial information by paying attention to the most common red flags:

• Unsolicited emails or phone calls from individuals representing Medicare or ACA (Affordable Care Act) that ask for personal information. Usually, individuals already enrolled in a health insurance plan will not be contacted by Medicare advisors

• Professional health insurance providers will not threaten or seek to scare you into registering for specific health insurance plans

• Refuse any promotional gifts or free health screenings in exchange for your personal information

• Never provide your Medicare ID number, Social Security number, health plan details, or financial information by phone or email to unverified individuals

• When in doubt, hang up the phone and visit the official website of your health insurance provider for guidance

Having Saved Credit Card Details in Plaintext Since 2015, British Airways Is Fined £20 Million

Having Saved Credit Card Details in Plaintext Since 2015, British Airways Is Fined £20 Million

  • British Airways broke data protection laws, and failed to detect attack for more than two months
  • Sensitive information left exposed with no encryption

British Airways has been fined £20 million (US $26 million) following a data breach which saw its systems hacked and the personal and payment card information of 400,000 customers stolen.

It’s the biggest fine ever handed out by the UK’s Information Commissioner’s Office (ICO), which – by comparison – smacked Facebook’s wrist for a mere £500,000 over the Cambridge Analytica scandal.

But many will consider that British Airways got away lightly, having initially faced a £183 million ICO fine over the breach which occurred in 2018.

British Airways’ fine may be the biggest on record, but it’s still a 90% drop from what it could have been.

Announcing the final penalty, the ICO explained that it had taken into account representations from British Airways and “the economic impact of COVID-19 on their business.”

Reading between the lines, if British Airways’ fortunes hadn’t been hit so hard by the global pandemic then the fine it would have been walloped for its enormous security failure.

And British Airways’ failure was monumental.

Amongst the airline’s blunders identified by the ICO’s redacted report on the incident included:

  • a failure to enforce the use of multi-factor authentication (MFA) on accounts that provided remote access to British Airways’ internal systems.
  • a failure to prevent the exploitation of a Citrix vulnerability that allowed the attacker to launch unauthorised tools and scripts to conduct network reconnaissance.
  • the storage of login details (username and password) for a privileged domain administrator account in plaintext, giving the attacker “virtually unrestricted access to the relevant compromised domain.”

And perhaps most astonishingly of all, British Airways recklessly stored customers’ payment card details – including CVV numbers – as plaintext files.

Approximately 108,000 payment cards were available to the attacker because the data had been stored by British Airways with no encryption whatsoever.

This security breach, alongside the planting of malicious Magecart skimming code on the airline’s payment webpage which stole the personal and payment card details of hundreds of thousands of travellers as they made bookings via BA’s website and mobile app, leads ultimately to today’s record fine.

Yes, £20 million is nothing like as big as the £183 million fine that British Airways was originally facing. But it’s still the largest fine ever meted out for a data breach in the UK, and will hopefully go some way to make other companies put more effort into securing their systems better.

Credit Card Details of 3 Million Dickey’s BBQ Customers Up for Sale on Dark Web Marketplace

Bad actors are selling access to 3 million Dickey’s Barbecue Pit customer credit cards, cyber-security researchers disclosed earlier this week.

On October 12, the dark web marketplace known as Joker’s Stash uploaded a collection of millions of compromised credit cards, most of them belonging to US-based customers.

According to Gemini Advisory researchers, who analyzed the data, the data appears to have originated from compromised point-of-sale (POS) systems used at Dickey’s restaurants.

A Gemini analysis indicates that 156 out of 456 current Dickey’s Barbecue Pit locations were compromised in the breach. Specifically, locations across 30 states, “with the highest exposure in California and Arizona.”

“Gemini sources have also determined that the payment transactions were processed via the outdated magstripe method, which is prone to malware attacks,” the report said. “It remains unclear if the affected restaurants were using outdated terminals or if the EMV terminals were misconfigured; either of these possibilities may hold serious liability for Dickey’s.”

The company also established the exposure window between July 2019 and August 2020, giving cybercriminals 10 months to steal payment records.
While Dickey’s has yet to release an official report, the company said it has started an investigation with the FBI.

“We received a report indicating that a payment card security incident may have occurred,” Dickey’s said. “We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway.

“We are currently focused on determining the locations affected and time frames involved,” the company added. “We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks.”

Zoom Is Finally Testing Full End-to-End Encryption

Zoom finally announced that it’s starting to roll out end-to-end encryption (E2EE) for all users, marking a significant change in the security deployment of one of the most famous video-conferencing apps.

The Zoom platform has had its share of problems amid its rise to fame, mostly due to the coronavirus pandemic. Because the company allowed users without premium accounts to join and use the platform, the number of people on the platform increased substantially.

This generated unintended side effects, as security researchers started to scrutinize the platform. They found numerous vulnerabilities and discovered that the company is not really encrypting conversations as they were claiming, or least not by using an industry standard.

“Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days,” said Max Krohn, head of security and engineering at the company. “Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

For now, only a handful of people will benefit from the Zoom features, but the encryptions should make their way to the general public soon.

Zoom has made some progress in recent months, dealing with malevolent users entering open meetings and abusing participants and to more zero-day severe vulnerabilities, some of which threat actors used in the wild.

Beware COVID-19 Charity Fraudsters, Warns the FBI

Scammers have no qualms about exploiting the pandemic to steal from the unwary

Don’t just look out for yourself, warn vulnerable friends and family of scams too

From the as-if-you-didn’t-have-enough-to-worry-about-in-2020 department, the FBI has warned that scammers are attempting to defraud the public by exploiting the COVID-19 pandemic.

Scams can, of course, arrive via all manner of routes – face-to-face on the doorstep, via phone calls or text message, but it’s even easier for fraudsters to target a larger pool of victims by making their initial contact via email or social media.

And with so many people more reliant than ever on the internet for staying in touch with friends, family, and work colleagues, there’s danger that more people than ever before are being exposed to the risk of being scammed.

And what better lure might there be than by exploiting an individual’s anxiety about the Coronavirus? Or plucking on heartstrings through an emotional appeal to help others who might have had their lives turned upside down by the pandemic?

As early as April 2020, the UK’s National Computer Security Center (NCSC) revealed that in just a one month period they had taken down more than 2,000 online scams related to the Coronavirus pandemic.

That statistic included hundreds of fake online shops selling masks, hand sanitiser, and other fraudulent items. In addition, 555 malicious Coronavirus-related webpages had been found designed to distribute malware, and 200 phishing pages attempting to steal passwords, payment card details, and other personal information.

And, most common of all, over 800 online scams related to advance-fee fraud scams which claimed to offer large windfalls if a setup payment was made.

Here’s an example of one Covid-19 charity scam, first spotted by Bitdefender’s Liviu Arsene earlier this year:

Part of the email reads:

Help rush life-saving medical care to families an children in China, neighboring countries and beyond. Your girt will ensure that these vulnerable individuals receive coronavirus vaccines to the medical services they desperately need.

The email goes on to ask for a Bitcoin payment to be made to “contribute towards this noble cause.”

There’s a simple way to help you and your loved ones spot the tell-tale signs that something may be a scam: apply the simple SCAM test:

S – seems to be too good to be true.

C – contacted out of the blue.

A – asked for personal details.

M – money is requested.

To be honest, I’m not too worried about you falling for one of the Coronavirus-related charity scams. You’re reading the Hot for Security blog, so you’re already demonstrating much more security savviness than the typical internet user.

But you may have vulnerable friends and family who could be tricked by a convincing scammer to donate money, or hand over personal information, in the belief that they were doing good or going to benefit personally.

For their sake, get clued up about the scam techniques used by fraudsters and help educate them to spot threats for themselves.

Because sick-minded scammers themselves have no qualms about taking advantage of the most vulnerable, and exploiting the biggest global health crisis of our lifetime.

For more tips on how to protect yourself against scams and charity fraud, check out the tips from the FBI.

Law Firm Seyfarth Shaw Hit by Apparent Ransomware Attack

Seyfarth Shaw fell victim to a crippling malware attack over the weekend, the global law firm disclosed earlier this week.

According to an official statement, unauthorized activity was detected by the company’s monitoring systems on Saturday.

“On Saturday, October 10, 2020, Seyfarth was the victim of a sophisticated and aggressive malware attack that appears to be ransomware,” the company said. “We understand that a number of other entities were simultaneously hit with this same attack. Our monitoring systems detected the unauthorized activity, and our IT team acted quickly to prevent its spread and protect our systems.”

Although Seyfarth stressed that it found no evidence that client or internal data was removed or accessed, many computer systems were encrypted, forcing the IT team to “shut them down as a precautionary measure.”

The latest update suggests the company has not been able to bring its systems back online. However, it is coordinating with the FBI to track down the culprits.

“Our team continues to work around the clock to resolve this incident,” Seyfarth said on October 13. “As reported earlier, we have found no evidence that any of our client or firm data was accessed or removed.”

Headquartered in Chicago, Illinois, the Am Law 100 firm serves more than 300 of the Fortune 500 companies with a fleet of over 900 lawyers spread across 18 offices worldwide.

Barnes & Noble Cyberattack May Have Exposed Personal Information of Shoppers

Barnes & Noble has fallen victim to a cyberattack, which resulted in unauthorized access to company networks and exposure of customer information, the bookstore giant disclosed earlier this week.

The attack also affected the entire NOOK system, and customers still can’t sync recent purchases to their e-readers or access e-book content on their devices.

The systems outage began on October 10, and customers quickly turned to social media platforms inquiring about the sudden disappearance of their NOOK library.

“Hey, what gives? My app updated and now the 3 books I paid for have still not come in for days, there’s no updated info on the website,” one customer said in a tweet.

Unfortunately, NOOK servers are still down, and the bookseller has yet to say when the issue will be fixed.

“We are continuing to experience a systems failure that is interrupting NOOK content,” reads an alert posted by the company. “We are working urgently to get all NOOK services back to full operation.”

The attack did more than cripple Barns & Noble corporate network. According to a notice sent to customers, the security incident may have exposed email addresses, billing, shipping information and telephone numbers of shoppers.

“Firstly, to reassure you, there has been no compromise of payment card or other such financial data,” the email reads. “These are encrypted and tokenized and not accessible. The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number.”

Although there is not enough evidence to suggest data exfiltration at this time, the possibility cannot be ruled out. If confirmed, the attackers could have also viewed customer transaction history, such as purchase information related to products purchased from Barnes & Noble online store.

Until further notice, shoppers are advised to look out for any unsolicited emails. Despite these drawbacks, the company expects that NOOK will soon be fully operational once their systems are back online.

“We expect NOOK to be fully operational shortly and will post an update once systems are restored. Thank you for your patience,” reads the latest update from October 14.

Posts navigation

1 2 3 4 66 67 68
Scroll to top