Researchers see spike in “out of season” IRS-impersonating phishing attacks
Tax return scammers usually strike early in the year, when they can turn the personal information of victims into fraudulent tax refund claims. But members of Akamai's threat research team found a recent surge in "off-season" phishing attacks masquerading as notices from the Internal Revenue Service, targeting over 100,000 individuals. The attackers used at least 289 different domains hosting fake IRS websites—the majority of them legitimate sites that had been compromised.
Microsoft Warns Customers of DoppelPaymer Ransomware Threat
The Microsoft Security Response Center (MSRC) warned customers of the threat behind ongoing DoppelPaymer ransomware attacks and reminded them about misleading info on how it spreads. "There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads," MSRC Director of Incident Response Simon Pope says.
Linux Webmin Servers Being Attacked by New P2P Roboto Botnet
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months. 360 Netlab's researchers were able to capture the botnet's bot and downloader modules, with P2P control and vulnerability scanner modules also in use but not retrieved and analyzed so far.
Registers as “Default Print Monitor”, but is malware. Meet DePriMon
DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name, that’s why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.
Disney+ security and service issues: Here’s what we know so far
Disney+, the new video-streaming service to rival Netflix and Amazon Prime, debuted last week to much fanfare, racking up 10 million subscribers within a single day of launch. Unfortunately, it wasn’t the kind of splash the majority of users predicted, as they were met with connection and performance issues out the gate—soon to be followed by reports of hacked accounts being stolen and sold on the dark web.
Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin
Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability that has existed since Jetpack 5.1. Jetpack is an extremely popular WordPress plugin that provides free security, performance, and site management features including site backups, secure logins, malware scanning, and brute-force attack protection.
High-Severity Windows UAC Flaw Enables Privilege Escalation
Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control (UAC), a security feature of Windows within Secure Desktop which helps prevent unauthorized changes to the operating system. By interacting with the user interface of UAC, an unprivileged attacker can use the bug to launch a highly-privileged web browser on the normal desktop – giving them the authority to install code and other malicious activities.
Deepfakes and LinkedIn: malign interference campaigns
Deepfakes haven’t quite lost the power to surprise, but given their wholesale media saturation in the last year or so, there’s a sneaking suspicion in some quarters that they may have missed the bus. When people throw a fake Boris Johnson or Jeremy Corbyn online these days, the response seems to be fairly split between “Wow, that’s funny” and barely even amused.
