This week, Doug White talks Plague surveillance coming soon, the US government is worried about cryptocurrency, dbags attack the HHS, and new attacks on Android phones! Jason Wood delivers the Expert Commentary on Coronavirus Phishing Scams!
Show Notes: https://wiki.securityweekly.com/SWNEpisode19
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)!
Show Notes: https://wiki.securityweekly.com/ASWEpisode100
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The recent outbreak of COVID-19 has affected peoples’ lives across the globe and has quickly swept through and impacted individuals, families, communities, and businesses around the world. At Trend Micro, our number one priority is to ensure that our employees and their families are as safe as possible, and our thoughts are with those who have been affected by the virus.
Our team has spent a great deal of time reviewing options to ensure both the continued protection of our customers and partners, as well as the physical safety of our employees. We realize this situation remains very dynamic, as information continues to change day-to-day, and as such we will continue to provide updates as we learn more, but in the meantime we remain committed to providing the superior service and support that our customers, partners and suppliers have come to expect of our company throughout this situation.
We know the critical role that Trend Micro plays in your organization to keep your company and employees protected. We have taken several measures to ensure that the COVID-19 crisis does not impact your experience with Trend Micro products or services.
Listed below are several actions that the team has taken to date to not only ensure that our employees are safe, but to continue to deliver business “as usual” during this time:
Safety of Employees
Our number one priority is the health and safety of our employees around the globe. To that measure, we have:
Continuity of Service
We are committed to ensuring that we continue to support the security needs of your organization, including but not limited to:
As an optimistic organization, we believe that because of this unfortunate situation, new ways to work together and incredible innovation will occur and will make us all stronger in the future.
As always, if you have any questions or concerns, please reach out to your local account representative or Trend Micro authorized support contact. We will continue to watch this situation closely, react accordingly and communicate any substantial changes with our customers and partners.
On behalf of everyone at Trend Micro, thank you for trusting us with your business. We wish health and safety to you and your families, employees, and customers.
Sincerely,
Kevin Simzer
Chief Operating Officer
Trend Micro Incorporated
The post A message from our COO regarding Trend Micro’s Customer commitment during the global Coronavirus Pandemic (COVID-19) appeared first on .
This week, Doug White brings you the Security Weekly News Wrap up, discussing Biting other passengers on EU flights, Everyone is going to telecommute, NSO argues with Facebook in court of phone bugging, the return of FIDO, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode18
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Gabe Gumbs, Chief Innovation Officer at Spirion, to discuss How attackers will change their strategy to target those working from home! In our second segment, we welcome Bianca Lewis, Founder, and CEO of Girls Who Hack, to discuss Girls Who Hack, teaching classes to middle school girls on hacking, and Secure Open Vote, open-source election system that is in the design stages! In the final segment, we air a pre-recorded interview with Dorit Naparstek, director of R&D at NanoLock Security, to discuss Hacks performed on connected & IoT devices, and revealing major vulnerabilities in existing security measures!
Show Notes: https://wiki.securityweekly.com/PSWEpisode643
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
So you suddenly have a lot of staff working remotely. Telework is not new and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely.
A Lot of New Teleworkers All At Once
This event can’t be treated like a quick rollout of an application: there are business, infrastructure, and customer security impacts. There will be an increase of work for help desks as new teleworkers wrestle with remote working.
Additionally, don’t compound the problem. There is advice circulating to reset all passwords for remote workers. This opens the door for increased social engineering to attempt to lure overworked help desk staff into doing password resets that don’t comply with policy. Set expectations for staff that policy must be complied with, and to expect some delays while the help desk is overloaded.
Business continuity issues will arise as limited planning for remote workers could max out VPN licenses, firewall capacity, and application timeouts as many people attempt to use the same apps through a narrower network pipe.
Help Staff Make A Secure Home Office
In the best of times, remote workers are often left to their own devices (pun intended) for securing their work at home experience. Home offices are already usually much less secure than corporate offices: weak routers, unmanaged PCs, and multiple users means home offices become an easier attack path into the enterprise.
It doesn’t make sense to have workers operate in a less secure environment in this context. Give them the necessary security tools and operational tools to do their business. Teleworkers, even with a company-issued device, are likely to work on multiple home devices. Make available enterprise licensed storage and sharing tools, so employees don’t have to resort to ‘sketchy’ or weak options when they exceed the limits for free storage on Dropbox or related services.
A Secure Web Gateway as a service is a useful option considering that teleworkers using a VPN will still likely be split tunneling (i.e. not going through corporate security devices when browsing to non-corporate sites, etc.), unlike when they are in the corporate office and all connections are sanitized. That is especially important in cases where a weak home router gets compromised and any exfiltration or other ‘phone home’ traffic from malware needs to be spotted.
A simple way to get this information out to employees is to add remote working security tips to any regularly occurring executive outreach.
Operational Issues
With a large majority of businesses switching to a work-from-home model with less emphasis on in-person meetings, we also anticipate that malicious actors will start to impersonate digital tools, such as ‘free’ remote conferencing services and other cloud computing software.
Having a policy on respecting telework privacy is a good preventative step to minimize the risk of this type of attack being successful. Remote workers may be concerned about their digital privacy when working from home, so any way to inform them about likely attack methods can help.
Any steps to prevent staff trying to evade security measures out of a concern over privacy are likely a good investment.
Crisis Specific Risks
During any major event or crisis, socially engineered attacks and phishing will increase. Human engineering means using any lever to make it a little bit easier for targets to click on a link.
We’re seeing targeted email attacks taking advantage of this. Some will likely use tactics such as attachments named “attached is your Work At Home Allowance Voucher,” spoofed corporate guidelines, or HR documents.
Sadly, we expect hospitals and local governments will see increased targeting by ransomware due the expectation that payouts are likelier during an emergency.
But Hang On – It Is Not All Bad News
The good news is that none of these attacks are new and we already have playbooks to defend against them. Give a reminder to all staff during this period to be more wary of phishing, but don’t overly depend on user education – back it up with security technology measures. Here are a few ways to do that.
|
|
The post Suddenly Teleworking, Securely appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the number of ways Operation Overtrap can infect or trap victims with its payload. Also, read about how to protect your personal identity data and money during tax-filing season.
Read on:
AWS Launches Bottlerocket, a Linux-based OS for Container Hosting
AWS has launched Bottlerocket, its own open-source operating system for running containers on both virtual machines and bare metal hosts. The new OS is a stripped-down Linux distribution that’s akin to projects like CoreOS’s now-defunct Container Linux and Google’s container-optimized OS. The project is launching in cooperation with several partners including Alcide, Armory, CrowdStrike, Datadog, New Relic, Sysdig, Tigera, Trend Micro and Waveworks.
Tax Scams – Everything You Need to Know to Keep Your Money and Data Safe
There are two things that cybercriminals are always on the hunt for: personal identity data and money. During the tax-filing season, both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds. This blog looks at the main threats out there and what you can do to stay safe.
March 2020 Patch Tuesday: Microsoft Fixes 115 Vulnerabilities, Adobe None
This week for March 2020 Patch Tuesday, Microsoft dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. The good news is that none of them are under active attack. Adobe seems to have skipped this Patch Tuesday and there’s no indication whether the customary security updates are just delayed or if there won’t be any in the coming days.
Trend Micro recently discovered a new campaign dubbed “Operation Overtrap” for the number of ways it can infect or trap victims with its payload. The campaign targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on Trend Micro’s telemetry, Operation Overtrap has been active since April 2019.
Hackers Are Working Harder to Make Phishing and Malware Look Legitimate
Even though the overall volume of malware dropped in 2019, phishing and business email compromise (BEC) went up sharply, according to Trend Micro’s 2019 Cloud App Security Roundup. The company blocked nearly 400,000 attempted BEC attacks in 2018, which is 271% more than the previous year and 35% more credential phishing attempts than in 2018.
Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)
Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers investigated its security impact– specifically, its potential use for remote code execution (RCE). Learn more about the Ghostcat vulnerability in this blog analysis.
10 Key Female Cybersecurity Leaders to Know in 2020
In celebration of Women’s History Month, the editors of Solutions Review shared the accomplishments of ten key female cybersecurity leaders in 2020. Trend Micro’s CEO Eva Chen made the list based on her numerous accomplishments in the cybersecurity industry.
Coronavirus Used in Spam, Malware, and Malicious Domains
The coronavirus disease (COVID-19) is being used as bait in email spam attacks on targets across the globe. As the number of cases continues to grow, campaigns using the virus as a lure will likewise increase. This has been observed by multiple entities, and researchers from Trend Micro have also seen a significant spike in the detection of the subject in email spam attacks.
Cookiethief Android Malware Uses Proxies to Hijack Your Facebook Account
A combination of new modifications to Android malware code has given rise to Trojans able to steal browser and app cookies from compromised devices. Researchers from Kaspersky said the new malware families, dubbed Cookiethief, use a combination of exploits to acquire root rights to an Android device and then to steal Facebook cookie data.
Nemty Ransomware Spreads via Love Letter Emails
Threat actors have been found distributing Nemty ransomware through a spam campaign using emails that pose as messages from lovers, according to a report by Malwarebytes and X-Force Iris researchers. Researchers from Trend Micro have also encountered the emails.
WordPress GDPR Plugin Vulnerable to Cross-Site Scripting Attacks
GDPR Cookie Consent, a WordPress plugin, inadvertently exposed websites to cross-site scripting (XSS) attacks through a vulnerability that affects versions 1.8.2 and below of the plugin. As disclosed in a report by NinTechNet, the vulnerability allowed privilege escalation. The plugin had over 700,000 active installations at the time of the exploit.
Analysis: Abuse of .NET Features for Compiling Malicious Programs
While the .NET framework is originally intended to help software engineers, cybercriminals have found a way to abuse its features to compile and execute malware on the fly. Recently, Trend Micro discovered several kinds of malware, such as LokiBot, utilizing this technique.
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.
Are you concerned about the security risks involved with filing your taxes online? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Operation Overtrap Targets Japanese Online Banking Users and Everything You Need to Know About Tax Scams appeared first on .
This week, we talk Enterprise News, to talk about Neustar's enhanced UltraDNS capabilities boast greater capacity, global reach, and security, WatchGuard acquires Panda Security to expand endpoint capabilities, Ping Identity launches two-hybrid IT-focused solution packages, and Fortinet updates FortiOS & launches next-gen firewall product! In our second segment, we welcome back Corey Thuen, Co-Founder and CEO of Gravwell, to discuss Secondary Consequences of Bad Pricing Models! In our final segment, we air two pre-recorded interviews from the RSA conference 2020, with Corey Bodzin of ExtraHop, and Todd Weller of Bandura!
Show Notes: https://wiki.securityweekly.com/ESWEpisode175
To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop
To find out more about Bandura Cyber, please email Todd.Weller@banduracyber.com
To learn more about ExtraHop, visit: https://securityweeky.com/extrahop
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, we discuss how we breakdown the categories in Information Security. We look at the major areas of Infosec and how they relate to your security programs and the vendors/technologies in each category. Our category breakdown will be used to label each segment we produce and allow subscribers to select categories of interest! In the Leadership and Communications segment, CISOs who leave after 2 years may not finish what they start, Most CISOs ready to move jobs if something better comes along, A New Framework for Executive Compensation, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode165
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Winn Schwartau for an interview. The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks - how to navigate compliance to promote security; for compliance folks - to expose them to the depth of research/knowledge/capabilities of the hacker community.
Show Notes: https://wiki.securityweekly.com/SCWEpisode20
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Microsoft starts disabling authentication, New ransomware called PwndLocker is out and about, and a secret-sharing app called Whisper is "the safest place on the internet. James Adams from Core Security, a Help Systems Company joins us today talking about "How to think and act like a hacker."
Show Notes: https://wiki.securityweekly.com/SWNEpisode17
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome David Sherry, Chief Information Security Officer at Princeton University, and Tara Schaufler, Information Security Awareness and Training Program Manager at Princeton University, to discuss Rapid Cultural Change of Security on the Princeton Campus! In the Leadership and Communications segment, Why 67% of companies fear they can't sustain privacy compliance, How Using An Old School Paper Planner Changed My Life, How to attract top talent in a competitive hiring market, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode163
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Guy Podjarny, Snyk's Founder and President! In the Application Security News, Revoking certain certificates on March 4 and Why 3 million Let s Encrypt certificates are being killed off today, Gandalf: An Intelligent, End-To-End Analytics Service for Safe Deployment in Large-Scale Cloud Infrastructure and slides, and CISOs Who Want a Seat at the DevOps Table Better Bring Value!
Show Notes: https://wiki.securityweekly.com/ASWEpisode99
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Containers provide a list of benefits to organizations that use them. They’re light, flexible, add consistency across the environment and operate in isolation.
However, security concerns prevent some organizations from employing containers. This is despite containers having an extra layer of security built in – they don’t run directly on the host OS.
To make containers even easier to manage, AWS released an open-source Linux-based operating system meant for hosting containers. While Bottlerocket AMIs are provided at no cost, standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.
Bottlerocket is purpose-built to run containers and improves security and resource utilization by only including the essential software to run containers, which improves resource utilization and reduces the attack surface compared to general-purpose OS’s.
At Trend Micro, we’re always focused on the security of our customers cloud environments. We’re proud to be a launch partner for AWS Bottlerocket, with our Smart Check component validated for the OS prior to the launch.
Why use additional security in cloud environments
While an OS specifically for containers that includes native security measures is a huge plus, there seems to be a larger question of why third-party security solutions are even needed in cloud environments. We often hear a misconception with cloud deployment that, since the cloud service provider has built in security, users don’t have to think about the security of their data.
That’s simply not accurate and leaves a false sense of security. (Pun intended.)
Yes – cloud providers like AWS build in security measures and have addressed common problems by adding built in security controls. BUT cloud environments operate with a shared responsibility model for security – meaning the provider secures the environment, and users are responsible for their instances and data hosted therein.
That’s for all cloud-based hosting, whether in containers, serverless or otherwise.
Why Smart Check in Bottlerocket matters
Smooth execution without security roadblocks
DevOps teams leverage containerized applications to deploy fast and don’t have time for separate security roadblocks. Smart Check is built for the DevOps community with real-time image scanning at any point in the pipeline to ensure insecure images aren’t deployed.
Vulnerability scanning before runtime
We have the largest vulnerability data set of any security vendor, which is used to scan images for known software flaws before they can be exploited at runtime. This not only includes known vendor vulnerabilities from the Zero Day Initiative (ZDI), but also vulnerability intelligence for bugs patched outside the ZDI program and open source vulnerability intelligence built in through our partnership with Snyk.
Flexible enough to fit with your pipeline
Container security needs to be as flexible as containers themselves. Smart Check has a simple admin process to implement role-based access rules and multiple concurrent scanning scenarios to fit your specific pipeline needs.
Through our partnership with AWS, Trend Micro is excited to help ensure customers can continue to execute on their portion of the shared responsibility model through container image scanning by validating that the Smart Check solution will be available for customers to run on Bottlerocket at launch.
More information can be found here: https://aws.amazon.com/bottlerocket/
If you are still interested in learning more, check out this AWS blog from Jeff Barr.
The post Smart Check Validated for New Bottlerocket OS appeared first on .
On March 3, 2020, the cyber division of Federal Bureau of Investigation (FBI) issued a private industry notification calling out Business Email Compromise (BEC) scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email services, are targeted by cyber criminals based on FBI complaint information since 2014. The scams are initiated through credential phishing attacks in order to compromise business email accounts and request or misdirect transfers of funds. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting the two cloud services. The popularity of Office 365 and G Suite has positioned themselves as attractive targets for cybercriminals.
Trend Micro Cloud App Security
is an API-based service protecting Microsoft® Office 365
, Google G Suite, Box, and Dropbox. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through Office 365 and G Suite’s built-in security.
In 2019, Trend Micro Cloud App Security caught 12.7 million high-risk email threats in addition to what Office 365 and Gmail security have blocked. Those threats include close to one million malware, 11.3 million phishing attempts, and 386,000 BEC attempts. The blocked threats include 4.8 million of credential phishing and 225,000 of ransomware. These are potential attacks that could result in an organization’s monetary, productivity, or even reputation losses.
Trend Micro started publishing its Cloud App Security threat report since 2018. For third year in a row, Trend Micro Cloud App Security is proven to provide effective protection for cloud email services. The following customer examples for different scenarios further show how Cloud App Security is protecting different organizations.
Customer examples: Additional detections after Office 365 built-in security (2019 data)
These five customers, ranging from 550 seats to 80K seats, are across different industries. All of them use E3, which includes basic security (Exchange Online Protection). This data shows the value of adding CAS to enhance Office 365 native security. For example, a transportation company with 80,000 Office 365 E3 users found an additional 16,000 malware, 510,000 malicious & phishing URLs and 27,000 BEC, all in 2019. With the average cost of a BEC attack at $75,000 each and the potential losses and costs to recover from credential phishing and ransomware attacks, Trend Micro Cloud App Security pays for itself very quickly.
Customer examples: Additional Detections after Office 365 Advanced Threat Protection (2019 data)
Customers using Office 365 Advanced Threat Protection (ATP) also need an additional layer of filtering as well. For example, an IT Services company with 10,000 users of E3 and ATP detected an additional 14,000 malware, 713,000 malicious and phishing URLs, and 6,000 BEC in 2019 with Trend Micro Cloud App Security.
Customer examples: Additional Detections after third-party email gateway (2019 data)
Many customers use a third-party email gateway to scan emails before they are delivered to their Office 365 environment. Despite these gateway deployments, many of the sneakiest and hardest to detect threats still slipped though. Plus, a gateway solution can’t detect internal email threats, which can originate from compromised devices or accounts within Office 365.
For example, a business with 120,000 Office 365 users with a third-party email gateway stopped an additional 27,000 malware, 195,000 malicious and phishing emails, and almost 6,000 BEC in 2019 with Trend Micro Cloud App Security.
Customer examples: Additional Detections after Gmail built-in security (2019 data)
*Trend Micro Cloud App Security supports Gmail starting April 2019.
For customer choosing G suite, Trend Micro Cloud App Security can provide additional protection as well. For example, a telecommunication company with 12,500 users blocked almost 8,000 high risk threats with Cloud App Security in just five months.
Email gateway or built-in security for cloud email services is no longer enough to protect organizations from email-based threats. Businesses, no matter the size, are at risk from a plethora of dangers that these kinds of threats pose. Organizations should consider a comprehensive multilayered security solution such as Trend Micro Cloud App Security. It supplements the included security features in email and collaboration platforms like Office 365 and G Suite.
Check out the Trend Micro Cloud App Security Report 2019 to get more details on the type of threats blocked by this product and common email attacks analyzed by Trend Micro Research in 2019.
The post Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security appeared first on .
Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.
There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.
Let’s take look at some of the main threats out there and what you can do to stay safe.
What do they want?
Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.
The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.
There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.
Look out for these scams
Here’s a round-up of the most popular tactics used by tax scammers today:
Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.
These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.
In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.
Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.
Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.
Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.
What to do
The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.
Here are a few other recommendations:
|
|
It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.
According to the IRS tax preparers should put the following internal controls in place:
|
|
How Trend Micro can help
Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.
Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:
|
|
To find out more, go to our Trend Micro Security website.
The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .
Hacker Movies, misinformation, and 70% of government employees felt they hadn't had adequate training in security. Doug White recaps the past week of all of the shows on the Security Weekly network!
Show Notes: https://wiki.securityweekly.com/SWNEpisode16
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Sean Metcalf, Founder and CTO at Trimarc, to discuss Azure AD & Office 365 Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory! In the second segment, we welcome Mark Cooper, President and Founder of PKI Solutions, to talk about how SHAKEN/STIR and PKI will end the global robocall problem! In the Security News, Shark Tank Star Corcoran Loses $400K in Email Scam, Backdoor malware is being spread through fake security certificate alerts, Venezuela Power outage knocked out part of the internet connectivity, Experts warn of mass scans for Apache Tomcat Ghostcat flaw, 4 essential things security experts do to protect their own data, and more!
Show Notes: https://wiki.securityweekly.com/PSWEpisode642
Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/shaken-stir-finally!-a-solution-to-caller-id-spoofing/a/d-id/1336285
Link to landing page with more info: https://www.pkisolutions.com/shakenstir/
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how the data of train commuters in the U.K. who were using the free Wi-Fi in Network Rail-managed stations was unintentionally leaked due to an unsecured Amazon Web Services (AWS) cloud storage. Also, read about how more than 200 million records containing property-related information on U.S. residents were exposed.
Read on:
Security Risks in Online Coding Platforms
As DevOps and cloud computing has gained popularity, developers are coding online more and more, but this traction has also raised the questions of whether online integrated development environments (IDEs) are secure. In this blog, learn about two popular cloud-based IDEs: AWS Cloud9 and Visual Studio Online.
Legal Services Giant Epiq Global Offline After Ransomware Attack
The company, which provides legal counsel and administration that counts banks, credit giants, and governments as customers, confirmed the attack hit on February 29. A source said the ransomware hit the organization’s entire fleet of computers across its 80 global offices.
Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
Trend Micro has conducted an analysis into the behavior of the Geost trojan by reverse engineering a sample of the malware. The trojan employed several layers of obfuscation, encryption, reflection, and injection of non-functional code segments that made it more difficult to reverse engineer. Read this blog for further analysis of Geost.
Trend Micro Cooperates with Japan International Cooperation Agency to Secure the Connected World
Trend Micro this week announced new initiatives designed to enhance collaboration with global law enforcement and developing nations through cybersecurity outreach, support and training. The first agreement is with the Japan International Cooperation Agency (JICA), a government agency responsible for providing overseas development aid and nurturing social economic growth in developing nations.
Data of U.K. Train Commuters Leak from Misconfigured AWS Cloud Storage
The data of train commuters in the U.K. who were using the free Wi-Fi in Network Rail-managed stations was unintentionally leaked due to an unsecured Amazon Web Services (AWS) cloud storage. Approximately 10,000 users were affected, and data thought to be exposed in the leak includes commuters’ travel habits, contact information such as email addresses, and dates of birth.
Critical Netgear Bug Impacts Flagship Nighthawk Router
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The warnings, posted Tuesday, also include two high-severity bugs impacting Nighthawk routers, 21 medium-severity flaws and one rated low.
FBI Working to ‘Burn Down’ Cyber Criminals’ Infrastructure
To thwart increasingly dangerous cyber criminals, law enforcement agents are working to “burn down their infrastructure” and take out the tools that allow them to carry out their devastating attacks, FBI Director Christopher Wray said this week. Unsophisticated cyber criminals now have the power to paralyze entire hospitals, businesses and police departments, Wray also said.
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
More than 200 million records containing a wide range of property-related information on U.S. residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data included personal and demographic information such as name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth and property-specific information.
How Human Security Investments Created a Global Culture of Accountability at ADP
Human security is what matters during a cybersecurity crisis, where skills and muscle memory can make the difference in make-or-break moments. Leaders and culture are the most important predictors of cyberattack outcomes, so it’s time to stop under-investing in human security.
Ransomware Attacks Prompt Tough Question for Local Officials: To Pay or Not to Pay?
There were at least 113 successful ransomware attacks on state and local governments last year, according to global cybersecurity company Emsisoft, and in each case, officials had to figure out how to respond. Read this article to find out how officials make the tough call.
Wondering how more than 200 million records were exposed without requiring any password or authentication? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: 10,000 Users Affected by Leak from Misconfigured AWS Cloud Storage and Massive U.S. Property and Demographic Database Exposes 200 Million Records appeared first on .
This week, we talk Enterprise News, to talk about CrowdStrike Falcon's expanded visibility protects workloads across all environments, SentinelOne launches container and cloud-native workload protection offering, Forcepoint's Tech Partnership with Amazon Web Services, Ping Identity Announces New Workforce and Customer Authentication Solutions for the Modern Digital Enterprise, and a whole lot more! In our second segment, we air two pre-recorded interviews from RSAC 2020 with Mike Nichols of Elastic and Tod Beardsley of Rapid7! In our final segment, we air two more pre-recorded interviews from RSAC 2020 with Dan DeCloss of PlexTrac and Corey Thuen of Gravwell!
Show Notes: https://wiki.securityweekly.com/ESWEpisode174
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Reflections on RSAC 2020, discussing the grand festival of infosec consumerism that is RSA Conference! Was it worth catching the Coronavirus? And if so, did you use a lime!? In the Security and Compliance News, Health compliance measures to improve pandemic recovery and reduce issues, World Bank pandemic awareness, Is coronavirus not the flu?, Dear passwords: Forget you. Here's what is going to protect us instead, Cyber insurance coverage reflects a changing threat landscape, and the greatest contest ever Privacy vs. Security!
Show Notes: https://wiki.securityweekly.com/SCWEpisode19
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Dan Petit, to discuss his upcoming 2-day workshop at InfoSec World 2020! The workshop is a "deep survey" into all things DevSecOps. In the Application Security News, CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020!
Show Notes: https://wiki.securityweekly.com/ASWEpisode98
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we're back from RSAC 2020 to talk Tesla files leaking, Shark Tank Judge gets back scam cash, Spotify accounts hacked?, and the Swiss Government is fed up and filing charges in the Crypto AG situation! Jason Wood delivers the Expert Commentary on Cyberattacks a Top Concern for Gov Workers.
Show Notes: https://wiki.securityweekly.com/SWNEpisode15
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
More than half of city and state employees in the United States are more concerned about cyberattacks than they are of other threats, a new study discovered.
Conducted by The Harris Poll on behalf of IBM, the survey shows that over 50% of city and state employees are more concerned about cyberattacks than natural disasters and terrorist attacks. Moreover, three in four government employees (73% of the respondents) are concerned about impending ransomware threats.
With over 100 cities across the U.S. reported as being hit with ransomware in 2019, the concern is not surprising. However, the survey suggests that ransomware attacks might be even more widespread, as 1 in 6 respondents admitted that their department was impacted.
Alarmingly though, despite the increase in the frequency of these attacks, only 38% of the surveyed government employees said they received general ransomware prevention training, and 52% said that budgets for managing cyberattacks haven’t seen an increase.
“The emerging ransomware epidemic in our cities highlights the need for cities to better prepare for cyber-attacks just as frequently as they prepare for natural disasters,” said Wendi Whitmore, VP of threat intelligence at IBM Security.
While 30% of the respondents believe their employer is not investing enough in prevention, 29% believe their employer is not taking the threat of a cyberattack seriously enough. More than 70% agreed that responses and support for cyberattacks should be on-par with those for natural disasters.
On the other hand, when asked about their ability to overcome cyberattacks, 66% said their employer is prepared, while 74% said they were confident in their own ability to recognize and prevent an attack.
“The data in this new study suggests local and state employees recognize the threat but demonstrate over confidence in their ability to react to and manage it. Meanwhile, cities and states across the country remain a ripe target for cybercriminals,” Whitmore also said.
The respondents also expressed concerns regarding the impending 2020 election in the U.S., with 63% admitting concern that a cyberattack could disrupt the process.
While half of them say they expect attacks in their community to increase in the following year, six in ten even expect for their workplace to be hit. Administrative offices, utilities and the board of elections were considered the most vulnerable.
Employees in education emerged as those less prepared to face a cyberattack, with 44% saying they did not receive basic cyber-security training, and 70% admitting to not receiving adequate training on how to respond to cyberattacks.
The survey was conducted online, from January 16 through February 3, 2020, among 690 employees who work for state or local government organizations in the United States. All respondents were adults over 18, employed full time or part time.
Related: Christmas Ransomware Attack Hit New York Airport Servers
Related: Ransomware Attack Hits Louisiana State Servers
Related: Massachusetts Electric Utility Hit by Ransomware
Copyright 2010 Respective Author at Infosec IslandThis week, live from RSAC 2020, we interview our very own Jeff Man! There are many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building where they worked was called "The Pit". Jeff Man sits with us for this segment to talk about, where he can, the history and events that transpired during his tenure with the NSA! In our second segment, Gabriel Gumbs and the Security Weekly crew discuss strategies for protecting your data. We will explore practical use-cases for needing to manage access and protect your data as it pertains to security and compliance. Protect what matters most! In the final segment, Paul, Matt, and Scott talk all new thoughts, ideas, and findings from the RSA Conference 2020!
Show Notes: https://wiki.securityweekly.com/PSWEpisode641
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/spirion for more information.
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly