Informational Security Updates
A new phishing campaign on Instagram attempts to alarm its targets by sending what appears to be an official copyright infringement notice from Instagram, stating that the user's account will be suspended unless the user follows the link in the email to fill out a "copyright objection form." https://www.bleepingcomputer.com/news/security/instagram-phishing-attack-baits-with-copyright-infringement-note/
Security researchers have identified 24 Android apps delivering the recently-discovered Joker Trojan. As we've previously reported, Joker made its way onto Google Play as early as June, and it exfiltrates data while signing victims up for premium subscriptions.
The list of affected apps can be found here: https://hotforsecurity.bitdefender.com/blog/if-you-have-any-of-these-24-android-apps-installed-delete-them-now-21514.html
During the 2018-19 academic year, UNI Information Security facilitated several phishing education campaigns. By all accounts, these were highly successful and resulted in a heightened awareness of criminal phishing attacks that are seen daily. We are pleased to have been allocated funding to continue this effort during the 2019-20 academic year. Simulated but realistic phishing messages will be sent to faculty and staff at several key times during the upcoming year. Individuals that follow the embedded links will receive immediate feedback including identification of clues within the simulated phish that could identify it as such.
Hy-Vee Issues Warning to Customers After Discovering Point-of-Sale Breach
UPDATE: Hy-Vee now has a page that provides dates and locations that were affected by this breach. Visit https://www.hy-vee.com/paymentcardincident/ to check for dates and locations when your card information may have been stolen.
Though the firm cannot cite specific locations in which its point-of-sale (PoS) systems were affected due to an ongoing investigation, supermarket chain Hy-Vee notified its customers this week that a security breach occurred on certain systems. Thus far, it's believed that transactions at "Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers)" may be vulnerable to hackers. A spokesperson said, "We believe the actions we have taken stopped the unauthorized activity on our payment processing systems."
Registers in Hy-Vee grocery stores utilize a different system and are reportedly not affected in the same way as those in the auxiliary enterprises. More information is available on the Hy-Vee site at https://www.hy-vee.com/corporate/news-events/announcements/notice-of-payment-card-data-incident/
It has been recently disclosed that Apple Remote Management can be attacked to generate a reflective denial of service attack against any arbitrary internet host. To prevent unwitting participation by UNI resources in these denial of service attacks, a temporary block of network traffic to this service has been put in place at the campus border. Campus users who are using Apple Remote Desktop from home to access their on-campus Apple workstations should request VPN access via the SRS system as a workaround until Apple corrects the issue. Contact the Service Desk for help with SRS requests.
A recent phishing scam says you won $2.5M for using Google's services. You didn't, so don't fall for this scam that's trying to steal your personal information.
A new phishing scam is offering Gmail users a prize of $2.5 million as a thank you gift for using Google services. To add legitimacy to the message, the phishers state that the message was sent by a Managing Director on behalf of Google CEO, Larry Page.
Attached to the email is a form entitled "Official Winning Letter by Google and mastercard visa 2019.pdf" stating that the recipient won a Google Visa/MasterCard (GVMC) Award with a cash prize of the aforementioned amount. Recipients are encouraged to fill out the claims form and send it back in order to receive the prize. The document states that the recipient will receive additional emails after the scammers get the claims form, which will most likely be requests for more personal information.
A Trend Micro fraud researcher discovered a new tech support scam that uses iframes and browser-specific popups to trap its victims, making this scam relatively more sophisticated than other scams of its kind. Details on this scam are available at https://www.bleepingcomputer.com/news/security/tech-support-scammers-freeze-browsers-using-iframes/
It is very easy to find any information you need in today’s connected world. Have you ever Googled yourself to see what information about you is online? A search can often provide your address history, phone number, age, birthdate, employment information, public records, and social media accounts. Consider what can be done with Personally Identifiable Information (PII) from the perspective of a cyber criminal looking to commit identity theft or other crimes. Read more at https://www.cisecurity.org/newsletter/share-your-information-with-care/
Mobile devices, such as smartphones, smart watches, and tablets, continue to advance and innovate at an astonishing rate. As a result, some people replace their mobile devices as frequently as every year. Unfortunately, people often do not realize how much personal data is on these devices. See the latest OUCH! newsletter from SANS for assistance in this sometimes overlooked task.
As people seek to file their tax returns this year, cybercriminals will be busy trying to take advantage of this with a variety of scams. Citizens may learn they are victims only after having a legitimate tax return rejected because scammers already fraudulently filed taxes in their name. Read more at the Center for Internet Security.