Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

CISA and the NSA warned federal agencies that malicious hackers used legitimate remote monitoring and management software to execute scams.

The post Cybercriminals scam two federal agencies via remote desktop tool, CISA warns appeared first on CyberScoop.

Continue reading Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

State cybersecurity authorities issue warning over Hurricane Florence scams

As Hurricane Florence rips through North and South Carolina, scammers and hackers will very likely look to exploit the storm for financial gain or other malicious purposes, an inter-state cybersecurity organization has warned. Florence’s landfall — and the storms that follow — are expected to “propel the emergence of new and recycled scams involving financial fraud and malware,” the Multi-State Information Sharing and Analysis Center (MS-ISAC) said in an advisory Friday. Hurricane Florence made landfall in North Carolina Friday morning. Though downgraded to a Category 1 storm, Florence has brought flash flood warnings and already caused more than 600,000 power outages in North Carolina, according to the state’s department of public safety. In recent days there have been a marked increase in registered domains related to Hurricane Florence with words like “compensation” and “funds,” indicating possible fraud, MS-ISAC said. Thirteen domains associated with Florence were registered on Monday, and that number jumped […]

The post State cybersecurity authorities issue warning over Hurricane Florence scams appeared first on Cyberscoop.

Continue reading State cybersecurity authorities issue warning over Hurricane Florence scams

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert sent by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a “confusingly worded typed letter with occasional Chinese characters.” Continue reading State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

State threat-sharing center warns of multiple PHP vulnerabilities

A popular programming language contains multiple vulnerabilities, the worst of which could allow attackers to execute commands of their choice, according to a new advisory from the Multi-State Information Sharing and Analysis Center. The center said the vulnerabilities were a high risk to government organizations and businesses of all sizes. The vulnerabilities concern the Hypertext Preprocessor (PHP), an open-source script language for web development. “Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights,” warned the MS-ISAC, a threat-sharing center for state, local, tribal and territorial government agencies. The advisory urges users to upgrade to the newest PHP version immediately after testing, and to ensure that there haven’t been any unauthorized system changes before applying patches. Tom Kellermann, chief cybersecurity officer at cloud-security firm Carbon Black, said the PHP revelations were evidence of slack attention […]

The post State threat-sharing center warns of multiple PHP vulnerabilities appeared first on Cyberscoop.

Continue reading State threat-sharing center warns of multiple PHP vulnerabilities