Netflix returns this week in our Scam of the Week section. No real surprises here. According to IT Security Guru, “You may get an email that has the official Netflix logo on it which would say that your payment for the month was not able to go through because of some problem with your bank. The email would then go on to say that if you don’t log in and check your payment details you could potentially end up losing access to your account. Needless to say, when you click the link and log in you will end up giving your account details away to someone that would use them for malicious purposes.”
Popular Phishing Scams
From Get Alexio, here are 8 scams you can expect to see this holiday season:
- Fake shipping notifications
- Letters from the North Pole
- Fake confirmations
- Lookalike websites (aka phishing websites)
- Bogus charities
- Social media gift exchanges
- Family emergency scams
- Phone e-cards
Phishing Phrontier
Ransomware is hard enough to deal with when it operates out in the open. Now a report from Nytron Security details a new ransomware “technique that allows ransomware to encrypt files on Windows-based systems without being detected by existing anti-ransomware products.”
According to an article from Security Week, “the technique allows malware to bypass defenses using the legacy file system ‘rename’ operation, and the security researchers say it is effective even against systems that are timely patched and run modern antivirus solutions.” What a headache.
Dexphot Malware Attack
The most sophisticated attacks today are those that combine several techniques in a single attack. This way, if there’s even one weakness in the defense, the attack will find and exploit it. Such is the idea behind the Dexphot Malware variant.
According to Security Week, “Malware that Microsoft has been tracking for over a year has been leveraging numerous techniques for evasion, including
- random file names,
- fileless installation, and
- polymorphism.
Microsoft, which calls the malware Dexphot, noticed that it attempted to deploy files that changed two or three times per hour. Targeting thousands of devices, the polymorphic malware was running code directly in memory and hijacking legitimate system processes to evade detection.” You’ll do well to keep this malware off your computer.
Body Count
What a great day to be criminal in New York City. As a criminal, one of the things you fear is leaving your fingerprints behind at the crime scene. But criminals in New York don’t have to worry about that right now because the “The New York City Police Department’s fingerprint database was hit with ransomware, due to the lack of a proper email security solution” according to SC Magazine.
As things turned out, the crooks only had a few hours reprieve, because “the fingerprint system was shut down for several hours and the city reinstalled the software on about 200 computers to ensure they were safe.” You missed your chance.
Elasticsearh Data Exposed
We’re no longer surprised when data on thousands of people are exposed on the Internet. Lately, we’re no longer surprised when data on millions of people are exposed on the Internet. But, we are shocked when the number hits a billion, as it did last week when “an exposed Elasticsearch server was found to contain data on more than 1.2 billion people.”
According to an article on Security Week, “The server was accessible without authentication and it contained 4 billion user accounts, spanning more than 4 terabytes of data. Analysis of the data revealed that it pertained to over 1.2 billion unique individuals and that it included names, email addresses, phone numbers, and LinkedIn and Facebook profile information.”
And that’s the week that was.