A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users’ account credentials. Cisco Webex is a video and team collaboration solution that helps users set up video conferences, webinars, online meetings, and share their screens with their colleagues and friends. The platform is currently facing an influx of new users due to the unusual remote working increase caused by the COVID-19 pandemic.
“Cybercriminals may take advantage of the current COVID-19 global pandemic for their own financial gain or other malicious motives,” OCR notes in a statement. With the increase in COVID-19-related malicious activity, OCR is encouraging HIPAA covered entities and business associates to review the resources. For example, OCR highlights materials from the National Security Agency that include criteria to consider when selecting an online collaboration tool as well as information on how to use these tools securely, especially as more employees work from home.
Three weeks after Google removed 49 Chrome extensions from its browser’s software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted – and some are still available to download. The dodgy add-ons masquerade as legit crypto-wallet extensions, and invite people to type in their credentials to access their digital money, but are totally unofficial, and designed to siphon off those login details to crooks.
In another underground forum post, an English-speaking threat actor known as “DoctorZempf” claimed to have found information by searching tax preparers’ trash dumpsters. Cybercriminals could use taxpayer information to steal identities and apply for a victim’s stimulus relief check. Other discarded data could allow threat actors to impersonate the tax preparers in a social engineering campaign against their customers.
A new book by Steven Sinofsky, the former head honcho of Office and Windows, details how early Office viruses, WM/Concept.A, Melissa, and ILOVEYOU, combined with Microsoft’s dominance at the time to shape its future and the worldwide PC market. According to Sinofsky, one of the main problems Microsoft faced in the early 2000s was that it had lost the trust of customers and lawmakers – and then ILOVEYOU struck inboxes on May 5, 2000.