Author name: snapinhipaa

February 9, 2018 The FBI has spent the past few months investigating reports of Internet Crime Complaint Center phishing scams. IC3 has been impersonated in several campaigns that attempt to convince people to reveal sensitive information that can be used to drain bank accounts and steal identities. The FBI has recognized 3 electronic mail templates …

FBI Issues Alert About Internet Crime Complaint Center Phishing Cheats Read More »

March 26, 2018 The 2018 Malware Review from security awareness and anti-phishing solution provider Cofense (Formerly PhishMe) looks at malware trends over the past 12 months and makes predictions about malware delivery and attack trends in 2018. The 2018 Cofense Malware Analysis, named A Look Backward and a Look Ahead, was composed after evaluating millions …

Cofense Statement Discloses Latest Malware Distribution and Attack Trends Read More »

April 23, 2018 The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is, therefore, no surprise that scammers have taken advantage …

KnowBe4 Issues Warning About Bogus Active Shooter Phishing Emails Read More »

May 17, 2018 A new variant of August Stealer – named Vega Stealer – is being distributed in small phishing campaigns targeting marketing, advertising, and PR firms and the retail and manufacturing industries. While the campaigns are highly targeted, the malware could potentially be used in much more widespread campaigns and become a major threat. …

Vega Stealer Malware Gathering Identifications from Web Browsers Read More »

A new banking Trojan – MnuBot – has been detected by IBM X-Force researchers which uses an unusual method of communication. Instead of using a command and control server like most other malware families, MnuBot uses Microsoft SQL Server to receive its initial configuration and for communication. The MnuBot banking Trojan is being utilized in …

Mnubot Banking Trojan Utilized Attacks on Brazilian Companies Read More »

June 21, 2018 More than 400 models of Axis Communications’ security cameras contain vulnerabilities that could be exploited by malicious actors to intercept and view camera footage, take full control of the cameras, or disable them entirely. The safety cameras are used by several companies, including industrial businesses, banks, and guesthouses. The weaknesses were found …

Over 400 Models of Axis Communications Cameras Vulnerable to Distant Attacks Read More »

June 29, 2018 A recently disclosed vulnerability in the WordPress CMS Core could be exploited to escalate privileges, remotely execute code, and take full control of a WordPress site. The weakness was found by safety scientists at RIPS Technologies who informed the fault to WordPress in November 2017. The WordPress team verified that the fault …

WordPress Vulnerability Lets Full Site Takeover Read More »

July 22, 2018 The city of Cincinnati has taken steps to improve response times of the emergency services in the wake of a tragic incident that resulted in the death of a 16-year old student at Seven Hills School. On April 10, Kyle Plush became surrounded under the back seat of his Honda Odyssey. He …

Cincinnati Implements Smart911 Facility to Improve Emergency Response Times Read More »

July 28, 2018 One more side-channel vulnerability has been found that could be abused in a Spectre-Class attack. This attack method is not stopped by previous patches that tackle the original Spectre flaws. The weakness was identified by scientists at the University of California, Riverside (UCR), which recently published particulars of the attack method which …

New Spectre-Class Attack Found by UCR Researchers Read More »

August 18, 2018 Multi-factor certification can assist to safeguard accounts and defend against phishing attacks. If an accurate username and password combo is obtained, without the second factor (e.g. SMS message, token, appliance, or electronic mail address) the account can’t be retrieved. As the lately discovered data breach at Reddit showed, multi-factor certification is not …

Multi-Factor Certification Fail: Single MFA Token Used to Gain Access to All Accounts Read More »