CIO Update: 5/22/18

Hackers and virus writers are always trying new ways to steal your personal information by installing malware without your content. Here is a list of latest emails they are utilizing to access your computer.

One more thing to be aware; Be on the lookout for a new Apple-flavored email phishing Scam of the Week. New European data privacy regulation is going into effect this week. It’s called General Data Protection Regulation (GDPR), and bad guys are using it as bait in a variety of ways. This scam looks like it is from Apple and claims that if you do not take action, your account will be “restricted.” But in reality, they steal your identity and credit card information.

And then there is the royal wedding. It’s a scammer’s dream, so be very careful. Only go to trusted websites to get information and news about it.

Do not click on links in emails, or social media links related to the royal wedding or open suspicious attachments that claim any problem with “GDPR.”
 

Email Subjects

  • “Account Activity” – Cobalt Gang Malicious
  • “Verification Required” – SWIFT Themed Phishing
  • “get papers-490749” & “Sent papers-551305” – TrickBot Phishing
  • “Action Needed!” – Swift Themed Phishing
  • “View document” & “See Attached” – Malicious SLK Attachments
  • “FedEx Tracking” – FedEx Themed Phishing
  • “View document” & “See Attached” – Malicious SLK Attachments
  • “Payroll Report” – Office 365 Emotet Phishing
  • “Please Review” – DocuSign Themed Phishing
  • Bank of America Themed Phishing
  • Office 365 Themed Credential Harvesting Phishing
  • “Last Reminder on Your Membership/Card Service. “Important Message Alert”.” AMEX Themed Phishing
  • “New documents available for download” Phishing
  • Paypal-Themed Credential Harvesting Phishing SMS
  • DBS Themed Phishing
  • “AL JABER GROUP” – RFQ Themed Malspam
  • “WU CANCELLATION REPORT” – Western Union Themed Phishing
  • “Please Review” Federal Reserve via DocuSign – Phishing
  • “Re: Request” – Social Engineering Attempt
  • “Re-Order PO16002168” – Malspam

 

Programs

  • Java “Security” Vulnerability
  • Microsoft Office for Mac Multiple Vulnerabilities
  • Twitter users are urged to change your passwords – Learn More
  • Microsoft has fixed more than 60 vulnerabilities with its May 2018 Patch Tuesday updates, including two Windows zero-day flaws that can be exploited for remote code execution and privilege escalation – Learn More
  • Adobe has patched several vulnerabilities
  • Google Chrome Multiple Vulnerabilities
  • Adobe Photoshop CC Out-Of-Bounds Write Memory Access Vulnerability
  • Adobe Reader / Acrobat Multiple Vulnerabilities
  • Updates released on Monday by Adobe for its Acrobat, Reader and Photoshop products patch nearly 50 vulnerabilities, including a remote code execution flaw that has been exploited in the wild
  • Facebook has suspended 200 applications over data misuse – Learn More
  • Red Hat version of Linux 6 and 7 have discovered an exploit to gain root access and full control over a user’s computer – Learn More