CIO Update: 6/26/16

Hackers and virus writers are always trying new ways to steal your personal information by installing malware without your content. Here is a list of latest emails they are utilizing to access your computer.

 

Email Subjects

  • “2018 HIPAA Changes and Beyond” – Project Hook Phishing
  • “Aslan Neferler Tim” Resumes and Expands DDoS Activity Against Banks and Governments
  • “Scanned Invoice” – Invoice Themed Phishing
  • “Payment Invoice” – Phishing
  • “Black box attack” – Cobalt Gang Activity
  • “Wage and Income Transcript” – IRS Themed Hanictor/Emotet Malspam
  • “Reporting of Covered and Suspicious Transactions” – Phishing Email Containing Dyreza Trojan
  • “Your Checking Account” – BB&T themed Phishing
  • “IRS Wage and Income Transcript” – Emotet Phishing
  • “[BULK] WTF is this?! Explain?!” – Email with malicious zip file attachment
  • “Contest Winner” – Scam
  • “Wicked” – A New Variant of Mirai Botnet
  • Office 365 – Themed Credential Harvesting Phishing
  • “Important : Please update your company information” – Lloyds Bank-Themed Phishing
  • “Outstanding Amount £23,831.64” – TrickBot Phishing
  • “Operation Avarice”
  • “Secure Email Message” with Trickbot Trojan
  • “Unpaid Invoice” – FlawedAmmyy RAT Malspam
  • “Final Invoice” – Phishing
  • “Press release” Cobalt Gang Phishing Campaign
  • “Remittance Copy” – Phishing
  • “Lloyds Bank Secure Exchange: New Message Received” – Phishing
  • “Account Notification” – American Express Themed Phishing
  • “You have received new messages from HMRC” – HMRC themed Trickbot Phishing
  • “Alert: returned invoice” – Wells Fargo themed Phishing
  • “FW: Completed Final CD/HUD for review 25/05”
  • “FW: FINAL CD/HUD FOR REVIEW 25/05”
  • Fishbowl Themed Phishing
  • “Concerning a internship?” – Phishing
  • “2018 HIPAA Changes and Beyond” – Project Hook Phishing
  • Bimonthly Member Report #5 – Microsoft Office 365 (O365) Credential Harvesting Phishing Campaigns
  • “Reporting of Covered and Suspicious Transactions” – Phishing Email Containing Dyreza Trojan
  • “Your Checking Account” – BB&T Themed Phishing
  • Facebook “Contest Winner” – Scam
  • Anonymous “Operation Avarice”
  • “[Important!] Payment Note – SWIFT details_Invoice” – SWIFT-Themed Phishing
  • Fake RBS “Secure Email Message” with Trickbot Trojan
  • “FW: NEW MATTER (URGENT PROPOSAL)..” Hawkeye Malware Campaign
  • “Receipts from yojun[@]rhapsody[.]asia” – DanaBot Malware Phishing

 

Programs

  • Symantec Endpoint Protection Client Multiple Vulnerabilities
  • Microsoft Exchange Server 2010 / 2013 / 2016 Outside In Multiple Vulnerabilities
  • McAfee Data Loss Prevention Multiple Vulnerabilities
  • McAfee Web Gateway Multiple Vulnerabilities
  • Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
  • Microsoft Windows Server 2008 / Windows 7 Multiple Vulnerabilities
  • Microsoft Internet Explorer Multiple Vulnerabilities
  • Microsoft Multiple Products Multiple Vulnerabilities
  • Microsoft Edge Multiple Vulnerabilities
  • McAfee Web Gateway Multiple Vulnerabilities
  • Google Chrome V8 Out-Of-Bounds Write Memory Access Vulnerability
  • Microsoft Windows Server 2012 / Windows RT 8.1 / 8.1 Multiple Vulnerabilities
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office Excel Viewer 2007
  • Microsoft Office 2010
  • Microsoft Excel 2010
  • Microsoft Outlook 2010
  • Microsoft Publisher 2010
  • Microsoft Office Web Apps
  • Microsoft Office 2013
  • Microsoft Excel 2013
  • Microsoft Outlook 2013
  • Microsoft Office 2013 RT
  • Microsoft Excel 2013 RT
  • Microsoft Office Web Apps 2013
  • Microsoft Office 2016
  • Microsoft Outlook 2016
  • Microsoft Excel 2016
  • Microsoft Outlook 2013 RT
  • Microsoft Office Online Serve
  • Adobe Flash Player Multiple Vulnerabilities
  • Google Chrome Unspecified Vulnerability
  • Android Multiple Vulnerabilities Mozilla Firefox / Firefox ESR SVG Handling Buffer Overflow Vulnerability
  • Android Multiple Vulnerabilities
  • Trend Micro OfficeScan XG Multiple Vulnerabilities
  • Apple iOS Multiple Vulnerabilities
  • Apple iCloud for Windows Multiple Vulnerabilities
  • Apple macOS Multiple Vulnerabilities
  • Apple iTunes Multiple Vulnerabilities
  • Apple Safari Multiple Vulnerabilities