Tricks

now browsing by tag

 
 

#onlinedating | Tips & Tricks For The New Normal | #bumble | #tinder | #pof | romancescams | #scams

_________________________ The impact of the coronavirus worldwide has changed many aspects of everyday lives for millions. Social distancing and public safety has also changed the way we interact with one […] View full post on National Cyber Security

#infosec | Sextortion Fallout Scam Tricks Users into Malware Download

Source: National Cyber Security – Produced By Gregory Evans

Security researchers are warning of a new sextortion-related campaign designed to trick the recipient into clicking on a nude image booby-trapped with malware.

The unsolicited email contains a message from ‘Red Skull’ hacking crew, who claim to have compromised the account of a contact of the recipient and found images of his naked girlfriend.

As this individual didn’t pay up, the hackers are now emailing the image to everyone in his contacts list, or so the scam goes.

To view the picture, the user is encouraged to “enable content” and in so doing execute macros on the machine. However, doing so will run a PowerShell command in the background to download and execute the Racoon information-stealing malware, according to IBM X-Force.

Fortunately, the associated domain has been taken down.

“This new take on sextortion is quite remarkable. It makes the victim believe that someone they know has been exploited in an attack that has nothing to do with them. If people do not identify as the victim, they may act much more careless, especially those curious to find out who was actually targeted,” the security vendor explained.

“Thanks to the quick removal of the domain, it is safe to say that the success of this single campaign should be less significant, despite the sophistication and creativity of its emails. Nevertheless, the threat actor distributing these emails has been very actively exploring new methods of social exploitation, so this will certainly not be the last time we write a collection about these types of emails.”

In fact, the same hackers are behind a new campaign in which malicious spam is sent to users posing as an “indictment message” sent by a court. The relevant information on the hearing is said to be included in the malicious attachment.

Other phishing emails use DocuSign as a lure to click through and unwittingly download Racoon.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Sextortion Fallout Scam Tricks Users into Malware Download appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info

Source: National Cyber Security – Produced By Gregory Evans

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. 

The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff. 

VCRN were notified on or about Monday, December 30, that a cruel deception had taken place.

In a Notice of Data Privacy Incident statement published on VCRN’s website, the company stated: “The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. 

VCRN said: “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center said that they weren’t aware of any personal patient information having been misused as a result of this event.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

The center said: “We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”

VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. A toll-free dedicated assistance phone line has been established for patients who wish to discuss any concerns they may have as a result of the incident. 

The data breach has been reported to law enforcement and to the relevant regulatory authorities. 

VCRN advised patients “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”  

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’

Source: National Cyber Security – Produced By Gregory Evans

Many Thanks to Adrian Crenshaw (Irongeek), and his Videographer Colleagues for Sharing His and Their Outstanding Videos Of This Last And Important DerbyCon 2019.
Visit Irongeek for additional production credits and important information. Subscribe to Irongeek’s content, and provide Patreon support as well.

Permalink

The post Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

New #tax scam #targeting preparers #tricks #clients with #fraudulent #returns

When tax preparer Annette Kraft in Duncan, Oklahoma, checked the status of her clients’ tax returns in January, she was surprised to find all of them had been rejected.

“The code was 902-01,” she said. “That means someone else has already filed a tax return.”

It turns out her clients were victims of a new tax scam intended to cheat them out of their refunds. The criminals get their hands on returns from previous years, then use that information to file new fraudulent returns on unsuspecting victims. After the refund goes into the victim’s bank account, the crooks, posing as debt collectors for the IRS, follow up with a phone call claiming the refund was an error, then directing them to a fraudulent website to return the money.

“I had about $9,015 more than I anticipated,” said Duncan police officer David Woods.

He discovered that supposed refund one day as he checked his bank balance, but it didn’t make sense because he hadn’t filed his taxes yet.

“I didn’t get my W-2 to file my taxes,” Woods said.

He returned the money to the government, but now the IRS says his real refund of $3,000 will be delayed, possibly for months. He’s not alone.

At the local tire shop, 49-year-old Jerry Duvall told us his $5,800 return is more than two months late.

“We planned on taking care of expenses, getting caught up on bills and we counted on it,” Duvall said.

He missed a $200 car payment, and on the very day we spoke with him, he told us his car was getting repossessed.

At least 230 of Kraft’s clients have been hit and face months of delays. Taxpayers like 91-year-old Ray Prothro found out about the scam from the IRS while we were there.

“They ought to go to jail,” Prothro said.

It’s not just one tax preparer in Duncan. There may be as many as 100 tax preparers across the country affected by this scam. Those are just the ones that they know of, so the real number could be tens of thousands of taxpayers.

IRS agents showed us where criminals buy those tax returns on the dark web. One seller offered an example: A Midwestern couple’s full 2016 tax return.

As for Kraft, she says the scam has turned her business upside down.

“My clients are more like a family,” Kraft said. “I want them to know that they can trust me, that I can trust them, it hurts.”

Although the IRS says preparers are the ones being hacked, Kraft’s own experts told her she was not hacked. But the IRS says there are a variety of ways for hackers to break in and steal information.

If you see an unexpected refund pop into your account, call your bank and the IRS, and get the money sent back to the Treasury. If you keep money you’re not entitled to, the IRS will require you pay it back.

advertisement:

The post New #tax scam #targeting preparers #tricks #clients with #fraudulent #returns appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker #tricks official #Vatican News site into #declaring #God an #onion

Source: National Cyber Security News

A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.

The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.

De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.

Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.

Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.

In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Don’t fall for tax identity theft tricks, even especially if ‘Revenue Agent Koskinen’ calls you

6a00d8345157c669e201b8d215d3ed970c-800wi

Source: National Cyber Security – Produced By Gregory Evans

Don’t fall for tax identity theft tricks, even especially if ‘Revenue Agent Koskinen’ calls you

One Mississippi. Two Mississippi. Someone just became an identity theft victim. The stealing of an individual’s personal data happens every two seconds.
That alarming criminal frequency was part of an Internal Revenue Service presentation on ID theft and tax refund

The post Don’t fall for tax identity theft tricks, even especially if ‘Revenue Agent Koskinen’ calls you appeared first on National Cyber Security.

View full post on National Cyber Security

Back-to-School and Sunday Night Anxiety Tips and Tricks

Back-to-School and Sunday Night Anxiety is real, folks! Yes… it happens to everyone. And no… you are not alone. I will never forget my first day of teaching a brand new subject, at a brand […]

The post Back-to-School and Sunday Night Anxiety Tips and Tricks appeared first on EducationCloset.

View full post on EducationCloset







#pso #htcs #b4inc

Read More

The post Back-to-School and Sunday Night Anxiety Tips and Tricks appeared first on Parent Security Online.

View full post on Parent Security Online

Jeep Hackers Return With New Tricks

472675-2015-jeep-cherokee

Source: National Cyber Security – Produced By Gregory Evans

Jeep Hackers Return With New Tricks

A year after Charlie Miller and Chris Valasek disclosed a major security vulnerability that could allow hackers to remotely hijack your Jeep, the infamous auto hackers are at it again. The duo, who now work at Uber, again teamed up with Wired writer Andy Greenberg to publicize “a new arsenal of attacks” against the same […]

The post Jeep Hackers Return With New Tricks appeared first on National Cyber Security.

View full post on National Cyber Security

Six Bad-Boy Sex Tricks You Need to Have in Your Arsenal

Are you looking to be a bad boy in the bedroom but aren’t sure how? Trying out these sex tricks is a surefire way to keep her coming back for more! Have you ever heard about men having “moves” in the sack? Read More….

The post Six Bad-Boy Sex Tricks You Need to Have in Your Arsenal appeared first on Dating Scams 101.

View full post on Dating Scams 101