Tag Archives: irs

10Fold- Security Never Sleeps- 139

Windows SMB Zero-Day Exploit On The Loose

“As of now, no patch available”

US-CERT and many other organizations have been warning since Friday of a zero-day vulnerability in several versions of Microsoft Windows. The corruption bug is capable of giving hackers the ability to remotely crash and reboot a users system. The PoC code that allows for the exploitation is publicly available for any cybercriminal to use has been released on GitHub.

InterContinental Confirms Breach at 12 Hotels

“Credit card vulnerabilities acknowledged”

The parent company for thousands of different hotel has announced that at least 12 of its properties were affected by a breach of its servers, possible allowing credit card information to be stolen from its customers. KrebsOnSecurity first reported the story over a month ago, however InterContinental Hotels Group have only recently publicly acknowledged the incident.

29,000 taxpayers affected by W-2 scams

“IRS issues new warning amidst reports of compromised W-2 increases”

The newest warning advisory from the IRS coincides with additional plans that the agency has recently announced, including delays on refunds for early filings among others in an effort to combat identity theft and fraudulent activities. Employers have also been informed that the W-2 scam has moved to schools, nonprofits and tribal ogranizations.

Hacker hijacks thousands of publicly exposed printers to warn owners

“Rogue messages sent to prove a point about vulnerability of internet connected devices”

Recent research has has shown that many connected printer models are vulnerable to attack, a point that a hacker known under the alias as Stackoverflowin made reality to thousands of exposed devices. Messages were sent via the printer by Stackoverflowin, that depicted the dangers of unsecured devices.

Polish Banks Hacked via Malware Coming from Financial Regulator

“Largest hack in nations history”

Malware has been discovered on the servers pf many Polish banks, seemingly installed by the Polish Financial Supervision Authority (KNF). The banking sector considers this n attack on the financial sector.

10Fold – Security Never Sleeps – 51

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerResearchers have found vulnerabilities in wireless keyboards and mice that could allow attackers to take control of them from up to 100 meters away. The IRS has reported a 400% increase in phishing and malware sent out in seemingly secure emails that trick taxpayers. Volvo has announced that they will switch to smartphone enabled keys instead of traditional metal keys and fobs. The ‘world’s first Parental Intelligence System’ has been leaking a database of 6.8 million private text messages and pictures for 48 days before the leak was stopped.

‘MouseJack’ Attacks Hack Wireless Keyboards And Mice From 100 Meters Publication: Forbes Reporter name: Thomas Fox-Brewster

Researchers have exploited a range of vulnerabilities in wireless keyboards and mice, taking control of them from up to 100 meters away. The researchers, from Internet of Things security start-up Bastille, focused on a range of dongle-linked devices from Logitech, Dell , Gigabyte, HP, Lenovo , Microsoft and Amazon Basics. Some patches have been made available for users, including Logitech devices, but where fixes aren’t available, Bastille CTO and founder Chris Rouland recommended customers ditch their mouse or keyboard for a wired or Bluetooth alternative. The problems lie in the way the dongles handle communications. In some cases, the dongles accepted unencrypted packets where they should only have allowed normal encrypted packets.

IRS reports 400% increase in phishing & malware in the past 12 months Publication: Naked Security Reporter name: Lisa Vaas

The IRS warned on Thursday that it’s already seen a “dramatic” increase in official-looking text and email messages stuffed into inboxes. The phishing messages are asking taxpayers about a wide range of sensitive information, including data related to refunds, filing status, confirmation of personal information, transcript orders and PIN verifications. The messages are rigged to look official, as if they came from the IRS itself or from others in the tax industry, such as tax software companies.

Volvo wants to replace car keys with smartphones Publication: USA Today Reporter name: Chris Woodyard

Volvo plans to start selling cars without keys beginning in 2017, using smartphones as replacements. In effect, Volvo says the Bluetooth-enabled smartphone would become the “digital keys” and there would no longer be a need for physical key. If Volvo’s plan works, it would become only the latest in a series of moves in recent years that have struck a blow against the traditional metal key. Even the cheapest subcompacts these days often come with electronic key fobs instead of metal keys. Though they can be expensive to replace, the fobs — in combination with start buttons– eliminate the danger that a key can become stuck or break off in the ignition lock.

Child Tracker App ‘Leaks 6.8 Million Texts, 1.8 Million Photos’ From Kids’ Phones Publication: Forbes Reporter name: Thomas Fox-Brewster

That’s because uKnow, the Arlington, V.A., provider of the “world’s first Parental Intelligence System”, was leaking a huge database containing as many as 6.8 million private text messages, 1.8 million images (many depicting children) and 1,700 in-depth child profiles made up of data from Android and iPhone devices, according to Chris Vickery, researcher at MacKeeper, a security provider that’s had some security issues of its own in recent months (hence the employment of Vickery). All that data, coming direct from mobiles as well as Instagram, Facebook, Twitter and myriad other social networks, was leaked because uKnow had failed to lock down a database containing the information. According to Vickery, the company failed to use any username or password. Vickery believes the information was accessible for at least 48 days, but has now been locked down.