Omicron phishing scam already spotted in UK
U.K. consumer watchdog “Which?” is warning about a new phishing scam, made to look like an official communication from the UK National Health Service (NHS), offering free PCR tests for the COVID-19 Omicron variant. The message is being sent by text, email and over the phone, and they stress that the new test kits are specifically designed to detect the Omicron variant. The emails contain many grammatical errors and ask for £1.24 as a delivery fee giving the scammers access to the target’s banking information as well as standard PII.
Pegasus spyware reportedly hacked iPhones of U.S. State Department and diplomats
Apple has reportedly “notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group,” this according to reports from Reuters and The Washington Post. The campaign seems to have focused on U.S. Embassy officials stationed in Uganda. The identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown.
Realistic looking fake Office 365 spam quarantine alerts on the rise
A new series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages held in quarantine, with the end goal of stealing their Microsoft credentials. The emails use quarantine[at]messaging.microsoft.com address with an official Office 365 logo and other standard footer material. Details of the quarantined spam message are provided along with personalized subject headings to create a sense of urgency. However, they still come with text formatting issues and out-of-place extra spaces that would allow spotting these emails’ malicious nature on closer inspection.
Cuba ransomware gang hacked 49 US critical infrastructure organizations
A flash alert published by the FBI has reported that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors. The group’s ransomware encrypts files on the targeted systems using the “.cuba” extension. Cuba ransomware has been actively distributed through the Hancitor malware, a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks.
Thanks to our episode sponsor, Tines
Phishing scam targets military families
According to threat researchers at Lookout, a phishing campaign is targeting members of the United States military and their families, with messages that impersonate military support organizations and personnel. The goal of the campaign is to commit advance fee fraud, stealing sensitive personal and financial information for monetary gain. It uses a series of websites designed to appear as though they are affiliated with the military, including Department of Defense services advertisements for extra realism. Researchers were able to pinpoint Nigeria as the source of the scam from a phone number that one of the web developers accidentally left on the draft version of the site.
CISA warns of vulnerabilities in Hitachi Energy products
CISA has published six advisories that inform about the availability of security patches and notifications for vulnerabilities impacting RTU500 series bidirectional communication interface, Relion protection and control IEDs, Retail Operations and Counterparty Settlement and Billing (CSB) software, the Asset Performance Management (APM) Edge software for transformers, and the PCM600 update manager. The security flaws can allow threat actors to trigger a DoS condition, execute arbitrary code, eavesdrop on traffic, access or modify data, install untrusted software packages. Some of the flaws are remotely exploitable. The full list of the advisories is available on the Hitachi website.
Two men charged with claiming ownership of songs to steal YouTube royalty payments
On Wednesday, the US Attorney’s Office of Arizona announced the indictment of two men “on charges that they defrauded musicians and associated companies by claiming more than $20m in royalty payments for more than 50,000 songs played on YouTube.” Their scheme included “falsely representing to YouTube and to an intermediate company responsible for enforcing their music library, that they were the owners of a wide swath of music and that they were entitled to collect any resulting royalty payments.”