WhatsApp voicemail scam and other I.T. security news this week

Scam Of The Week: It’s Not a WhatsApp Voicemail!

You probably know that the Eastern European cyber mafia does their beta testing in the U.K., before they “export” their criminal campaigns to America. Here is a heads-up of a social engineering phish that was spotted in Ireland, and that your users may receive in their inbox in the near future. Warn them ahead of time!

ESET Ireland warned: “A dangerous email spam message is dropping into Irish mailboxes, pretending to come from WhatsApp. Its subject says “Missed voicemail” and the content of the mail just says “New voicemessage” and has a link called “Play”.

Clicking on the link will begin the download of a trojan that ESET detects as “JS/Kryptik.BBC”, a variant of malware first detected in August 2016. JS/Kryptik is a generic detection of malicious obfuscated JavaScript code embedded in HTML pages that usually redirects the browser to a malicious URL or implements a specific exploit and can cause ransomware and other malware infections.”

Read full article: https://blog.knowbe4.com/cyberheistnews-vol-7-16-scam-of-the-week-its-not-a-whatsapp-voice-mail 

Security Headlines


Security experts say a white hat hacker is responsible for the Hajime IoT botnet, which is on a mission to secure IoT devices vulnerable to the notorious Mirai malware. Divergent goals between Mirai and Hajime, experts say, will spark a perpetual back-and-forth between Mirai black hats and a lone Hajime white hat racing to reach millions of routers, DVRs  and internet-connected cameras.

“No one knows for sure who created Hajime. The only thing we know for sure is that it’s a vigilante white hat hacker who created this to counter any future attacks from Mirai and similar attacks,” said Mandeep Khera, CMO of security firm Arxan.


MSPMentor – Phishing Attack Results in $400,000 HIPAA Breach Fine 

A Denver, Colo.-area network of public health clinics paid a $400,000 HIPAA breach penalty after a phishing attack let a hacker gain access to employee email accounts and obtain electronic protected health information (ePHI) of 3,200 patients, federal authorities said today.

Metro Community Provider Network (MCPN) – which provides primary medical care, pharmacies, social work, dental and behavioral care to roughly 43,000 mostly poor patients – reported the breach in January of 2012.

Investigators from the U.S. Department of Health and Human Services Office of Civil Rights (OCR) found that MCPN violated the HIPAA Security Rule by failing to do proper risk assessments or implement adequate cybersecurity measures and procedures.


Askwoody – Booby-trapped Word documents in the wild exploit critical Microsoft 0-day

The exploit appears in a Word doc attached to an email message. When you open the doc, it has an embedded link that retrieves an executable HTML file which looks like an RTF file. Apparently, all of that happens automatically.

The downloaded file loads a decoy that looks like a document, so the user thinks they’re looking at a doc. It then stops the Word program to hide a warning that would normally appear because of the link.

Very clever. It works on all versions of Windows, including Win10. It works on all versions of Office, including Office 2016.

  • Do not open any Office files obtained from untrusted locations.
  • This active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled.


KrebsonSecurity – Shoney’s Hit By Apparent Credit Card Breach

It’s Friday, which means it’s time for another episode of “Which Restaurant Chain Got Hacked?” Multiple sources in the financial industry say they’ve traced a pattern of fraud on customer cards indicating that the latest victim may be Shoney’s, a 70-year-old restaurant chain that operates primarily in the southern United States.

Shoney’s did not respond to multiple requests for comment left with the company and its outside public relations firm over the past two weeks.

Based in Nashville, Tenn., the privately-held restaurant chain includes approximately 150 company-owned and franchised locations in 17 states from Maryland to Florida in the east, and from Missouri to Texas in the West — with the northernmost location being in Ohio.


Security Bulletins from the FBI and DHS

C-SPAN – Russian Interference in 2016 Election

Former Obama administration U.S. Cyber Command Commander Keith Alexander and two other cyber experts testified at a hearing on Russian interference in the 2016 presidential election and its capabilities to influence elections in other Western democracies. General Alexander said the time is now for the U.S. to formulate a comprehensive cyber strategy and rules of engagement given Russia’s demonstrated capabilities. During the hearing Senator Marco Rubio (R-FL), a 2016 presidential candidate, confirmed his campaign was targeted by hackers in Russia.

If you have been wondering the level and sophistication and extend of what Russia has done and what they are capable of.  Below is your answer in public Senate hearing testimony.

Kevin Mandia was one of three witnesses who testified yesterday afternoon before a U.S. Senate Intelligence Committee hearing on Russian interference in the 2016 election, and the possible impact on elections in other Western democracies.

Starting at the four minute mark CSPAN television becomes very interesting.


FBI – Justice Department Announces Actions to Dismantle Kelihos Botnet

The Justice Department today announced an extensive effort to disrupt and dismantle the Kelihos botnet – a global network of tens of thousands of infected computers under the control of a cybercriminal that was used to facilitate malicious activities including harvesting login credentials, distributing hundreds of millions of spam e-mails, and installing ransomware and other malicious software.


DHS – Cybersecurity firm trains students for high-tech heroics

With newscasts regularly portraying a menacing picture of cybercrime, Indiana State University Professor Bill Mackey — and the students he teaches — is almost guaranteed job security. Perhaps the biggest news story this spring involves the Russians, the Democratic National Committee and, possibly, the Trump White House. It also involves exactly the focus of Mackey and his cyber security company, Alloy. Preventing the human missteps is exactly what Mackey’s enterprise does that’s different from almost everyone else: They marry the technological part (the computer-code breaking) with the human element for a mixture of tech and cyber criminology.


Vendor Information

Microsoft – Critical Security Updates from Adobe, Microsoft

Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products. Adobe patched dozens of holes in its Flash Player, Acrobat and Reader products. Microsoft pushed fixes to address dozens of vulnerabilities in Windows and related software.

The biggest change this month for Windows users and specifically for people responsible for maintaining lots of Windows machines is that Microsoft has replaced individual security bulletins for patches with a single “Security Update Guide.”

This change follows closely on the heels of a move by Microsoft to bar home users from selectively downloading specific updates and instead issuing all monthly updates as one big patch blob.

Microsoft’s claims that customers have been clamoring for this consolidated guide notwithstanding, many users are likely to be put off by the new format, which seems to require a great deal more clicking and searching than under the previous rubric. In any case, Microsoft has released a FAQ explaining what’s changed and what folks can expect under the new arrangement.

By my count, Microsoft’s patches this week address some 46 security vulnerabilities, including flaws in Internet Explorer, Microsoft Edge, Windows, Office, Visual Studio for Mac, .NET Framework, Silverlight and Adobe Flash Player.



Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack.

In all, Oracle admins have a tall order with 299 patches across most of the company’s product lines; 162 of the vulnerabilities are remotely exploitable.


Related Posts