Spyware, Viruses, & Security forum

Alert

NEWS - May 27, 2015

by Carol~ Moderator / May 27, 2015 1:43 AM PDT
IRS: Crooks Stole Data on 100K Taxpayers Via 'Get Transcript' Feature

In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS's own Web site to obtain taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year.

That March story — Sign Up at IRS.gov Before Crooks Do It For You — tracked the nightmarish story of Michael Kasper, one of millions of Americans victimized by tax refund fraud each year. When Kasper tried to get a transcript of the fraudulent return using the "Get Transcript" function on IRS.gov, he learned that someone had already registered through the IRS's site using his Social Security number and an unknown email address.

Koskinen was quoted today in an Associated Press story saying the IRS was alerted to the thieves when technicians noticed an increase in the number of taxpayers seeking transcripts. The story noted that the IRS said they targeted the system from February to mid-May, and that the service has been temporarily shut down. Prior to that shutdown, the IRS estimates that thieves used the data to steal up to $50 million in fraudulent refunds.

Continued : http://krebsonsecurity.com/2015/05/irs-crooks-stole-data-on-100k-taxpayers-via-get-transcript-feature/

Related:
IRS Hack Exposes 100,000 Taxpayer Records
Hackers Steal Personal Data From US Tax Agency IRS
Reactions to the IRS hack that impacted 100,000 people
IRS system mined for over 100,000 taxpayer records by fraudsters [Updated]
Discussion is locked
You are posting a reply to: NEWS - May 27, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 27, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Massive campaign uses router exploit kit to change ..
by Carol~ Moderator / May 27, 2015 3:11 AM PDT
In reply to: NEWS - May 27, 2015
.. routers' DNS servers

Well-known security researcher Kafeine has spotted an active campaign aimed at compromising SOHO routers and changing their DNS settings so that the attackers can seamlessly redirect users to phishing sites, hijack their search queries, intercept their traffic, and more.

This particular campaign apparently targets only users of Google's Chrome browser and ignores others. Chrome users who visit a compromised website are redirected to a site that serves cross-site request forgery (CSRF) code that determines which router model the victims use.

Depending on that information, an exploit for one of several vulnerabilities - CVE-2015-1187, CVE-2008-1244, or CVE-2013-2645 - is served, or several sets of common administrative credentials are tried, all with the aim to access the router's administration interface.

Continued : http://www.net-security.org/secworld.php?id=18424

Related : Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings
Collapse -
Angler Exploits Recently Patched Flash Bug to Deliver Bedep
by Carol~ Moderator / May 27, 2015 3:11 AM PDT
In reply to: NEWS - May 27, 2015

The developers of the notorious Angler exploit kit are very good at integrating recently patched or zero-day vulnerabilities. Researchers reported on Monday that the cybercriminals have already added an exploit for a Flash Player flaw fixed by Adobe just two weeks ago.

According to FireEye, the security bug in question is a memory corruption (CVE-2015-3090) vulnerability discovered and reported by Chris Evans of Google Project Zero. The flaw was patched by Adobe on May 11 with the release of Flash Player 17.0.0.188.

At the time when it released the update, Adobe didn't seem to be aware of any attacks in which the vulnerabilities fixed in Flash Player 17.0.0.188 had been exploited. FireEye says it has now notified Adobe and provided the company access to the exploit.

Continued : http://www.securityweek.com/angler-ek-exploits-recently-patched-flash-bug-deliver-bedep

Related : Flash Player Vulnerability Exploited 2 Weeks After Adobe's Patch Release

Collapse -
Moose Worm Compromises Routers for Social Network Fraud
by Carol~ Moderator / May 27, 2015 3:11 AM PDT
In reply to: NEWS - May 27, 2015

A piece of malware capable of spreading past firewalls is currently targeting weakly configured routers and modems to boost visibility of profiles on various social networks including Twitter, Facebook, YouTube, Instagram, Vine and SoundCloud.

Security researchers at ESET, who ran an in-depth analysis of its features and behavior, dubbed it Moose. They determined that the malware affects any Linux-based embedded device running on MIPS and ARM architectures, which means that other gadgets fitting the specs may be impacted.

Moose preys on weakly protected routers

The purpose of the malware operators appears to be increasing the number of followers, views and likes on social media websites it targets, although its damage potential can extend to man-in-the-middle attacks via DNS hijacking, or distributed denial-of-service (DDoS) operations.

Continued : http://news.softpedia.com/news/Moose-Worm-Compromises-Routers-for-Social-Network-Fraud-482365.shtml

Related : The Moose is loose: Linux-based worm turns routers into social network bots

Collapse -
Watch Out! This Text Message Will Turn Off Your iPhone
by Carol~ Moderator / May 27, 2015 5:25 AM PDT
In reply to: NEWS - May 27, 2015
Graham Cluley @ The Mac Security Blog :

Watch Out! This Boobytrapped Text Message Will Turn Off Your iPhone

If you send a specific string of symbols and Arabic characters to another iPhone user, you can really ruin their day.

The problem, which occurs when you receive a notification of a new iMessage either on a locked iPhone or as a drop-down iOS notification, causes iPhones to restart, and is preventing some users from accessing other legitimate messages that have been sent to them.

The sequence of characters needed to remotely reboot an iPhone was posted on Reddit, and — for understandable reasons — has spread like wildfire across the Internet via social networking iPhone users.

Continued : http://www.intego.com/mac-security-blog/crash-text-message-iphone/

Related :
iPhone Crash: What You Need To Know
Beware of the text message that crashes iPhones
Behind the bug: How a 75-byte text message will CRASH your iPhone
Collapse -
More Evidence of mSpy Apathy Over Breach
by Carol~ Moderator / May 27, 2015 5:26 AM PDT
In reply to: NEWS - May 27, 2015

Mobile spyware maker mSpy has expended a great deal of energy denying and then later downplaying a breach involving data stolen from tens of thousands of mobile devices running its software. Unfortunately for victims of this breach, mSpy's lackadaisical response has left millions of screenshots taken from those devices wide open and exposed to the Internet via its own Web site.

The mSpy data was leaked to the Deep Web, where hundreds of gigabytes of files, chat logs, location records and other data was dumped after the company reportedly declined to comply with extortion demands made by hackers who'd broken into mSpy's servers. Included in that huge archive is a 13 gigabyte (compressed) directory referencing countless screen shots taken from devices running mSpy's software — including screen shots taken secretly by users who installed the software on a friend or partner's device.

Continued : http://krebsonsecurity.com/2015/05/more-evidence-of-mspy-apathy-over-breach/

Collapse -
Chrome Lure Used in Facebook Attack despite Google's Policy
by Carol~ Moderator / May 27, 2015 5:26 AM PDT
In reply to: NEWS - May 27, 2015

TrendLabs Security Intelligence blog :

Just how effective is it for cybercriminals to keep using Google Chrome and Facebook to infect their victims with malware?

We've already seen both platforms be used as parts of malicious social engineering schemes. Both Google and Facebook are aware of this and have taken steps to protect their users. The number of times malicious Chrome extensions have sprouted, for example, has driven Google to restrict the use of any extension not available on the Chrome Web Store.

Unfortunately, initiatives like these have not deterred cybercriminal efforts. Our findings also show that many of these platforms users still get tricked. Just recently, I received a message from a Facebook friend that piqued our curiosity. The message was rather short and to the point:

Continued :http://blog.trendmicro.com/trendlabs-security-intelligence/chrome-lure-used-in-facebook-attack-despite-googles-new-policy/

Related : Bogus Chrome Video Installer Delivered via Facebook Messenger

Collapse -
Windows Live ID scam targets personal information
by Carol~ Moderator / May 27, 2015 5:28 AM PDT
In reply to: NEWS - May 27, 2015

Kaspersky Lab experts are warning of a new scam that uses Windows Live ID as bait to catch personal information stored in user profiles on services like Xbox LIVE, Zune, Hotmail, Outlook, MSN, Messenger and OneDrive. [Screenshot]

What appears to be a typical phishing email is actually an email that goes to the Windows Live website, with no apparent attempt to get the victims' logins and passwords. So what's the trick?

Continued : http://www.net-security.org/secworld.php?id=18415

Collapse -
Microsoft to Detect Search Protection Code as Malware
by Carol~ Moderator / May 27, 2015 5:54 AM PDT
In reply to: NEWS - May 27, 2015

The Microsoft Malware Protection Center announced yesterday that its security products would begin detecting all software containing search protection functions and classifying it as malicious, regardless of whether the search-censoring features are enabled or latent.

Search protection is a scheme deployed by certain software packages in an attempt to limit user control of browser and search settings. In some cases, software makers use search protection in order to prevent users from uninstalling products or changing their default search engine. Other varieties keep users from disabling or enabling certain browser extensions. [...]

Microsoft is encouraging developers to remove any search protection code from their software, warning that a failure to do so will result in malicious detection. Furthermore, it will not be enough to merely disable search protection, developers will have to completely rid their wares of any search protection code, no matter how long it lie dormant.

Continued : https://threatpost.com/microsoft-to-detect-search-protection-code-as-malware/113027

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?