FBI Warns Scammers Now Impersonate Refund Payment Portals
- The FBI warns that tech support scammers are now impersonating financial institutions’ refund payment portals to harvest victims’ sensitive information and add legitimacy.
- While tech support scams have been around for years, the FBI added that since as recently as October 2022, the scammers are using scripts (Windows batch files) designed to display what looks like the user interface of refund payment portals in a command prompt window.
- Even though the FBI has not revealed the names of impersonated organizations, BleepingComputer has found samples of these scripts that pretend to be Chase Bank, JPMorgan Chase’s consumer and commercial banking subsidiary.
TransUnion Breached, Consumers’ Financial Information Exposed
- On Monday, November 7, TransUnion reported a data breach with the Massachusetts Attorney General. It currently isn’t known how many people were affected in the breach.
- The compromised information includes names, Social Security numbers, financial account numbers, and driver’s license numbers.
- TransUnion has sent letters to all affected parties with instructions to help protect themselves from identity theft and fraud.
Microsoft’s Certificate-Based Authentication Enables Phishing-Resistant MFA
- Microsoft added certificate-based authentication (CBA) to the Azure Active Directory to help organizations enable phishing-resistant MFA that complies with US federal requirements.
- Microsoft has removed a key obstacle facing organizations seeking to deploy phishing-resistant multifactor authentication (MFA) by enabling certificate-based authentication (CBA) in Azure Active Directory.
- CBA capability in Azure AD is immediately critical to federal government agencies, which face a March 2024 deadline to deploy phishing-resistant MFA in compliance with US President Joe Biden’s 2021 Executive Order (14028) on Improving the Nation’s Cybersecurity.
US Health Dept. Warns of Venus Ransomware Targeting Healthcare Orgs
- The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country’s healthcare organizations.
- “The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model and no associated data leak site (DLS) exists at this time.”
- The threat actors behind the Venus ransomware attacks are known for hacking into the victims’ publicly-exposed Remote Desktop services to encrypt Windows devices.
Malicious Extension Lets Attackers Control Google Chrome Remotely
- A new Chrome browser botnet named ‘Cloud9’ has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads, and malicious JS code, enlisting the victim’s browser in DDoS attacks.
- The malicious Chrome extension isn’t available on the official Chrome web store but is instead circulated through alternative channels, such as websites pushing fake Adobe Flash Player updates.
- The extension consists of three JavaScript files for collecting system information, mining cryptocurrency using the host’s resources, performing DDoS attacks, and injecting scripts that run browser exploits.
That’s all for this week’s roundup! As always, if you need assistance with any of the topics covered here, don’t hesitate to reach out to us. We’re always happy to help where we can.
