Security Blog

Security Alert!

Southern California Wildfire-Themed Scams

Cyber criminals are currently exploiting the ongoing Southern California wildfires by using Southern California wildfire-themed lures for their phishing attempts and scams. Phishing can be conducted through emails, text messages, QR codes, phone calls, and voicemails. Threat actors move quickly to incorporate current fire based themes into the subject matter of their phishing emails, smishing text messages, and even crowdfunding or fundraising campaign scams on social media. 

If you have been impacted by the fires, you may likely need the support of local, state, and federal resources. Cybercriminals will masquerade as all three. They may impersonate property inspectors and building contractors or claim to be agencies offering state or federal aid. Some even offer to help replace identification cards, passports, or documents. They aim to steal your money and personal information. 

Use these tips against cybercriminals:

•    Know that federal and state workers do not ask for or accept money.
•    Use a licensed local contractor who has reliable references.
•    Only reveal personal information if you initiate contact with a government official.
•    Do not pay by wire transfer, gift card, cryptocurrency, or cash.

Even if you’re not personally affected by the fires, you may want to lend a hand. But, your generosity provides a perfect opportunity for scammers to exploit your good nature. Follow these tips to help keep your donation money from falling into the wrong hands:

•    Research the charity and the organization’s tax status – try using the Better Business Bureau Wise Giving Alliance.
•    Be suspicious of charities requesting cash donations, wire transfers, gift cards, or cryptocurrency.
•    Beware of direct emails from ‘victims’ and solicitors with heart-wrenching stories.
•    Contribute only by check or credit card to have a record of the donation.
 

Network-Connected Wrench Vulnerability

DATE(S) ISSUED:

1/11/24

SUBJECT: 

Vulnerability in a network-connected wrench having potential safety issues

OVERVIEW:

Security researchers from Nozomi have discovered 23 vulnerabilities in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B, a cordless wrench used in factories worldwide for precise torque applications. The device connects wirelessly to local networks, allowing engineers to tighten bolts accurately. Exploiting these vulnerabilities could enable hackers to install malware, potentially leading to the sabotage or disabling of the wrenches, causing safety and reliability issues. Bosch Rexroth has acknowledged the vulnerabilities and is working on a patch scheduled for release at the end of January 2024.

USERS AFFECTED:

• Consumers
• Factories
• Organizations

RISK:

• Safety Risks
• Sabotage of Manufacturing Processes
• Malware Installation
• Operational Disruption
• Data Security Concerns

REFERENCES:

arstechnica.com:

Hackers can infect network-connected wrenches to install ransomware

Critical  iOS fixes - Patch your Apple Devices Now (12/2/23)

DATE(S) ISSUED:

11/30/23

SUBJECT: 

iPhone Security Flaws

OVERVIEW:

Apple has released iOS 17.1.2, along with a warning to update now. iOS 17.1.2 fixes two iPhone security flaws—both of which are already being used in real-life attacks. There is also an update to MacOS and Safari for older Macs. Here is the link to the Apple Security Page.

USERS AFFECTED:

• Any person who owns an Apple device(s)

RISK:

• Any user clicking on the "malvertisements" or ads containing malware are subject to the installation of malware on their device

RECOMMENDATIONS:

We recommend the following actions be taken:

• Update Apple devices as soon as possible including iPhones, MacOS, and Safari for older Macs.

REFERENCES:

support.apple.com:

Apple security releases - Apple Support

Malicious Google Ads Installing Malware

DATE(S) ISSUED:

11/20/23

SUBJECT: 

Malicious Google Ads Trick WinSCP Users into Installing Malware

OVERVIEW:

Beware of a sophisticated cyber threat known as SEO#LURKER! Cybersecurity experts have uncovered a malicious scheme targeting users searching for WinSCP. Attackers manipulate search results and Google ads to lure unsuspecting individuals into downloading malware instead of legitimate software. These deceptive ads redirect to compromised websites, leading to a fake WinSCP site where a seemingly genuine installer hides malicious Python scripts. Victims, particularly in the U.S., are targeted through geoblocking. This tactic isn't new; similar attacks have targeted PyCharm users. 

USERS AFFECTED:

• Users exposed to and clicking on lookalike WinSCP website, winccp[.]net.

RISK:

• Any user clicking on the "malvertisements" or ads containing malware are subject to the installation of malware on their device

RECOMMENDATIONS:

We recommend the following actions be taken:

• Before clicking on an ad, confirm that it is legitimate
• If you are unsure an ad is legitimate, search for the ads official website and continue from there
• Report ad to google if it is suspicious

REFERENCES:

thehackernews.com:

https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html?m=1