A new method to deliver the TrickBot Trojan has been discovered on Windows 10 systems. TrickBot has been a reliable workhorse for cybercriminals since at least 2016 and is thought to have compromised at least 250 million email accounts globally. TrickBot may be responsible for hundreds of millions of dollars in fraud losses. The recent twist takes advantage of the remote desktop ActiveX control class to automatically execute the OSTAP malware JavaScript downloader on victim machines.
Recent News Articles
The Internal Revenue Service (IRS) has issued warning of an ongoing IRS-impersonation scam targeting educational institutes, primarily students/staff who have a “.edu” email address. The phishing email appears to target individuals affiliated with education in all formats including public and private, profit and non-profit institutions.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks.
From: [username]@ucla.edu
Subject: HR Team
Greetings:
You have a message from the HR Department
Click here to view your message
Sincerely,
The Human Resources Talent Acquisition Team
This is an automatically generated email, please do not reply.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IT Help Desk
Subject: [username]@[campus unit].ucla.edu password expiration
[campus unit].ucla.edu
Hello [username]
Password for [username]@[campus unit].ucla.edu expires today Tuesday, March 23, 2021 at 2:34 PM
Keep Same Password
[campus unit].ucla.edu (c) 2021
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. TEXT OF PHISHING EMAIL
From: [username]@ucla.edu
Subject: UNICEF PART – TIME JOB OPPORTUNITY
Good Day,
I am a staff hear at the institution, a professor of Medicine shared a link for students who might be interested in PAID UNICEF PART-TIME POSITION job to make up to $400 (USD) weekly.
Follow the link below for more info regarding the position –
CLICK HERE
NOTE: THIS IS STRICTLY A WORK FROM HOME POSITION.
Sincerely,
Dr. Daniel Spencer
Whether you still use and enjoy the Windows 7 operating system or not, the end-of-life date for that operating system arrives next week. Official support for Windows 7 from Microsoft ends on January 14, 2020.
Recently a significant number of UCLA hosts running MacOSX participated in a DDoS amplification attack that leveraged the Apple Remote Desktop (ARD) or Apple Remote Management Service (ARMS) services, which provides Remote Desktop and management services on MacOSX devices using UDP Port 3283.
Recommended steps to harden MacOSX against these attacks:
Summary
The FBI identified a new trend of banking trojan infections and PowerShell Empire activity preceding BitPaymer ransomware attacks. The FBI normally issues Flash Reports like this when there is a marked increase in attack activity and exploit reports from victims. H-ISAC urges all members to take this Flash Report seriously and follow the recommended actions and mitigation techniques.
MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information. Visit https://cwe.mitre.org to learn how to get involved.
Cisco has released updates to address three vulnerabilities in its software-defined networking for wide-area network (SD-WAN) Solutions software. All three flaws have been rated high severity. The issues affect a range of Cisco products that are running SD-WAN software that is older than the current version: Release 19.2.2.
Microsoft today released the latest batch of software security updates for all supported versions of its Windows operating systems and other products that patch a total of 113 new security vulnerabilities, 17 of which are critical and 96 rated important in severity.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks.
From:
Sent: Friday, March 6, 2020 5:41 AM
To:
Subject: Staff & Employee Benefit
All staff & employee are expected to verify their email account for new payroll directory and adjustment for the month of March benefit payment. Please kindly Click MARCH-BENEFIT and complete the required directive to avoid omission of your benefit payment for March 2020
Thank you,
Help Desk.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: IRS
Subject: Recalculation of your Tax Refund Payment
Internal Revenue Service (IRS)
Dear Applicant,
After the last calculations of your annual tax refund, we have determined that you are eligible to receive an extra tax refund of 1400.00 USD
Please submit the tax refund request and click here by having your tax refund sent to your account in due time.
Please do not reply as the email address is not monitored for received mail.
On Friday, January 10, 2020, honeypots have detected internet-wide opportunistic scanning activity targeting vulnerable Citrix endpoints. This critical vulnerability allows unauthenticated remote attackers to execute commands on the targeted server after chaining an arbitrary file read/write (directory traversal) flaw.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks.
From: AMAZON TEAM
To:
Subject: we need you only if you are interested
On: Tuesday, November 12, 2019 at 6:24 AM
Dear MysteryShopper,
We have a MysteryShopper position in your area and the wage is 250 to
300 dollars per assignment,we would like you to participate,therefore
we are accepting applications for this job.It's fun and rewarding.After
you sign up you will have access to training materials.Kindly,send the
requested information below to be enlisted.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks.
From:
Sent: Tuesday, October 15, 2019 8:54 AM
To:
Subject: NEW PAYROLL SERVICE
ALL STAFF ;
This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness. These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW PAYROLL SERVICE to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks.
Subject: Question – application for a Professor position
From: Martin Kroll
Date: Sunday, October 13, 2019 at 6:10 PM
Hello,
I am interested to apply to your University for a Professor position.
May I ask you to provide me with an email address for your human
resources officer as well as the Dean of faculty/academic director who
are in charge of the faculty recruitment process? Thank you very much
for your support indeed.
Best regards
Dr. Martin Kroll
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: Mabel Angelini
To: Mabel Angelini
Date, Friday, September 13, 2019 at 9:53 AM
Subject: RE: ICT Technical Support
We're migrating all e-mail accounts to Outlook Web App 2019, and all active account holders need to verify and sign in for the upgrade and migration to take effect. This is done to improve the security and efficiency of spam.
NOTES: If you do not do so within the next 24 hours after receiving your request, we will contact you as soon as possible.
Click on ICT Technical Support to migrate and block additional spam.
Greetings,
ICT management team,
Outlook Web for employees.
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From: part-time job
Date: Mon, Sep 2, 2019 at 11:33 AM
Subject: URGENT HIRE
To:
The services of a student administrative assistant is urgently required to work Part-time and get paid $ 350 weekly. This position is open to UCLA under- graduates only.
If interested reply via this email address or text 8035971655 for further details.
Thanks
Prof. Damon Linda
Below is a sample phishing email that was recently sent out. If you receive this, please do not respond to it and do not click on any hyperlinks. From:
To:
Date: Saturday, July 20, 2019 at 2:17 AM
Subject: Re:df
For your information The letter implies authority, of your account
You will not be able to send or receive messages.
To activate Click the link and complete the information required;
Centurylink© 2019
