Hackers Are Using Google Translate for Phishing Attacks

A new “phishing” campaign has surfaced that uses Google Translate as the hook.

From the article:

“When Google Translate is used, an email is sent from what appears to be Google, telling users their account was accessed from a new Windows device.

On the email, is a button for the user to ‘Consult the Activity’ to find out more information about the threat. If the user clicks on the link, it will take them to another page asking for their Google login.”

Source: Hackers Are Using Google Translate for Phishing Attacks – Latest Hacking News

E-ticketing system exposes airline passengers’ personal information via email

At least eight airlines, including Southwest, use e-ticketing systems that could allow hackers to access sensitive information about travelers merely by intercepting emails, according to research published Wednesday by the mobile security company Wandera. The systems fail to secure customers’ personally identifiable information, including names, boarding passes, passport numbers and flight numbers, Wandera said. The email vulnerabilities still exist, Wandera found, even though researchers notified affected companies weeks ago, and despite growing corporate awareness about the risks associated with sacrificing security for convenience. The weakness is a check-in link that is emailed to customers, Wandera researchers found. Customer information is embedded in the links, allowing travelers to travel from their email to a website where they check in for a flight without needing to enter their username and password. However the links are unencrypted and re-usable, presenting a tempting target for hackers, according to Michael Covington, vice president of product at Wandera. […]

Source: E-ticketing system exposes airline passengers’ personal information via email

Nest Issues Warning About Weak Passwords

Customers of Nest, whose products include numerous cameras and other IOT (Internet of Things) products, received an email today noting the increasing number of reports regarding their product’s security. The majority of these breaches are due to the customers using weak passwords across various websites and products. The key takeaway from the message is to make sure you are using strong and multiple passwords across your various accounts.

The letter is below:

In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features.

For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently.

We take protecting our users’ security very seriously. For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists. While we can’t stop password breaches across the internet, we’re committed to limiting the impact of compromised credentials on Nest Accounts.

While we continue to introduce additional security and safety features, we need your help in keeping your Nest Account secure. There are several ways for you to protect your home and family. Here’s what you can do:

  •Enable 2-step verification: The most important thing you can do is enable 2-step verification. Security experts agree that 2-step verification offers an additional layer of security. You’ll receive a special code every time you sign in to your account. It’s easy to do – find the steps here. •Choose strong passwords: Create a strong password and only use it for your Nest Account. • Set up Family Accounts: Don’t let other people use your email and password to sign in to the Nest app. Invite them to share access to your home with Family Accounts. •Be alert: Be on the lookout for phishing emails designed to trick you into sharing your email address and password. •Protect your home network: Keep your home network router software up to date and only share those credentials with people you trust. Set up and use a guest network if your Wi-Fi router supports it.

It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe.

If you have questions or need additional help, please reach out to
Nest Support.

— rishi
VP/GM of Nest

Phishing Attacks Disguised as an Email From the Boss

The latest and greatest “phishing” attack is aimed at higher level executives.  Remember that “phishing” attacks can only be successful if you click an attachment in an email.

From the article:  “Getting an email from the boss isn’t always a good thing, but in this case, it could be even worse. A widespread phishing campaign has been discovered that is targeting executives at many companies. The campaign uses fake messages from bosses to try and obtain usernames and passwords.

The email is simple, it tells the employee that a meeting has been cancelled and that they need to choose a new date. When users click on the link to reschedule they are taken to what appears to be a page for Microsoft Outlook and Office 365.

However, the page is part of a phishing site and any information entered into it will be gathered by the hackers. Viewing the message on a mobile device shows a slightly different message, but the effect is the same.”

Source: Phishing Attacks Disguised as an Email From the Boss – Latest Hacking News

Equifax’s Original Credit Lock Expires Tomorrow

If you have put off monitoring your credit, relying on Equifax’s free offer, it’s now time to take action.  The thieves who stole the data also know that the free freeze expires tomorrow, with a large majority of victims not taking action.  TAKE ACTION NOW!

Consumers who don’t have a credit freeze on their Equifax credit reports should strongly consider getting one before the calendar turns to February, if they signed up for the company’s TrustedID Premier product. TrustedID Premier, which the company offered consumers after its massive data breach, expires January 31, 2019. Consumers who used TrustedID Premier to monitor their credit and lock their Equifax credit reports for the past year will automatically have their Equifax reports unlocked when the service expires.

Source: Equifax’s Original Credit Lock Expires Tomorrow | U.S. PIRG Education Fund

Court rules Class-action lawsuits against Equifax can proceed after 148m personal records are breached

From the article:  In a series of orders handed down in a Georgia federal district court on Monday, the evocatively named Judge Thomas Thrash Jr said that legal challenges from payment card issuers and ordinary citizens can proceed against Equifax. A class-action lawsuit brought by ten “small businesses” – which included corporations and limited liability companies – was denied, though. The small biz owners can join in with the consumers.

In effect, payment card issuers are going ahead as one set of lawsuits, and normal folk are bunched into another set, against Equifax. The credit agency had sought to dismiss the claims against it.

Source: And it’s go, go, go for class-action lawsuits against Equifax after 148m personal records spilled in that mega-hack • The Register

Cyberthreats rise to the top at Senate hearing on worldwide dangers for U.S.

Coats told lawmakers that China’s pursuit of intellectual property and personal data on Americans remains a top threat to the U.S., and that a “significant amount” of China’s economic rise was supported by stolen U.S. intellectual property.

“Coats told lawmakers that China’s pursuit of intellectual property and personal data on Americans remains a top threat to the U.S., and that a “significant amount” of China’s economic rise was supported by stolen U.S. intellectual property.”

Source: Cyberthreats rise to the top at Senate hearing on worldwide dangers for U.S.

‘Gold mine’ of customer loan, tax and other records exposed on open server

Yet another example of why you need to be monitoring your credit reports.

From the article:

“Some, not all, of the documents “contained highly sensitive data, such as social security numbers, names, phones, addresses, credit history, and other details which are usually part of a mortgage or credit report. This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” Diachenko wrote.”

Source: ‘Gold mine’ of customer loan, tax and other records exposed on open server

Oklahoma Department of Securities Breached

Just another example of why you must monitor your credit reports.  You don’t have any control otherwise.

From the article:

“The Oklahoma Department of Securities is the latest governmental body to report a breach. This time over a million files consisting of department files and FBI investigation records were disclosed via an open server, making it all available to the public. ”

Source: Oklahoma Department of Securities Breached – Latest Hacking News