Risk Radar Free Cyber Newsletter – Mar 21, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

IRS warns of new, last minute tax scams
With tax season in full force the IRS is warning of two current scams. The first scam is targeted at tax preparers. The attackers are calling the tax preparers posing as the client to get the refund deposited in a different account. There is also a phishing email aimed at users of tax software. The phishing email asks the user to update their online profile.
Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump
Cisco is warning of a critical vulnerability in more than 300 models of its switches and routers. The vulnerability was discovered when Cisco went through the release of the Vault 7 documents from WikiLeaks. There is currently no patch or workaround according to Cisco.
Local Windows Admins Can Hijack Sessions Without Credentials
Assuming you can get local admin privileges on a PC you may be able to hijack other users sessions without credentials. The attack is done using native command line Windows tools. Currently Microsoft is not looking at this as a security vulnerability, if you have admin right you can do most anything. The key for enterprise is controlling who gets admin rights on your networks.
Pwn2Own hacking contest ends with two virtual machine escapes
Two teams from China chained vulnerabilities together to break out of virtual machines to take top prizes at Pwn2Own. They had to escape from the guest OS running inside the VMware Workstation to the host OS.
Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017
This article gives a rundown of day one of Pwn2Qwn 2017. Participants in Pwn2Own work on their attacks prior to the competition and have to complete the attacks in a timed completion. The exploits are turned over to the affected software vendors.
Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them
Phishing emails are the delivery method of choice for a lot of malware. The more technically savvy of us may think we won’t get fooled by these phishing emails. Don’t get to confident, some of these phishing attacks are very good. This article has some good advice for all of us.