IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”

In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.

This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had “a good number of customers” who had large sums deposited into their bank accounts at the same time.

Dodd said the bank customers received hefty deposits into their accounts from the U.S. Treasury, and shortly thereafter were contacted by phone by someone claiming to be a collections agent for a firm calling itself DebtCredit and using the Web site name debtcredit[dot]us.

“We’re having customers getting refunds they have not applied for,” Dodd said, noting that the transfers were traced back to a local tax preparer who’d apparently gotten phished or hacked. Those banks are now working with affected customers to close the accounts and open new ones, Dodd said. “If the crooks have breached a tax preparer and can send money to the client, they can sure enough pull money out of those accounts, too.”

Several of the Oklahoma bank’s clients received customized notices from a phony company claiming to be a collections agency hired by the IRS.

The domain debtcredit[dot]us hasn’t been active for some time, but an exact copy of the site to which the bank’s clients were referred by the phony collection agency can be found at jcdebt[dot]com — a domain that was registered less than a month ago. The site purports to be associated with a company in New Jersey called Debt & Credit Consulting Services, but according to a record (PDF) retrieved from the New Jersey Secretary of State’s office, that company’s business license was revoked in 2010.

“You may be puzzled by an erroneous payment from the Internal Revenue Service but in fact it is quite an ordinary situation,” reads the HTML page shared with people who received the fraudulent IRS refunds. It includes a video explaining the matter, and references a case number, the amount and date of the transaction, and provides a list of personal “data reported by the IRS,” including the recipient’s name, Social Security Number (SSN), address, bank name, bank routing number and account number.

All of these details no doubt are included to make the scheme look official; most recipients will never suspect that they received the bank transfer because their accounting firm got hacked.

The scammers even supposedly assign the recipients an individual “appointed debt collector,” complete with a picture of the employee, her name, telephone number and email address. However, the emails to the domain used in the email address from the screenshot above (debtcredit[dot]com) bounced, and no one answers at the provided telephone number.

Along with the Web page listing the recipient’s personal and bank account information, each recipient is given a “transaction error correction letter” with IRS letterhead (see image below) that includes many of the same personal and financial details on the HTML page. It also gives the recipient instructions on the account number, ACH routing and wire number to which the wayward funds are to be wired.

A phony letter from the IRS instructing recipients on how and where to wire the money that was deposited into their bank account as a result of a fraudulent tax refund request filed in their name.

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

On Feb. 2, 2018, the IRS issued a warning to tax preparers, urging them to step up their security in light of increased attacks. On Feb. 13, the IRS warned that phony refunds through hacked tax preparation accounts are a “quickly growing scam.”

“Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions,” the agency noted in the Feb. 2 alert. “Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.”

The IRS says taxpayer who receive fraudulent transfers from the IRS should contact their financial institution, as the account may need to be closed (because the account details are clearly in the hands of cybercriminals). Taxpayers receiving erroneous refunds also should consider contacting their tax preparers immediately.

If you go to file your taxes electronically this year and the return is rejected, it may mean fraudsters have beat you to it. The IRS advises taxpayers in this situation to follow the steps outlined in the Taxpayer Guide to Identity Theft. Those unable to file electronically should mail a paper tax return along with Form 14039 (PDF) — the Identity Theft Affidavit — stating they were victims of a tax preparer data breach.

Source: https://krebsonsecurity.com/2018/02/irs-scam-leverages-hacked-tax-preparers-client-bank-accounts/

Advertisements

iPhone 6s Rear Housing Repair – A Technician’s Guide

iPhone 6s Rear Housingfin

When completing a rear housing repair, there is a lot more to it than meets the eye. To the consumer, it seems like a simple swap from an old to new cover, but this repair is complicated, far more complicated than that of a screen repair or battery replacement.

To perform this repair every part must be extracted from the device and transferred to the new rear housing. Tearing down a device without breaking or damaging parts takes expert practice.

The detailed guide below showcases the intricate process that all technicians follow when completing this repair. Our top team will now walk you through the process… 

iPhone 6s Rear Housing Repair – A Step-By-Step Guide

 

Step 1  – The device must undergo a pre-check test, examining the entire phone for any unknown bumps or bruises.

 

Step 2 – The pentalobe screws either side of the charging port must be removed first, loosening the screen from the mid-frame.

 

IMG_20180209_131144

Step 3 – An iSesamo tool slides under the screen splitting the adhesive and removing the seal between the mid-frame and the screen.

 

IMG_20180209_131232

Step 4 – The PCB Connector bracket is unscrewed revealing the connector ribbon. This is disconnected with a plastic spludger ensuring the phone is now powerless.
 

IMG_20180209_131423

Step 5 – Once all four screws are taken out of the bracket, the upper sensor array connector is exposed. Again, this must be removed with the spludger, disconnecting the screen from the device.

 

IMG_20180209_131513

Step 6 – The adhesive ribbons under the battery are particularly difficult to remove. Too much force will snap the adhesive. The battery should detach from the mid-frame once the two adhesive ribbons have been removed.

 

Step 7 – There are two minute screws either side of the camera, these must be unscrewed, loosening the bracket and revealing the rear camera. A plastic spludger can pry the camera connector from the motherboard.

 

Step 8 – A Sim-Card ejection tool is pushed into the ejection hole, the tray should pop out with ease but this is all dependent on the condition of the rear housing.
 

Step 9 – Using a plastic spludger, the lightning cable is disconnected from the motherboard, allowing more space for the precarious process ahead.

 

Step 10 – The charging port antenna must be dislocated from its connection on the motherboard.

 

IMG_20180209_131935

Step 11 – The same must be done for the upper earpiece antenna. This cable must be moved away from the device when removing the motherboard.

 

IMG_20180209_132059

Step 12 – Two phillip screws opposite the flash bracket are first to be removed, freeing a tiny bracket.

 

IMG_20180209_132004

Step 13 – Two screws holding the motherboard’s rear case are next to be removed: One by the Sim Card reader and the other is adjacent to the flash connector, highlighted in the image above.

 

IMG_20180209_132215

Step 14 – The audio connector cable bracket is detached from the board and the three screws securing the antenna are removed. There are two more screws on the edge of the frame, these too must be taken out. This will free the wifi antenna from the device.

 

IMG_20180209_132357

Step 15 – The screw grasping the rear motherboard frame can be removed and the audio control cable connector can be disconnected, The motherboard is no longer secured to the rear housing.

 

IMG_20180209_13253

Step 16 – The bracket holding the flash in place must be removed. There are three separate screws either side of the bracket protecting the flash and the connector.  The spludger is then used to pry the flash from the rear housing.

 

Step 17 – Before you attempt to work away at the flexes, there are a number of screws connected to the power and volume buttons which must be taken out.

 

IMG_20180209_132729

Step 18 – A spludger is worked around the flex, lifting it from the case and prying the flash from it’s connector.

 

IMG_20180209_132849

Step 19 – After removing the vibrating motor, the antenna running down the rear case must be pulled from the metal clip which holds it in place.

 

IMG_20180209_132944

Step 20 – Five screws must then be removed from around the loudspeaker, we then use our fingers to lift and remove the assembly from the rear case.


IMG_20180209_133151

Step 21 – Two screws must be removed from the headphone jack, there is also a screw situated on the microphone bracket which must be unscrewed.

 

Step 22 – Adjacent to the microphone bracket there is one screw to the left of the battery connector. The two screws securing the lightning charging must then be removed.

 

IMG_20180209_133302

Step 23 – Finally, there are two small screws at the edge of the iPhone which must be taken.

 

IMG_20180209_133417

Step 24 – There are two microphones either side of the charging port. The tip of a plastic spludger is used to split the adhesive securing the two components to the frame.

 

Step 25 – A spludger is then used to peel the lighting connector from the rear casing, removing the charging port from the assembly.

 

Step 26 – The four brackets and buttons either side of the old assembly must be transferred into the fresh new frame.

When reassembling the device, there are 5 golden rules our top Technicians follow…

 

Put the screw in the right hole

When relocating screws back into the device, it’s essential that all screws make their way back into their original holes.
 

IMG_20180209_131211

Failure to do so can lead to serious problems, most notably – Long Screw Damage. The scariest three words in the Mobile Phone Repairs world!  If the screw pierces through the motherboard, it can cause greater damages, far more expensive than a rear housing repair, possibly breaking it beyond economical repair.
 

IMG_20180209_133355

To combat this issue, a technician will implement screw mapping (as shown above). This gives the technician a clear indication of the location for each screw.

Make sure it sits flush

All parts are there for a reason, big or small. There are numerous brackets and gaskets within the device, each has its own purpose.
 
 
IMG_20180209_133842

When completing a rear housing repair, it is essential that all parts are transplanted correctly. If one piece was to be fitted wrong or not moved to the new assembly, parts will not sit flush, leading to more damages and repairs in the future.

Don’t glue your battery into the new housing

When removing the battery from an iPhone 6s, both adhesive tapes are pulled and removed freeing the battery from the midframe. However when transferring the battery over to the new housing, the technician will need to use adhesive to stick the battery back into place. It’s vital to re-apply adhesive as a loose battery can cause the battery connector to unclip from the motherboard.
 
 
IMG_20180209_131532

However, technicians will always avoid using adhesive glue. There needs to be some movability to allow for expansion of the battery. By gluing it down, it restricts the battery from growing, which could tear, smoke and possibly cause a fire. 

Be gentle with all connector ribbons

The most delicate components within the device are the connector ribbons. Each ribbon plays a vital part in the device running smoothly. Whether that be a display screen or the battery connector ribbon, these are the veins that connect major components to the motherboard.
 
 
IMG_20180209_141025

When connecting the cables, it’s essential to use a plastic spludger to deny any possibility of damaging a connection leading to the motherboard.

Always perform a Quality Control Check before passing a device

Before the device is given the all clear, a routine quality control check must be performed to ensure all parts are working correctly.
 
 
IMG_20180209_142337

All aspects of the device are checked from the screen to the microphone. This check is performed across all devices, ensuring they meet our high quality standards.
 
An iPhone 6s rear housing repair is not for the faint hearted. There are many risks when stripping and transplanting the device from one housing to another. All repair of this difficulty should be completed by a professional. Our repair centre technicians are highly experienced at completing repairs of this calibre.

iMend advise all inexperienced DIY techs to seek help from a professional when undertaking such a challenging repair.

If you are in need of an iPhone 6s rear housing repair, look no further than iMend.com. Click here to view the many types of repairs we offer.

The post iPhone 6s Rear Housing Repair – A Technician’s Guide appeared first on iMend Blog.

Source: https://www.imend.com/blog/iphone-6s-rear-housing-repair-a-technicians-guide/

New EU Privacy Law May Weaken Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats.

On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires technology companies to get affirmative consent for any information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.

In response, the Internet Corporation for Assigned Names and Numbers (ICAAN) — the nonprofit entity that manages the global domain name system — is poised to propose changes to the rules governing how much personal information Web site name registrars can collect and who should have access to the data.

Specifically, ICANN has been seeking feedback on a range of proposals to redact information provided in WHOIS, the system for querying databases that store the registered users of domain names and blocks of Internet address ranges (IP addresses).

Under current ICANN rules, domain name registrars should collect and display a variety of data points when someone performs a WHOIS lookup on a given domain, such as the registrant’s name, address, email address and phone number. (Most registrars offer a privacy protection service that shields this information from public WHOIS lookups; some registrars charge a nominal fee for this service, while others offer it for free).

In a bid to help domain registrars comply with the GDPR regulations, ICANN has floated several proposals, all of which would redact some of the registrant data from WHOIS records. Its mildest proposal would remove the registrant’s name, email, and phone number, while allowing self-certified 3rd parties to request access to said data at the approval of a higher authority — such as the registrar used to register the domain name.

The most restrictive proposal would remove all registrant data from public WHOIS records, and would require legal due process (such as a subpoena or court order) to reveal any information supplied by the domain registrant.

ICANN’s various proposed models for redacting information in WHOIS domain name records.

The full text of ICANN’s latest proposed models (from which the screenshot above was taken) can be found here (PDF). A diverse ICANN working group made up of privacy activists, technologists, lawyers, trademark holders and security experts has been arguing about these details since 2016. For the curious and/or intrepid, the entire archive of those debates up to the current day is available at this link.

WHAT IS THE WHOIS DEBATE?

To drastically simplify the discussions into two sides, those in the privacy camp say WHOIS records are being routinely plundered and abused by all manner of ne’er-do-wells, including spammers, scammers, phishers and stalkers. In short, their view seems to be that the availability of registrant data in the WHOIS records causes more problems than it is designed to solve.

Meanwhile, security experts are arguing that the data in WHOIS records has been indispensable in tracking down and bringing to justice those who seek to perpetrate said scams, spams, phishes and….er….stalks.

Many privacy advocates seem to take a dim view of any ICANN system by which third parties (and not just law enforcement officials) might be vetted or accredited to look at a domain registrant’s name, address, phone number, email address, etc. This sentiment is captured in public comments made by the Electronic Frontier Foundation‘s Jeremy Malcolm, who argued that — even if such information were only limited to anti-abuse professionals — this also wouldn’t work.

“There would be nothing to stop malicious actors from identifying as anti-abuse professionals – neither would want to have a system to ‘vet’ anti-abuse professionals, because that would be even more problematic,” Malcolm wrote in October 2017. “There is no added value in collecting personal information – after all, criminals are not going to provide correct information anyway, and if a domain has been compromised then the personal information of the original registrant isn’t going to help much, and its availability in the wild could cause significant harm to the registrant.”

Anti-abuse and security experts counter that there are endless examples of people involved in spam, phishing, malware attacks and other forms of cybercrime who include details in WHOIS records that are extremely useful for tracking down the perpetrators, disrupting their operations, or building reputation-based systems (such as anti-spam and anti-malware services) that seek to filter or block such activity.

Moreover, they point out that the overwhelming majority of phishing is performed with the help of compromised domains, and that the primary method for cleaning up those compromises is using WHOIS data to contact the victim and/or their hosting provider.

Many commentators observed that, in the end, ICANN is likely to proceed in a way that covers its own backside, and that of its primary constituency — domain registrars. Registrars pay a fee to ICANN for each domain a customer registers, although revenue from those fees has been falling of late, forcing ICANN to make significant budget cuts.

Some critics of the WHOIS privacy effort have voiced the opinion that the registrars generally view public WHOIS data as a nuisance issue for their domain registrant customers and an unwelcome cost-center (from being short-staffed to field a constant stream of abuse complaints from security experts, researchers and others in the anti-abuse community).

“Much of the registrar market is a race to the bottom, and the ability of ICANN to police the contractual relationships in that market effectively has not been well-demonstrated over time,” political blogger Andrew Sullivan observed.

In any case, sources close to the debate tell KrebsOnSecurity that ICANN is poised to recommend a WHOIS model loosely based on Model 1 in the chart above.

Specifically, the system that ICANN is planning to recommend, according to sources, would ask registrars and registries to display just the domain name, city, state/province and country of the registrant in each record; the public email addresses would be replaced by a form or message relay link that allows users to contact the registrant. The source also said ICANN plans to leave it up to the registries/registrars to apply these changes globally or only to natural persons living in the European Economic Area (EEA).

In addition, sources say non-public WHOIS data would be accessible via a credentialing system to identify law enforcement agencies and intellectual property rights holders. However, it’s unlikely that such a system would be built and approved before the May 25, 2018 effectiveness date for the GDPR, so the rumor is that ICANN intends to propose a self-certification model in the meantime.

ICANN spokesman Brad White declined to confirm or deny any of the above, referring me instead to a blog post published Tuesday evening by ICANN CEO Göran Marby. That post does not, however, clarify which way ICANN may be leaning on the matter.

“Our conversations and work are on-going and not yet final,” White wrote in a statement shared with KrebsOnSecurity. “We are converging on a final interim model as we continue to engage, review and assess the input we receive from our stakeholders and Data Protection Authorities (PDAs).”

But with the GDPR compliance deadline looming, some registrars are moving forward with their own plans on WHOIS privacy. GoDaddy, one of the world’s largest domain registrars, recently began redacting most registrant data from WHOIS records for domains that are queried via third-party tools. And it seems likely that other registrars will follow GoDaddy’s lead.

ANALYSIS

For my part, I can say without hesitation that few resources are as critical to what I do here at KrebsOnSecurity than the data available in the public WHOIS records. WHOIS records are incredibly useful signposts for tracking cybercrime, and they frequently allow KrebsOnSecurity to break important stories about the connections between and identities behind various cybercriminal operations and the individuals/networks actively supporting or enabling those activities. I also very often rely on WHOIS records to locate contact information for potential sources or cybercrime victims who may not yet be aware of their victimization.

In a great many cases, I have found that clues about the identities of those who perpetrate cybercrime can be found by following a trail of information in WHOIS records that predates their cybercriminal careers. Also, even in cases where online abusers provide intentionally misleading or false information in WHOIS records, that information is still extremely useful in mapping the extent of their malware, phishing and scamming operations.

Anyone looking for copious examples of both need only to search this Web site for the term “WHOIS,” which yields dozens of stories and investigations that simply would not have been possible without the data currently available in the global WHOIS records.

Many privacy activists involved in to the WHOIS debate have argued that other data related to domain and Internet address registrations — such as name servers, Internet (IP) addresses and registration dates — should also be considered private information. My chief concern if this belief becomes more widely held is that security companies might stop sharing such information for fear of violating the GDPR, thus hampering the important work of anti-abuse and security professionals.

This is hardly a theoretical concern. Last month I heard from a security firm based in the European Union regarding a new Internet of Things (IoT) botnet they’d discovered that was unusually complex and advanced. Their outreach piqued my curiosity because I had already been working with a researcher here in the United States who was investigating a similar-sounding IoT botnet, and I wanted to know if my source and the security company were looking at the same thing.

But when I asked the security firm to share a list of Internet addresses related to their discovery, they told me they could not do so because IP addresses could be considered private data — even after I assured them I did not intend to publish the data.

“According to many forums, IPs should be considered personal data as it enters the scope of ‘online identifiers’,” the researcher wrote in an email to KrebsOnSecurity, declining to answer questions about whether their concern was related to provisions in the GDPR specifically.  “Either way, it’s IP addresses belonging to people with vulnerable/infected devices and sharing them may be perceived as bad practice on our end. We consider the list of IPs with infected victims to be private information at this point.”

Certainly as the Internet matures and big companies develop ever more intrusive ways to hoover up data on consumers, we also need to rein in the most egregious practices while giving Internet users more robust tools to protect and preserve their privacy. In the context of Internet security and the privacy principles envisioned in the GDPR, however, I’m worried that cybercriminals may end up being the biggest beneficiaries of this new law.

Source: https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/

Win A Spa Day For Two – Valentines Day Comp

Spabreaks comp

Happy Valentines Day From iMend.com

Mobile Phones aren’t the only things we mend. This #ValentinesDay we are mending hearts too.

You and your lover could be the lucky winners of a Spa Day for Two, courtesy of SpaBreaks.com, the largest spa recommendation service in the UK.

The Spa Day for 2, worth £109.95, is applicable across over 75 venues dotted around the UK.  Inclusions & when applicable vary at each Venue: please refer to each hotel for further information: http://imend.co/2CiLpHa

Fancy being in with a chance of winning this relaxing prize? This is all you have to do…

 Facebook

Just like our page and share the competition post. Click here to view the post.

Twitter

Just Follow @imenddotcom and @spabreaks and RT the competition. Click here to view the post.

Terms and Conditions

1.The promoter is: iMend.com whose registered office is at iMend.com Spear House, Burntwood, Staffordshire, WS7 3GL, United Kingdom.

2.Employees of iMend.com or SpaBreaks.com or anyone else connected in any way from both companies with the competition or helping to set up the competition shall not be permitted to enter the competition.

3.There is no entry fee and no purchase necessary to enter this competition.

4.Closing date and time for entry will be 5pm on Friday 16th January 2018. After this date, no further entries to the competition will be permitted.

4.No responsibility can be accepted for entries not received for whatever reason.

5.The rules of the competition and the prize for each winner are as follows: Prize: 1x Selection Spa Days For 2 worth £109.95 each

6.iMend.com will contact him/her and ask them to send their contact details to hello@iMend.com so the iMend team can dispatch the prize.

7.iMend.com reserve the right to cancel or amend the competition and these terms and conditions. Any changes to the competition will be notified to entrants as soon as possible by the promoter.

8.The promoter is not responsible for inaccurate prize details supplied to any entrant by any third party connected with this competition.

9.No cash alternative to the prize will be offered. The prize is not transferable. Prize is subject to availability and we reserve the right to substitute any prize with another of equivalent value without giving notice.

10.Winners must be a UK resident and will be chosen at random by software provided by iMend.com from all entries received and verified by Promoter and or its agents.

11.The winner will be notified by social media on Monday 19th February 2018. If the winner cannot be contacted or does not claim the prize within a further 7 days of the notification, we reserve the right to withdraw the prize from the winner and pick a replacement winner.

12.The promoter will notify the winner when and where the prize can be collected.

13.The promoter’s decision in respect of all matters to do with the competition will be final and no correspondence will be entered into.

14.By entering this competition, an entrant is indicating his/her agreement to be bound by these terms and conditions.

15.The competition and these terms and conditions will be governed by English law and any disputes will be subject to the exclusive jurisdiction of the courts of England.

16.The winner agrees to the use of his/her name and image in any publicity material. Any personal data relating to the winner or any other entrants will be used solely in accordance with current UK data protection legislation and will not be disclosed to a third party without the entrant’s prior consent.

17.Entry into the competition will be deemed as acceptance of these terms and conditions.

18.This promotion is in no way sponsored, endorsed or administered by, or associated with, Facebook, Twitter or any other Social Network. You are providing your information to iMend and not to any other party. The information provided will be used in conjunction with the following Privacy Policy found at http:/imend.com/

19.This is a third partner offer through SpaBreaks.com, who are offering the prize. Any issues with voucher redemption or enquiries associated with the product will need to be directed through them.

20.The winner will be selected by an individual panel at iMend, and their decision will be finalSpabreaks.com is the largest spa recommendation service in the UK, with a range of packages to suit every body! There are three things that separate

21.Spabreaks.com from all other online spa booking experiences: product, people and pioneering ideas. Operating in the UK and abroad, we offer low cost spa days and holidays for singletons, hen parties, groups and everyone in between as well as bootcamp, recovery retreats, and special offers exclusive to our site! Terms & Conditions

22.Spabreaks.com Selection Spa Days for 2, worth £109.95. Available to redeem at over 75 venues Inclusions & when applicable vary at each Venue: please refer to each hotel for further information http://www.spabreaks.com/spa_selection_venues

The post Win A Spa Day For Two – Valentines Day Comp appeared first on iMend Blog.

Source: https://www.imend.com/blog/win-a-spa-day-for-two-valentines-day-comp/

Microsoft Patch Tuesday, February 2018 Edition

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.

February’s Patch Tuesday batch includes fixes for at least 55 security holes. Some of the scarier bugs include vulnerabilities in Microsoft Outlook, Edge and Office that could let bad guys or bad code into your Windows system just by getting you to click on a booby trapped link, document or visit a compromised/hacked Web page.

As per usual, the SANS Internet Storm Center has a handy rundown on the individual flaws, neatly indexing them by severity rating, exploitability and whether the problems have been publicly disclosed or exploited.

One of the updates addresses a pair of serious vulnerabilities in Adobe Flash Player (which ships with the latest version of Internet Explorer/Edge). As KrebsOnSecurity warned last week, there are active attacks ongoing against these Flash vulnerabilities.

Adobe is phasing out Flash entirely by 2020, but most of the major browsers already take steps to hobble Flash. And with good reason: It’s a major security liability. Chrome also bundles Flash, but blocks it from running on all but a handful of popular sites, and then only after user approval.

For Windows users with Mozilla Firefox installed, the browser prompts users to enable Flash on a per-site basis. Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user’s preference on subsequent visits.

The latest standalone version of Flash that addresses these bugs is 28.0.0.161 for Windows, Mac, Linux and Chrome OS. But most users probably would be better off manually hobbling or removing Flash altogether, since so few sites actually require it still. Disabling Flash in Chrome is simple enough. Paste “chrome://settings/content” into a Chrome browser bar and then select “Flash” from the list of items. By default it should be set to “Ask first” before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.

People running Adobe Reader or Acrobat also need to update, as Adobe has shipped new versions of these products that fix at least 39 security holes. Adobe Reader users should know there are alternative PDF readers that aren’t so bloated or full of security issues. Sumatra PDF is a good, lightweight alternative.

Experience any issues, glitches or problems installing these updates? Sound off about it in the comments below.

Source: https://krebsonsecurity.com/2018/02/microsoft-patch-tuesday-february-2018-edition/

Pancake Selfie Challenge – Win A Free £50 Voucher

Pancake Day

 

Pancake Day is upon us! To celebrate, we are giving away a £50 voucher to the winner of our favourite pancake selfie.

From extreme pancake tosses to batter mix masterpieces – it’s time to get creative. Whether your making, cooking or eating pancakes send your selfie to our social pages to be in with the chance of winning this awesome prize.

Here’s our attempt, what do you think?

Top Tech Karol Holding His iMend Pancake

If you are interested in entering our competition all you need to do is the following:

Facebook: Like our page and upload a picture of your Pancake Selfie. Share the post with at least one person.
Twitter: Upload a picture of your Pancake Selfie on our Twitter, RT&F

It’s that simple!

We’ll pick one winner on Wednesday 13th February 2018.

And don’t forget this competition is open to everyone so feel free to share and let your friends know too!

What happens next:

We will pick one winner with what we consider to be the best pancake selfie. Winners will need to like or be following us at the time of the prize draw to be eligible for the prize.

The Legal Stuff
Terms and Conditions

1. The promoter is: iMend.com, whose registered office is at iMend.com, Spear House, Burntwood, Staffordshire, WS7 3GL, United Kingdom. Employees of iMend or anyone else connected in any way with iMend.com, the competition or helping to set up the competition shall not be permitted to enter the competition.

2. There is no entry fee and no purchase necessary to enter this competition.

3. Closing date and time for entry will be the 13th February 2018 at 12pm PDT. After this date, no further entries to the competition will be permitted.

4. No responsibility can be accepted for entries not received for whatever reason.

5. Prize: One Amazon Voucher worth £50. Once the winner is chosen, the iMend team will contact him/her and ask them to send their contact details to so the iMend team can proceed with the repair.

6. iMend.com reserve the right to cancel or amend the competition and these terms and conditions.

7. The promoter is not responsible for inaccurate prize details supplied to any entrant by any third party connected with this competition.

8. No cash alternative to the prize will be offered. The prize is not transferable. Prize is subject to availability and we reserve the right to substitute any prize with another of equivalent value without giving notice.

9. Winners must be a UK resident and will be chosen at 5pm on 2nd January 2018 by iMend management from all entries received and verified by Promoter and or its agents.

10. The winner will be notified by social media on 3rd January. If the winner cannot be contacted or does not claim the prize within a further 7 days of the notification, we reserve the right to withdraw the prize from the winner and pick a replacement winner.

11. The promoter’s decision in respect of all matters to do with the competition will be final and no correspondence will be entered into.

12. By entering this competition, an entrant is indicating his/her agreement to be bound by these terms and conditions.

13. The competition and these terms and conditions will be governed by English law and any disputes will be subject to the exclusive jurisdiction of the courts of England.

14. The winner agrees to the use of his/her name and image in any publicity material. Any personal data relating to the winner or any other entrants will be used solely in accordance with current UK data protection legislation and will not be disclosed to a third party without the entrant’s prior consent.

15. Entry into the competition will be deemed as acceptance of these terms and conditions.

16. This promotion is in no way sponsored, endorsed or administered by, or associated with, Facebook, Twitter or any other Social Network. You are providing your information to iMend and not to any other party. The information provided will be used in conjunction with the following Privacy Policy found at http://www.imend.com

The post Pancake Selfie Challenge – Win A Free £50 Voucher appeared first on iMend Blog.

Source: https://www.imend.com/blog/pancake-selfie-challenge/

Domain Theft Strands Thousands of Web Sites

Newtek Business Services Corp. [NASDAQ:NEWT], a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend. The theft shut off email and stranded Web sites for many of Newtek’s customers.

An email blast Newtek sent to customers late Saturday evening made no mention of a breach or incident, saying only that the company was changing domains due to “increased” security. A copy of that message can be read here (PDF).

In reality, three of their core domains were hijacked by a Vietnamese hacker, who replaced the login page many Newtek customers used to remotely manage their Web sites (webcontrolcenter[dot]com) with a live Web chat service. As a result, Newtek customers seeking answers to why their Web sites no longer resolved correctly ended up chatting with the hijacker instead.

The PHP Web chat client that the intruder installed on Webcontrolcenter[dot]com, a domain that many Newtek customers used to manage their Web sites with the company. The perpetrator can be seen in this chat using the name “admin.” Click to enlarge.

In a follow-up email sent to customers 10 hours later (PDF), Newtek acknowledged the outage was the result of a “dispute” over three domains, webcontrolcenter[dot]com, thesba[dot]com, and crystaltech[dot]com.

“We strongly request that you eliminate these domain names from all your corporate or personal browsers, and avoid clicking on them,” the company warned its customers. “At this hour, it has become apparent that as a result over the dispute for these three domain names, we do not currently have control over the domains or email coming from them.”

The warning continued: “There is an unidentified third party that is attempting to chat and may engage with clients when visiting the three domains. It is imperative that you do not communicate or provide any sensitive data at these locations.”

Newtek did not respond to requests for comment.

Domain hijacking is not a new problem, but it can be potentially devastating to the victim organization. In control of a hijacked domain, a malicious attacker could seamlessly conduct phishing attacks to steal personal information, or use the domain to foist malicious software on visitors.

Newtek is not just a large Web hosting firm: It aims to be a one-stop shop for almost any online service a small business might need. As such, it’s a mix of very different business units rolled up into one since its founding in 1998, including lending solutions, HR, payroll, managed cloud solutions, group health insurance and disaster recovery solutions.

“NEWT’s tentacles go deep into their client’s businesses through providing data security, human resources, employee benefits, payments technology, web design and hosting, a multitude of insurance solutions, and a suite of IT services,” reads a Sept. 2017 profile of the company at SeekingAlpha, a crowdsourced market analysis publication.

Newtek’s various business lines. Source: Newtek.

Reached via the Web chat client he installed at webcontrolcenter[dot]com, the person who claimed responsibility for the hijack said he notified Newtek five days ago about a “bug” he found in the company’s online operations, but that he received no reply.

A Newtek customer who resells the company’s products to his clients said he had to spend much of the weekend helping clients regain access to email accounts and domains as a result of the incident. The customer, who asked to remain anonymous, said he was shocked that Newtek made little effort to convey the gravity of the hijack to its customers — noting that the company’s home page still makes no mention of the incident.

“They also fail to make it clear that any data sent to any host under the domain could be recorded (email passwords, web credentials, etc.) by the attacker,” he said. “I’m floored at how bad their communication was to their users. I’m not surprised, but concerned, that they didn’t publish the content in the emails directly on their website.”

The source said that at a minimum Newtek should have expired all passwords immediately and required resets through non-compromised hosts.

“And maybe put a notice about this on their home page instead of relying on email, because a lot of my customers can’t get email right now as a result of this,” the source said.

There are a few clues that suggest the perpetrator of these domain hijacks is indeed being truthful about both his nationality and that he located a bug in Newtek’s service. Two of the hijacked domains were moved to a Vietnamese domain registrar (inet.vn).

This individual gave me an email address to contact him at — hd2416@gmail.com — although he has so far not responded to questions beyond promising to reply in Vietenamese. The email is tied to two different Vietnamese-language social networking profiles.

A search at Domaintools indicates that this address is linked to the registration records for four domains, including one (giakiemnew[dot]com) that was recently hosted on a dedicated server operated by Newtek’s legacy business unit Crystaltek [full disclosure: Domaintools is an advertiser on this site]. Recall that Crystaltek[dot]com was among the three hijacked domains.

In addition, the domain giakiemnew[dot]com was registered through Newtek Technology Services, a domain registration service offered by Newtek. This suggests that the perpetrator was in fact a customer of Newtek, and perhaps did discover a vulnerability while using the service.

Source: https://krebsonsecurity.com/2018/02/domain-theft-strands-thousands-of-web-sites/