Hackers allegedly emptied brokerage accounts with a simple email scam — here’s how to protect yourself

From cnbc.com

Image result for scam

Prosecutors in Brooklyn, New York, said in November that a Lithuanian man and an unknown co-conspirator emptied the brokerage accounts of hapless victims, stealing hundreds of thousands of dollars. The losses would have been worse, but for a handful of investors who made some seemingly simple but savvy moves to stop the fraud from happening.

Read more…

December Patch Tuesday blunts WizardOpium attack chain

From nakedsecurity.sophos.com

December 2019’s Patch Tuesday updates are out, and for the most part, it’s the usual undemanding Christmas load for admins to browse through.

All told, there are 36 CVE-level vulnerabilities, seven of which are marked ‘critical’, 27 important, and one each for low and moderate.

Predictably, the critical flaws are all remote code execution (RCE) flaws, five relating to Git for Visual Studio, one in Hyper-V, and one in the Win32k Graphics subsystem.

Read more…

WhatsApp to sue companies that abuse the platform for bulk messaging

From zdnet.com

WhatsApp has announced a clampdown on the abuse of business features for bulk messaging with the enforcement of legal action. 

The messaging application is popular with consumers with an estimated 300 million active daily users. The massive user base gave rise to a business opportunity for the Facebook-owned company, leading to the development of the WhatsApp Business app and the WhatsApp Business API. 

Read more…

Microsoft Security Essentials to Die with Windows 7 in January

From hotforsecurity.bitdefender.com

Microsoft says it doesn’t plan to provide security updates for the Microsoft Security Essentials component integrated into Windows 7 after the operating system reaches its end of life in a little over five weeks.

The life of Windows 7 is set to end on January 14th, 2020, and security updates for the operating system will cease to arrive. Microsoft Security Essentials is the antivirus component implemented by default on Windows 7, but that tool will be abandoned along with everything else.

Read more…

Lazarus Group Evolves Fileless Mac Threat

From labs.k7computing.com

Taking the fileless route was unheard of with Mac malware. Until now, that is! This blog describes a brand new fileless tactic pioneered by the infamous Lazarus cybercriminal group which should set the alarm bells ringing about the continuous and evolving threats in the Mac world. 

Read more…

WireGuard may be merged into the Linux kernel mainline

From meterpreter.org

WireGuard Linux kernel

For WireGuard, news has been flowing for the past few weeks, as rumors have it that this secure VPN tunnel will soon be merged into the Linux kernel mainline and will be supported on all other mainstream platforms. It turns out that WireGuard is likely to appear in the Linux 5.5 kernel without having to wait for Linux 5.6.

Read more…