Iran (and possibly Russia) sending phishing emails to "Democrat" voters; just don't open them!

 

Voters may receive phishing emails which if opened contain threats for their being Democrats or opposing Trump and purporting to come from the Proud Boys, the FBI warns.

Users should not open these mails.  Hopefully, most email platforms will discard them as spam. It is disconcerting, however, that the spammers might have the home addresses of the recipients as scraped from state databases. 

These appear to have been sent from Iran based on information gathered from voter databases (and some of the information may have been available publicly, if improperly).

This seems to be a problem especially in Florida.

NPR has the story from Philip Ewing.

Users should realize that some of these emails might also attempt to lure the user into installing ransomware.

Google Chrome now gives you warnings on suspicious links (they look a little bit like Trend Micro's)

Here’s a little odd tip. Today I got a replacement card for one of my Bank of America cards.

Usually you are supposed to go to the BofA site  “/activate”. 

This time, I got a security warning from, it looked like, Google Chrome type 3, rather than from Trend.  This has never happened before.   I did not try this in Mozilla or Edge.

If I went through the site as normally logged on and then requested the page from the site’s menu, it did work normally.

This card enables touchless pay.  Bank of America’s instructions with digital wallets is here. 

“Wallet & Apple Pay” are on your iPhone about 20 items down under Settings, very conspicuous.

Security companies explain how to defeat encrypted malware with TLS 1.3

 

“F5” is offering a “course” and products that detect encrypted malware, usual invoked by phishing, but taking advantage of https protocols.

It also talks about how a business should increase its SSL visibility.

It also discusses the TLS (transport layer) Cipher Suite and the TLS 1.3 handshake.

Trend blocks a site used in connecting to security certificates (??), just once, anyway

 

Today, when I went to the “nbcwashington.com” site (Channel 4, a wholly owned subsidiary of NBC – I worked for NBC in New York City 1974-1977 and I would work for them again), Trend Micro save me a warning blocking “securetoday.org” when it tried to fetch the security certificate for https.  The security report said it was “Blocked”.

The second time I tried it, I did not get the warning. . 

But the site appears to be OK, according to this reference.

Picture:  My old camera did some colorizing artwork of its own somehow, but "bars are bad" (according to Dr. Fauci). 

US-Cert warns about Emotet malware

The US-Cert or Cybersecurity and Infrastructure Security Agency issues a strong advisory against Emotet Malware, bulletin AA20-280A, link. 

The malware is spread mainly by phishing  and tends to spread in organizational intranets and can corrupt Word and other documents, and steal credentials.

Some forms of it can also launch ransomware.

The malware has been known overseas since February.

UHS hospital chain incurs largest ever ransomware attack

United Health Services reports a catastrophic cascading ransomware attack on many of its hospitals, whose computers began to fail over the weekend.  NBC News reports. 

Most hospitals have daily backups of tests and patient records, but would need them to be even more frequent or continuous to deal with this.  Large installations are very dependent on scheduled batch processing like on mainframe.

The attack shows an issue with the economy-of-scale-driven consolidation of hospital companies and IT operations. 

George Washington University hospital belongs to UHS and was affected.

GWU is also participating in running the Moderna vaccine 3^rd phase.

I get security warning from some links that invoke a particular adware service

Sunday night, while I created a Wordpress post on my music, I gave a link (to “pro-tools-expert.com”) to show the status of Avid Sibelius with Apple’s Catalina OS-15.

When I clicked on the lick from inside the post, TrendMicro age me a warning and blocked access to “testgvbgjbhjb” .  I changed the link to another site and the waring went away.

The site seems to serve adware, and the warnings might be overhyped.

Here are three sources:  Stackexchange, sans,org, and Hybrid-analysis.