(Credit: Getty Images)
There may technically be a ceasefire in the war with Iran at the moment, but state-sponsored hacking campaigns rarely obey such things. And sure enough, this week, American intelligence agencies warned that Iranian hackers are planning to target vulnerable technology used in the water and energy sectors. Of course, this is on top of other recent hacks by similar groups, including one on a medical equipment provider and another that breached the FBI director’s personal Gmail account. So the bombs may have stopped for now, but the cyberattacks continue.
Meanwhile, Microsoft is having a pretty rough week. First, LinkedIn, which is owned by Microsoft, has been accused of spying on its users by scanning their browsers to identify which extensions they use. Just one day later, the company was hit with two class action lawsuits over the scanning. Microsoft says everything it does is above board and in accordance with its privacy policy, but the matter certainly won’t end here.
In other Microsoft news, developers of popular services like encryption software Veracrypt and the VPN protocol WireGuard woke up this week to find their developer accounts frozen, meaning they can’t sign drivers or push updates to their products until the issue is resolved. The issue seems to be fairly widespread, too, with more companies joining the chorus to say they can’t work either. Microsoft says they’re looking into it.
If you think we’re done with Microsoft, think again. This week, the company announced that older Windows Secure Boot certificates (from 2011) are set to expire in June, and a forthcoming update to the Windows Security Center will help you see whether your PC is still protected. If it’s not, you can still use it, but it’ll be exposed to boot-level threats, and the company’s solution? Upgrade to Windows 11, of course. But if you’d rather not, we have some tips to keep your Windows 10 installation safe for the long term.
That’s a lot of bad news, but don’t worry, we’ll keep you up to date with ways to extend the life of your tech as much as possible, and as safely as possible. For now, though, let’s see what else is going on in the infosec world.
Traffic Violation Text Scams Are Evolving With QR Codes
Remember all those scam texts about unpaid tolls or EZ-Pass bills from last year? Well, while you may not get as many of those messages anymore, the ones you will get are even more complicated, according to a new report from our sister site, Mashable. Instead of just a scammy-looking link that’s semi-obvious to anyone looking closely, the new scams use fake, official-looking “legal notices,” and include QR codes that, when scanned, take you to a phishing site designed to look very much like your state’s DMV website.
Bleeping Computer also looked into the issue and noted that the scam messages often use language that sounds urgent, such as that your license will be revoked or your car will be impounded if you don’t pay the outstanding balance. Worse, the outstanding balances are usually low, like $6.99 or some other sub-$10 amount of money, which the victim may not feel bad about paying immediately to make the problem go away.
Once you go to the fake website and enter your personal information and payment details, though, all bets are off. At that point, the scammer has complete access to your personal and financial information and can charge you as much as they want, or just steal the data and use it later for identity theft. So far, the scam has been targeting residents in at least nine states, including California, Connecticut, Georgia, Illinois, New Jersey, New York, North Carolina, Virginia, and Texas, but there’s no reason to believe they’re staying limited to those places. So stay sharp, and make sure your phone’s built-in scam text protection is turned on.
Trump Administration Plans $700 Million in Cuts to CISA
Back in February, we highlighted the fact that CISA, the US Cybersecurity and Infrastructure Security Agency, is in trouble. It’s been sidelined and underfunded for a while now, and has largely drifted and been leaderless since the current administration took office. Officials from the agency were entirely absent from last month’s RSAC conference, despite cybersecurity threats to national security being at an all-time high, especially considering the country is at war. But Gizmodo reports that things are even more dire now, as the administration is planning over $700 million in cuts to the already cash-strapped and beleaguered agency.
The cuts will, somewhat predictably, target programs designed to counter misinformation and disinformation, as well as outreach programs that support collaboration between the government and private entities and foster international cooperation against security threats. It’s that first part that most experts claim is the real reason for the cuts, though. When CISA officials examined and debunked the Trump campaign’s election fraud claims back in 2020, the agency landed itself squarely in the crosshairs of the new administration when it came to power in 2024. Unfortunately, the end result is a weakened security agency, just as state-sponsored hackers are making bolder moves targeting companies at home and abroad.
Hackers Are Stealing Corporate Zendesk Support Tickets
If you’re like me, your spam folder is absolutely packed with emails from Zendesk. If you’re not as lucky as I am, those emails may have ended up in your actual inbox instead. Don’t worry, it’s not just you. According to Google’s Threat Intelligence Group, reported by Bleeping Computer, hackers have been targeting these BPOs, or business process outsourcing companies, to direct employees and customers to spoofed single sign-on webpages and steal their credentials.
It’s not just email phishing though; the hackers behind this campaign also distribute malware through fake security patches and updates to target company computers, and even use entire malware kits to copy clipboard contents (to obtain MFA tokens) and other sensitive data, as well as leaving behind remote access trojans (RATs) to make sure they have access to the company’s systems even if a compromised user changes their password. So far, the people behind these attacks have targeted companies from Adobe to Crunchyroll, so it’s not going anywhere soon.