Articles of interest from the week of January 15, 2024

IRS, Security Summit Partners Warn of Surge in “New Client” Scams Aimed at Tax Pros As 2024 Filing Season Approaches

The Internal Revenue Service and the Security Summit partners recently alerted tax professionals to watch out for a new round of filing season-related email schemes where cybercriminals pose as potential clients. (IRS)

“Phishing scams pose a heightened threat during tax season, as cybercriminals exploit the urgency and complexity of filing taxes to target unsuspecting taxpayers and tax professionals. Client scams specifically taking aim at tax professionals with the 2024 filing season is a novel approach and shows how tactics evolve. Tax professionals and taxpayers alike are urged to exercise extreme caution of any requests for sensitive information by verifying the identity of the sender via secondary communication methods and never clicking on any links or attachments until their authenticity can be verified. As tax season unfolds - and in general-  adopting cybersecurity best practices and enlisting professional cybersecurity services (such as monitoring and Phishing Email Analysis) becomes imperative in safeguarding personal and financial data from the evolving landscape of cyber threats.” – Hunter Landry, Senior SOC Analyst at Ingalls Information Security   “Professional monitoring and personal vigilance are integral parts of the fabric that makes up safeguarding financial service activities. This warning from the IRS Security Summit is a timely reminder that a proactive approach in developing comprehensive strategies for evolving threats is needed. Regular review of an organization's security measures such as email filtering, MFA, encryption of data, as well as education surrounding policies relating to communications remain top recommendations.” – Jessica Owens, Senior SOC Analyst at Ingalls Information Security

Google Warns of Chrome Browser Zero-Day Being Exploited

Google has pushed out an urgent Chrome browser update to fix a trio of high-severity security defects and warned that one of the bugs is already being exploited in the wild. The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine. (SecurityWeek)

CISA: Critical SharePoint Bug Actively Exploited

A critical Microsoft SharePoint server bug that can form part of a remote code execution (RCE) exploit chain has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-29357, is an elevation of privilege vulnerability with a CVSS v3 score of 9.8. It was patched by Microsoft in June last year. (SC Media)

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific API and improper validation of user-supplied data. (The Hacker News)

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

In December, Wordfence received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated threat actors to reset the API key used to authenticate to the mailer and view logs, including password reset emails on WordPress sites that use this plugin. We also received another submission shortly after for an Unauthenticated Stored Cross-Site Scripting vulnerability in POST SMTP Mailer plugin from another researcher. This vulnerability enables threat actors to inject malicious web scripts into pages. (Wordfence)

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Recent posts on the Dark Web introduced a new tool that incorporates Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and Business E-Mail Compromise (BEC). According to an FBI Report, successful business email compromise (BEC) scams (such as invoice fraud) resulted in an average loss of over $120,000 per incident, inflicting a staggering financial toll of more than $2.4 billion on organizations. (Securityaffairs)

Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories

Intel, AMD, Zoom, and Splunk have each released security advisories on the first Patch Tuesday of 2024 to inform customers about vulnerabilities found in their products. (SecurityWeek)