Explorers Credit Union CIO Update: 6/26/16

Hackers and virus writers are always trying new ways to steal your personal information by installing malware without your content. Here is a list of latest emails they are utilizing to access your computer.

Email Subjects

“2018 HIPAA Changes and Beyond” – Project Hook Phishing
“Aslan Neferler Tim” Resumes and Expands DDoS Activity Against Banks and Governments
“Scanned Invoice” – Invoice Themed Phishing
“Payment Invoice” – Phishing
“Black box attack” – Cobalt Gang Activity
“Wage and Income Transcript” – IRS Themed Hanictor/Emotet Malspam
“Reporting of Covered and Suspicious Transactions” – Phishing Email Containing Dyreza Trojan
“Your Checking Account” – BB&T themed Phishing
“IRS Wage and Income Transcript” – Emotet Phishing
“[BULK] WTF is this?! Explain?!” – Email with malicious zip file attachment
“Contest Winner” – Scam
“Wicked” – A New Variant of Mirai Botnet
Office 365 – Themed Credential Harvesting Phishing
“Important : Please update your company information” – Lloyds Bank-Themed Phishing
“Outstanding Amount £23,831.64” – TrickBot Phishing
“Operation Avarice”
“Secure Email Message” with Trickbot Trojan
“Unpaid Invoice” – FlawedAmmyy RAT Malspam
“Final Invoice” – Phishing
“Press release” Cobalt Gang Phishing Campaign
“Remittance Copy” – Phishing
“Lloyds Bank Secure Exchange: New Message Received” – Phishing
“Account Notification” – American Express Themed Phishing
“You have received new messages from HMRC” – HMRC themed Trickbot Phishing
“Alert: returned invoice” – Wells Fargo themed Phishing
“FW: Completed Final CD/HUD for review 25/05”
“FW: FINAL CD/HUD FOR REVIEW 25/05”
Fishbowl Themed Phishing
“Concerning a internship?” – Phishing
“2018 HIPAA Changes and Beyond” – Project Hook Phishing
Bimonthly Member Report #5 – Microsoft Office 365 (O365) Credential Harvesting Phishing Campaigns
“Reporting of Covered and Suspicious Transactions” – Phishing Email Containing Dyreza Trojan
“Your Checking Account” – BB&T Themed Phishing
Facebook “Contest Winner” – Scam
Anonymous “Operation Avarice”
“[Important!] Payment Note – SWIFT details_Invoice” – SWIFT-Themed Phishing
Fake RBS “Secure Email Message” with Trickbot Trojan
“FW: NEW MATTER (URGENT PROPOSAL)..” Hawkeye Malware Campaign
“Receipts from yojun[@]rhapsody[.]asia” – DanaBot Malware Phishing

Programs

Symantec Endpoint Protection Client Multiple Vulnerabilities
Microsoft Exchange Server 2010 / 2013 / 2016 Outside In Multiple Vulnerabilities
McAfee Data Loss Prevention Multiple Vulnerabilities
McAfee Web Gateway Multiple Vulnerabilities
Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
Microsoft Windows Server 2008 / Windows 7 Multiple Vulnerabilities
Microsoft Internet Explorer Multiple Vulnerabilities
Microsoft Multiple Products Multiple Vulnerabilities
Microsoft Edge Multiple Vulnerabilities
McAfee Web Gateway Multiple Vulnerabilities
Google Chrome V8 Out-Of-Bounds Write Memory Access Vulnerability
Microsoft Windows Server 2012 / Windows RT 8.1 / 8.1 Multiple Vulnerabilities
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel Viewer 2007
Microsoft Office 2010
Microsoft Excel 2010
Microsoft Outlook 2010
Microsoft Publisher 2010
Microsoft Office Web Apps
Microsoft Office 2013
Microsoft Excel 2013
Microsoft Outlook 2013
Microsoft Office 2013 RT
Microsoft Excel 2013 RT
Microsoft Office Web Apps 2013
Microsoft Office 2016
Microsoft Outlook 2016
Microsoft Excel 2016
Microsoft Outlook 2013 RT
Microsoft Office Online Serve
Adobe Flash Player Multiple Vulnerabilities
Google Chrome Unspecified Vulnerability
Android Multiple Vulnerabilities Mozilla Firefox / Firefox ESR SVG Handling Buffer Overflow Vulnerability
Android Multiple Vulnerabilities
Trend Micro OfficeScan XG Multiple Vulnerabilities
Apple iOS Multiple Vulnerabilities
Apple iCloud for Windows Multiple Vulnerabilities
Apple macOS Multiple Vulnerabilities
Apple iTunes Multiple Vulnerabilities
Apple Safari Multiple Vulnerabilities