Fake Retail Websites, URGENT Google Chrome, macOS, Microsoft Windows Update
Risk 1: High
Issue: Hacker group SilkSpecter has used AI and a distributed workforce to deploy several thousand fake retail and shopping websites to steal credit card data. To date, over 4,900 fake sites have been located, with the expected total to be near 5-6x that!
Resolution: There are several steps you can take to guard yourself this holiday season:
Don’t click links, especially on random websites or in e-mails. Instead, if you see a discount or sale, go directly to the retailer yourself.
Malicious code is quickly distributed on these sites. Avoid shopping, especially for personal reasons, on any devices with PII.
Most credit card providers allow for temporary and virtual credit card issuance. Request a temporary credit card with a low allowable limit for online purchases.
Risk 2: URGENT
Issue: New malware named “Glove Stealer” infects systems with Google Chrome, particularly those connected with Google Chrome Extensions. Even more scarily, the typical abuses are connected to Crypto Wallets, Multi-Factor Authentication Apps, and Password Managers. With this vulnerability, even when encrypted, the malware is able to access the data within these extensions.
This is an urgent alert and needs addressed immediately.
Resolution: You should limit your extension usage in Google Chrome for the time being.
If Chrome extension usage is essential, be sure to use an enterprise-level malware detection software.
If you have the capability to use another browser while we await a full browser update from Google, that may not be a bad idea.
Risk 3: Medium
Issue: A new collection of malware has been discovered specifically for macOS. Malware can now be encoded into e-mail attachments, particularly PDFs, and bypass typical scanning mechanisms. This malware is currently designed as a trojan horse, meaning it allows users remote access to your system, bypasses current encryption protocols.
Resolution: Make sure that your security suite is current, including both anti-virus and anti-malware.
Secondly, be extra suspicious of unexpected or unknown attachments, even from known senders.
Risk 4: Medium
Issue: Microsoft has released security updates for both Windows 10 and Windows 11 - this includes over 40 updates, 6 of which are considered high-level security related.
Resolution: Please install Windows updates immediately. Scheduling for end of workday should be sufficient based upon the risk level of these items.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
