Apple iPhone/iPad, Microsoft Office, Google Chrome, Watchguard, FBI
Risk 1: Low
Issue: The FBI has issued a notice that multiple malicious sites impersonating their Crime Complaint Center (IC3 - www.ic3.gov). There was a notice sent out back in April regarding this, but the fakes have increased. IC3 is the avenue that Americans have to report criminal activity, internet crimes, and more to the FBI. The site is being faked to collect information about malicious actors, inhibit the information from going to the IRS, and to distribute malware.
Resolution: Verify the website address and authenticity anytime you reach out to the IC3. Additionally, invest extra care if you receive any communication from the IC3. It is possible that you receive e-mails from them, so diligence is critical.
Risk 2: High
Issue: Watchguard, a developer of firewall and routing devices, has announced a vulnerability on their Firebox devices. These are their most popular line of firewall devices. This exposure allows for full remote code execution, ultimately giving the malicious actor full access to your environment. This is a high-level concern if you use any Firebox device.
Resolution: A patch is available so please go in and update your firmware or ensure that your IT provider has recently updated the firmware for this device.
Risk 3: High
Issue: Google has had a rough few days. They have now announced their SIXTH zero-day exploit in Chrome over the last several days. Zero-day means that this vulnerability is both known and currently being exploited. In other words, the bad guys know about it and are using it.
Resolution: Google has released a patch. However, this patch recommends both fully closing Chrome as well as not retaining any open tabs upon restart.
Risk 4: Medium
Issue: Similar to the upcoming end of life for Windows 10 on October 14, 2025, Microsoft has also announced the end of support for Office 2016 and Office 2019 on October 14, 2025.
Resolution: If you are still using Office 2019 or earlier, you should plan to upgrade immediately as support, updates, and security patches will no longer be available after this date.
Risk 5: Medium
Issue: Apple has recognized a large zero-day vulnerability that impacts both current iPhone/iPad devices as well as legacy devices. The severity so large that Apple has extended the patch to iOS devices that had previously been outside of support. We reported this vulnerability last month for existing iOS devices, but Apple has extended support all of the way back to iPhone 6s, iPhone 7, iPhone SE, iPhone 8, and iPhone X as well as a large collection of iPads.
Resolution: If you have a newer iDevice, you should already have the patch. If you have an older device, please check the system settings as a new update should be available. This is a zero day vulnerability so please do this as soon as possible.
Announced Data Breaches
Insight Partners
SonicWall
Upcoming Live CE
Brad will be leading a webinar for NAEA’s Practice Education series on Thursday October 2 at 3pm. The webinar will be about Cybersecurity and the essential components of a WISP (Written Information Security Plan).
Brad will be presenting to the New Jersey Chapter of NATP on October 21 the topic AI, specifically in Simplifying Tax Topics for Clients and Making Tax Research for Efficient.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
