For the uninitiated, or anyone who lives in a country where taxes are paid as normal and therefore pay for appropriate road repairs, E-ZPass is a small device drivers in more than a dozen countries in the U.S. can register for so they can automatically pay tolls along highways rather than having to stop and use cash or coins, or spending a few extra minutes manually processing a transaction.
For this case with New Jersey, the phishing site the scammers set up was shockingly convincing and looked remarkably similar to the legitimate New Jersey E-ZPass website.
Once we logged into our legitimate E-ZPass account to check to make sure we had paid all the appropriate tolls, I alerted my team about this scam, and we appropriately blocked the phishing URL in question in Cisco Secure products.
Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages.
In April, the FBI also warned of SMS phishing scams, in which adversaries pretended to be toll collection services from three different U.S. states.
SunPass, the equivalent to E-ZPass in Florida, also alerted about similar scams around the same time as these E-ZPass scams started being reported.
My hunch is that these types of services are being impersonated all over the U.S. for several reasons - thousands of drivers use these services, which makes it likely that whoever receives the text will be familiar with these devices and will have recently driven on a highway that makes drivers pay tolls.
The requests coming through as SMS messages also make the targets more likely to open them on their mobile devices, which may not have the same security in place as a laptop or managed company device.
No individual state or local agency is immune from this style of scam, so if you're ever in doubt of receiving a text like this, it's best to call your area government program in question and ask them about any suspicious activity before clicking on any links or submitting payment information.
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software.
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.
We have more detailed information in our full Vulnerability Roundup from this week.
Several vulnerabilities were identified in the AutomationDirect P3 line of CPU modules.
The device communicates remotely via ethernet, serial and USB and exposes a variety of control services, including MQTT, Modbus, ENIP and the engineering workstation protocol DirectNET. Four of the vulnerabilities found in these PLC CPU modules received a CVSS security score of 9.8 out of 10, making them particularly notable.
TALOS-2024-1942 is a leftover debug code vulnerability that allow an adversary who can communicate to the device over ModbusRTU to enable the device's diagnostic interface without any other knowledge of the target device.
There is also TALOS-2024-1943 which can lead to remote code execution if the attacker sends a specially crafted file to the targeted device and TALOS-2024-1939 which are stack-based buffer overflows that can also lead to remote code execution if the attacker sends a specially formatted packet to the device.
Each of the vendors mentioned in this week's Vulnerability Roundup have released patches for affected products, and users should download these patches as soon as possible.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence's website.
Just days before the disruption, reports surfaced that the software was quietly installed on computers that handled the check-in process at least three Wyndham hotels across the U.S. A vulnerability in the platform could have allowed anyone on the internet who exploits it can download screenshots captured by the software directly from its servers.
PcTattletale advertised itself as software that could allow anyone to control it remotely and view the target's Android or Windows devices and their data from anywhere in the world.
This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 30 May 2024 18:13:05 +0000