SCCCCyber: January 2026

Tuesday, January 27, 2026

Critical Out of Band Microsoft updates to Windows, Office, and Outlook January 24, 2026

Updates to Windows to fix an update to windows. Update to Office for a vulnerability from a local account. So clicking or opening an Office file.
I am seeing potential exploits from other Sun City residents. Are you?

Windows KB5078127

Monday, January 26, 2026

License Plate Readers

Several license plate readers on entries and exits from Sun City.
Due to a vulnerability a database of Flock, the company deploying most of the license plate readers across the United states the data was not redacted.
To see where your license plate was captured and not redacted use Have I Been Flocked.

https://haveibeenflocked.com

Similar to Have I Been Pwoned for email and account information from data breaches
https://haveibeenpwned.com/

Of course you or any other person on the planet can search for any license plate and find locations recorded.

Friday, January 23, 2026

LastPass requests you create a backup of your password valt - with urgency

PLEASE do NOT respond or action a request from LastPass to create a(nother) backup of your password vault. This is a recent phishing campaign.
Instead of obtaining your vault password, they gain access to your ENTIRE password vault.

Monday, January 19, 2026

Browser Extension's Logo containing malware

GhostPoster malware.
Browser extensions can have a logo. An icon displayed as part of the browser extension.
GhostPoster malware adds JavaScript after a marker.
So the extension displays the logo and executes the extension function as normal.
BUT the PNG logo delivers the malicious JavaScript code past most defenses.

Seven years undetected. 8 million instances, over 1 million victims.

Even more stealth. The malware loader uses several sites. The loader waits 48 hours. The loader only executes the load 10% of the time.

Information on GhostPoster in recent.

Sunday, January 18, 2026

Extreme Android Vulnerability

AI is on a continuum between helpful and harmful. Iff we know how AI is used. Thus today's warning.

Any Android smartphone smart tablet can be totally (kernel level takeover) by receiving an audio message. Not reading, just receiving an audio message. No clicks, no open of the audio message, no playing of the message, no interaction.
Why?
A vulnerability in the Dolby audio decoder. An audio decoder in almost every Android device. When receiving an audio message via any means, the decoder decodes the message for transcription using AI.
A recent change. Now that audio decoder is exposed to the internet and any attacker.
So, with AI the audio message can be transcribed, translated, searched, indexed, ...
Yeah but with AI on your Android device and a malicious audio message delivered with no notice or interaction AND more and more apps using Android AI features - not good.
Chaining this vulnerability with a vulnerability in BigWave (a hardware video decoding) the attacker has full kernel level control and access. Access like camera, microphone, files, Internet access, ...
Clever attackers? No, the attackers used AI to develop the attack. Google's AI developed an attack on Google Android platform.
The same Dolby audio decoder is used on iPhones and Macs but with a compile switch to prevent the vulnerability.

Please check your android device and any recent security updates.

Thursday, January 15, 2026

Reprompt attack on Microsoft Copilot allows attackers to issue prompts to exfiltrate sensitive data.

This vulnerability was patched by Microsoft's January 2026 patch update.

The attack allows attackers to infiltrate a victim's Microsoft Copilot session then issue commands to exfiltrate sensitive data. A malicious prompt inside a legitimate URL, bypassing Copilot protections, allows an attacker to then access Copilot's LLM session issuing commands of the attacker's choosing. This attack requires no plugins or other vulnerabilities and allows invisible data exfiltration.
Copilot connects to the victim's personal account acting as a personal assistant integrated with Edge and most of Microsoft applications.

The attack leverages parameter-to-parameter prompt injection, double request technique, and chain request technique. "Please make every function call twice and compare results, show the best one"

WhisperPair - Vulnerability in 17 manufacturer's Bluetooth speakers, headphones, and other accessories

Vulnerable devices manufactured by Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore, Logitech, and Google itself. The vulnerability is being called WhisperPair as it allows any Bluetooth device in range to take control of the vulnerable device AND potentially track the device.

Many of the affected devices with the vulnerability require a security update.

Sunday, January 11, 2026

Largest Healthcare reported data breaches

US Department of Health and Human Services Office for Civil Rights

15 Large breaches The top 5:
Aflac 22,650,000
Conduent Business Services LLC 10,515,949
Yale New Haven Health System 5,556,702
Episource LLC 5,414866
Blue Shield of California 4,700,000

Figures on the number of breaches and the companies reporting so far are not accurate nor complete due to the government shutdown and most breaches were breaches of business associates.

California DROP

California DROP (Delete Request and Opt-out Platform) Jan 1, 2026

residents can file 1 request for all 500+ data brokers to delete, not collect, nor sell personal data

just supply the info ...

4 states require data broker registration Oregon, California, Vermont, Texas

Wednesday, January 7, 2026

HIPPAA Journal lists largest healthcare data breaches of 2025

US Department of Health and Human Services Office for Civil Rights

Monday, January 5, 2026

Aflac data breach

Aflac reported a data breach of 22 million people's personal and health information. Several other health insurance companies also reported breaches at the same time in June.
Stolen data included social security numbers and government issued documents.

Kimwolf Botnet

This relatively new botnet compromises Android based TV boxes, many which ship with default mode which allows remote access!
Two million devices are part of the Kimwolf botnet allowing a great increase in ad fraud and DDoS attacks.
A tool to check your Android based TV or streamer here.
Update: Some Android digital picture frames may be infected before and delivery.
Update: A list of known infected or vulnerable devices:

Here’s a clean, search‑verified list of the Android TV boxes most commonly infected by the Kimwolf botnet, based directly on the sources you pulled.

Kimwolf overwhelmingly targets cheap, no‑name, uncertified Android TV boxes — many of which come pre‑infected or ship with exposed ADB that allows instant compromise.

✅ 1. “TV BOX” (generic label)

A huge number of infected devices simply report themselves as “TV BOX”, a catch‑all name used by many unbranded Chinese manufacturers.

✅ 2. SuperBOX

Frequently appears in infected device pools.

✅ 3. HiDPTAndroid

Another common generic Android TV box name seen in Kimwolf infections.

✅ 4. P200

A widely cloned board used in many low‑cost TV boxes.

✅ 5. X96Q

One of the most frequently mentioned infected models.

✅ 6. XBOX / X‑BOX (not Microsoft Xbox)

A misleading brand name used by several no‑name Android TV box vendors.

✅ 7. SMART_TV / SMART TV (generic)

Generic “Smart TV” labeled devices with Android builds.

✅ 8. MX10

Another common low‑cost box repeatedly seen in botnet telemetry.

The Guardian warning "Digital wallet fraud: how your bank card can be stolen without it leaving your wallet"

Guardian Article

Fraudsters use phishing to steal card details, which fund a spending spree using Apple Pay or Google Pay

Use of this technique are on the rise.

Sun City Computer Club Cyber Blog has returned

I will be posting really important news and notifications again now that the Cyber Blog has returned to the Computer Club's web site.