Cybersecurity Weekly: AiTM phishing attack, how to spot social engineering personas, CISA patch order

July 18, 2022 by Ryan Miner

A new AiTM phishing attack can skip MFA, scammers posing as cybersecurity companies to install malware, and how to spot fake personas used for social engineering. All these and more in this week’s edition of Cybersecurity Weekly.

1. Microsoft warning: This AiTM phishing attack can skip your defenses

Phishing campaigns are using web proxies to perfectly imitate corporate login pages that can help attackers dodge multi-factor authentication.
Read more »

2. Crooks are now posing as cybersecurity companies to trick you into installing malware

Cybersecurity company CrowdStrike details phishing attacks that claim to come from security companies – including Crowdstrike itself.
Read more »

3. How hackers create fake personas for social engineering

And some ways to up your game for identifying fabricated online profiles of people who don’t exist.
Read more »

4. CISA orders agencies to patch new Windows zero-day used in attacks

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.
Read more »

5. Now offering cryptocurrency, ATMs targeted for crypto-fraud

 The addition of cryptocurrency to ATMs in recent years has added a new wrinkle to the basic card skimmers and over-the-shoulder, old-school PIN-snatching.
Read more »

Posted: July 18, 2022
Ryan Miner
View Profile