Cybersecurity Weekly: Multiple active Microsoft phishing campaigns
Targeted phishing attacks successfully hacked top executives at over 150 companies. An Office 365 phishing campaign uses fake Microsoft Teams alerts. A new phishing campaign packs an info-stealer, ransomware punch. All this, and more, in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Targeted phishing attacks successfully hacked top executives at over 150 companies
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of officers at various firms based in Europe and Asia. Dubbed PerSwaysion, the new phishing campaign leverages Microsoft file-sharing services — including Sway, SharePoint and OneNote — to launch highly targeted phishing attacks.
Read more »
2. Office 365 phishing campaign uses fake Microsoft Teams alerts
Another phishing campaign is using cloned imagery from automated Microsoft Teams notifications in attacks that attempt to harvest Office 365 credentials. To evade email protection services, the attackers use several URL redirects with the end goal of hiding the URL used to host the phishing campaign.
Read more »
3. New phishing campaign packs an info-stealer, ransomware punch
A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. By using this combo, the attackers first steal saved stored credentials and then deploy the Jigsaw ransomware to try and get a small ransom to sweeten the attack.
Read more »
4. Report: healthcare targeted by more attacks but less sophistication
Healthcare organizations are experiencing an increase in attacks against their businesses and suppliers, but the attacks appear not to be very sophisticated. Some organizations saw a 30% increase last month in the number of COVID-19-themed phishing sites and lures, but they have not seen a meaningful increase in the number of successful breaches.
Read more »
5. Critical bugs found in three popular e-learning plugins for WordPress
Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system plugins that various organizations and universities use through their WordPress-based websites. These flaws could permit students, as well as unauthenticated users, to view personal information of registered users.
Read more »
6. Critical SaltStack bug affects thousands of data centers
Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an attacker to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by researchers earlier this March and disclosed a day after SaltStack released a patch last week.
Read more »
7. New Android malware steals banking passwords, private data and keystrokes
A new type of mobile banking malware has been abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages and hijack SMS-based two-factor authentication codes. Called EventBot by researchers, the malware is capable of targeting over 200 different financial apps.
Read more »
8. Hackers claim they stole millions of credit cards from Banco BCR
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stole 11 million credit card credentials along with other data. This attack was allegedly conducted by the operators of the Maze Ransomware, who have been behind numerous cyberattacks against high-profile victims.
Read more »
9. How cybercriminals are weathering COVID-19
With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services.
Read more »
Phishing simulations & training
10. TrickBot attack exploits COVID-19 fears with DocuSign-themed phishing campaign
Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign. Threat actors are using people’s interest in the Department of Labor’s Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently.
Read more »
In this Series
- Cybersecurity Weekly: Multiple active Microsoft phishing campaigns
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
