Security News > 2020 > April > Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials
An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability.
The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.
The body of the email embeds content from a real Cisco Security Advisory from December 2016, along with Cisco Webex branding.
The email tells victims, "To fix this error, we recommend that you update the version of Cisco Meetings Desktop App for Windows" and points them to a "Join" button to learn more about the "Update."
Victims who click on the "Join" button are redirected to the phishing landing page, which is identical to the legitimate Cisco WebEx login page.
News URL
https://threatpost.com/cisco-critical-update-phishing-webex/154585/
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Critical hardcoded SolarWinds credential now exploited in the wild (source)