Security News > 2020 > October

The U.S. Department of the Treasury this week issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from sending money to sanctioned entities. The Treasury Department's Office of Foreign Assets Control says there has been a rise in ransomware attacks on U.S. organizations, which has resulted in an increase in the demand for ransomware payments.

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate. Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.

Graylog makes it easy to send syslog information from clients to the hosting server. You've installed the Graylog system log manager to keep tabs on all of those Linux log files.

NFL and NBA athletes whose social-media accounts were taken over have been thrown the ball of justice. Federal prosecutors alleged that between December 2017 and April 2019, Washington and Magrehbi actively took part in illegal schemes to gain access to social media and other personal online accounts of the players.

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. In its advisory, the Treasury's Office of Foreign Assets Control said "Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations."

Spammers have started using a tricky URL obfuscation technique that sidesteps detection - and ultimately infects victims with the LokiBot trojan. When the PowerPoint file is opened, the document attempts to access a URL via a Windows binary, and this leads to various malware being installed onto the system.

Fleek has announced the launch of Space, an open source, private file storage, sharing, and collaboration platform built on top of the distributed web stack, including Filecoin, IPFS, and Textile. Space's mission is to enable a fully private, peer to peer file and work collaboration experience for users.

Siemens Energy announced a new AI-based industrial cybersecurity service, Managed Detection and Response, powered by Eos.ii, to help small and medium-sized energy companies defend critical infrastructure against cyberattacks. "As the digital revolution transforms the energy industry, industrial operating environments are becoming increasingly vulnerable to cyberattacks," said Leo Simonovich, Head of Industrial Cybersecurity at Siemens Energy.

A newly detailed business email compromise campaign has resulted in more than $15 million being diverted from at least 150 organizations worldwide, cybersecurity company Mitiga reports. The threat actor behind the attacks relied exclusively on Office 365 to reduce suspicion on the utilized rogue email addresses, which were impersonating senior executives in an attempt to trick employees of targeted companies to send funds to attacker-controlled bank accounts.

DDoS attacks would either slow down election-related public-facing websites or render them inaccessible, thus preventing voters from staying updated with voting information or from accessing voting results. "The public should be aware that if foreign actors or cyber criminals were able to successfully conduct DDoS attacks against election infrastructure, the underlying data and internal systems would remain uncompromised, and anyone eligible to vote would still be able to cast a ballot," the FBI and CISA note.