Security News > 2021

A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries. The threat actors are leveraging phishing kits and a number of sophisticated methods at every step of the attack.

The good news is that as industrial cybersecurity rises to the top of priority lists for CISOs and their boards, we have an opportunity to think differently about industrial operations protection. Because most critical infrastructure environments are starting with a clean slate when it comes to industrial cybersecurity, we have an opportunity to take a simpler approach.

A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity. Specifically, Buchanan demonstrated how he could hide both MP3 audio files and ZIP archives within the PNG images hosted on Twitter.

Microsoft says that customers might experience additional printing issues besides blue screen crashes after installing Windows 10 updates released earlier this month. According to Microsoft, these recent Windows 10 updates will cause issues when printing from some apps or when printing to some printers, including missing or solid color graphics, misalignment/formatting issues, or printing blank pages/labels.

A malicious Xcode project known as XcodeSpy is targeting iOS devs in a supply-chain attack to install a macOS backdoor on the developer's computer. Threat actors are increasingly creating malicious versions of popular projects hoping that they are included in other developer's applications.

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

Social media and advertising giant Facebook today announced that it is now allowing mobile users to secure their accounts with the help of security keys. Available for Facebook's desktop users since 2017, the authentication method requires that the user confirm authentication requests with the help of a physical security key.

Healthcare IoT cybersecurity and intelligence provider Cylera today announced that it has raised $10 million in Series A funding. To date, the company has secured $17 million in funding.

Latest episode - listen now!

The FBI this week published its Internet Crime Report for 2020, and the agency said it received nearly 800,000 cybercrime complaints last year, with reported losses totaling $4.2 billion. The number of complaints received by the FBI in 2020 increased significantly compared to the previous year, when it got roughly 467,000 complaints.