Security News > 2022 > January

Data Privacy Day is a day to focus on best practices for ensuring private data remains that way. While in theory every day should be Data Privacy Day, having an annual day to focus on promoting these concepts can help build awareness and share useful information.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Scams related to the courier accounted for 23 percent of all phishing emails during that time frame when the company's name had been attached to only 9 percent of scams in the third quarter.

Microsoft says Windows 11 has now entered the broad deployment phase, making it available for everyone with an eligible device via Windows Update. "The upgrade offer to Windows 11 is entering its final phase of availability and is designated for broad deployment for eligible devices," the company said in a Windows Health dashboard status update.

The HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks. There was a huge six-fold increase in attackers using malicious Microsoft Excel add-in files to infect systems compared to last quarter - a technique found to be particularly dangerous as it only requires one click to run the malware.

EXCLUSIVE: Hackers associated with the Russian Federation Foreign Intelligence Service continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. In a report shared exclusively with BleepingComputer, cybersecurity company CrowdStrike today describes in detail the latest tactics, techniques, and procedures observed in cyberattacks from the Cozy Bear state-sponsored hackers.

Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. If successful, they are ready to launch the second wave of the campaign, which consists of sending more phishing emails to targets outside the organization as well as within. "The victim's stolen credentials were immediately used to establish a connection with Exchange Online PowerShell, most likely using an automated script as part of a phishing kit. Leveraging the Remote PowerShell connection, the attacker implemented an inbox rule via the New-InboxRule cmdlet that deleted certain messages based on keywords in the subject or body of the email message," the team explained.

Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second distributed denial of service attack targeting an Azure customer from Asia in November. Two more large size attacks followed this in December, also targeting Asian Azure customers, a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443.

Not to mention the fact that often the SaaS app owner sits outside of the security team in the department that most uses the app, and they are untrained and not focused on the security upkeep of the app. It all amounts to just how unrealistic it is to expect security teams to be able to stay in control of the organization's SaaS stack.

Called 'Dark Herring', the operation used 470 Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of USD in total losses. In total, the fraudulent apps were installed by 105 million users in 70 countries, subscribing them to premium services that charged $15 per month through Direct Carrier Billing.

Court documents obtained by The Register show that the secret surveillance capability was baked into otherwise mundane bulk SMS sending carried out by MMGRP Ltd. The tax collection agency, which has the power to retrospectively change laws, had been using SMS reminder messages as an enforcement tool. We asked HMRC for comment, posing a series of questions including how long had it used HLR look-up techniques against taxpayers; did HMRC obtain necessary warrants to carry out HLR lookups and, if so, under what legislation and from which courts; how many times it had used this technique; under what circumstances it was deployed; and is the capability present in a contract with its new supplier.