Security News

A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers.Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts sending HR-themed messages with a malicious attachment to enterprise targets.

The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks. This week, the Associated press warns that an old third-party-managed AP Stylebook site that was no longer in use was hacked between July 16 and July 22, 2023, allowing the data for 224 customers to be stolen.

A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. The campaign started in late August 2023, when Microsoft Teams phishing messages were seen being sent by two compromised external Office 365 accounts to other organizations.

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses Advanced Installer's Custom Actions feature to make the software installers execute the malicious scripts," Cisco Talos researcher Chetan Raghuprasad said in a technical report.

The Ragnar Locker ransomware gang has claimed responsibility for an attack on Israel's Mayanei Hayeshua hospital, threatening to leak 1 TB of data allegedly stolen during the cyberattack. Yesterday, security researcher MalwareHunterTeam noted that the Ragnar Locker ransomware group claimed responsibility for the attack, creating a new page for the hospital on their data leak site.

Recently, a slew of activity by the advanced persistent threat group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code. This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.

Apple has patched two zero-day vulnerabilities exploited to deliver NSO Group's Pegasus spyware."The exploit chain was capable of compromising iPhones running the latest version of iOS without any interaction from the victim," Citizen Lab shared.

69% of organizations in the education sector suffered a cyberattack within the last 12 months, according to Netwrix. What's more, 3 out of 4 attacks in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

The U.S. Cybersecurity and Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. CISA is warning federal agencies that they should patch the CVE-2023-33246 vulnerability for Apache RocketMQ installations on their systems by September 27.

Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses. Check Point researchers have discovered that hackers are exploiting the trusted service of Google Looker Studio to craft cryptocurrency phishing pages.