Security News

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.

Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor, Inky's researchers have warned. Tricks used by the phishers to grab business email credentials.

VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found. With a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools.

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

New York Attorney General Letitia James reported 1.1 million credentials tied to 17 "Well known" state businesses were compromised in recent cyberattacks. According to the alert, many of the firms were unaware that that their customer's passwords had been compromised.

Attackers use the Telegram handle "Smokes Night" to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found.

A research from Arkose Labs has revealed that there were over two billion credential stuffing attacks during the last 12 months, growing exponentially during the period from October 2020 to September 2021. According to the research analysts, last year credential stuffing rose 56% during the Christmas and New Year shopping period, with predictions that this same period in 2021 will see up to eight million attacks on consumers every day.

The credentials were a mixed bag in terms of sources, and it's not clear how these passwords became compromised. He added, "A compromised password goes well beyond the initial compromise as it facilitates password spraying and with the help of AI based analytical tools, the bad actors can start to identify patterns of how a person creates passwords. This is possible as the userID in question is an email address for the majority of the cases."

VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product. CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version 21.08.0.1 to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response.

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed.NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes Exchange's Outlook Web Access," Kaspersky researchers Paul Rascagneres and Pierre Delcher said.