Security News

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access."The particular danger with Owowa is that an attacker can use the module to passively steal credentials from users who are legitimately accessing web services," he explained.

Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service web server software that it said is designed to harvest credentials from Outlook Web Access, the webmail client for Exchange and Office 365. "While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020," Kaspersky said in its announcement of the discovery.

Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely.Microsoft Exchange servers are commonly targeted with web shells that allow threat actors to remotely execute commands on a server and are usually the focus of defenders.

A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process. If the embedded button is clicked, the victim arrives at the phishing site after passing through Google's feed proxy service 'FeedBurner.

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks. The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Policy experts, journalists and nongovernmental organizations were targeted as part of weekly campaigns observed between from January through June 2021, Proofpoint researchers Darien Huss and Selena Larson disclosed in a technical report detailing the actor's tactics, techniques, and procedures, with the attacks spread across North America, Russia, China, and South Korea.

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.

Learn how to detect phishing on LinkedIn and protect yourself from it. Abusing LinkedIn is one of those techniques that is very effective because a lot of professionals use and depend on LinkedIn for their activities or work relationships.

Cisco has released security updates to address critical security flaws allowing unauthenticated attackers to log in using hard-coded credentials or default SSH keys to take over unpatched devices. "A vulnerability in the Telnet service of Cisco Catalyst PON Series Switches ONT could allow an unauthenticated, remote attacker to log in to the affected device by using a debugging account that has a default, static password," the company explains in an advisory published yesterday.

There's a new scam making the rounds on Discord, through which cybercriminals can harvest Steam account information and make off with any value it contains. Researchers flagged a new approach as noteworthy because it crosses over between Discord and the Stream gaming platform, with crooks offering a purported free subscription to Nitro, in exchange for "Linking" the two accounts.