Security News

Cybersecurity has come to be defined by identity, with almost every attack today revolving around gaining control of a user's identity as a means of accessing critical data and systems. More recently, the ransomware and data theft attack on Planned Parenthood also seems to have started with a compromised account.

Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. If successful, they are ready to launch the second wave of the campaign, which consists of sending more phishing emails to targets outside the organization as well as within. "The victim's stolen credentials were immediately used to establish a connection with Exchange Online PowerShell, most likely using an automated script as part of a phishing kit. Leveraging the Remote PowerShell connection, the attacker implemented an inbox rule via the New-InboxRule cmdlet that deleted certain messages based on keywords in the subject or body of the email message," the team explained.

PCI SSC updates card security standards to secure the card production processThe PCI Security Standards Council announced the availability of the PCI Card Production and Provisioning Security Requirements version 3.0. The importance of securing machine-to-machine and human-to-machine interactionIn this interview with Help Net Security, Oded Hareven, CEO at Akeyless, explains how organizations manage secrets, particularly how this practice has changed and evolved amid the rapid shift to hybrid/remote work and how it benefits organizations security wise.

Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors. Kaspersky calls these spyware attacks 'anomalous' because of their very short-lived nature compared to what is considered typical in the field.

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.

Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor, Inky's researchers have warned. Tricks used by the phishers to grab business email credentials.

VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found. With a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools.

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

New York Attorney General Letitia James reported 1.1 million credentials tied to 17 "Well known" state businesses were compromised in recent cyberattacks. According to the alert, many of the firms were unaware that that their customer's passwords had been compromised.

Attackers use the Telegram handle "Smokes Night" to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found.