Security News

Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group. According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control infrastructure known to be associated with TA505, which the company tracks as CHIMBORAZO. The fake updates are designed to bypass the user account control security feature in Windows and they abuse the Windows Script Host tool to execute malicious scripts.

Cybercriminals have planted a payment card skimmer on the websites of several organizations using the Playback Now conference platform, Malwarebytes reported on Thursday. The customer websites hosted on it - customers receive a dedicated website which they can use to serve their content - had been injected with a payment card skimmer that allowed the attackers to steal the financial information of users purchasing conference materials from those sites.

Recent threat research shows that during the first six months of 2020, cybercriminals adapted their usual attack strategies to take advantage of the global pandemic and target the expanded attack surface created by the dramatic shift to remote workers. Cybercriminals understand this and have modified their attack strategies accordingly.

A newly detailed business email compromise campaign has resulted in more than $15 million being diverted from at least 150 organizations worldwide, cybersecurity company Mitiga reports. The threat actor behind the attacks relied exclusively on Office 365 to reduce suspicion on the utilized rogue email addresses, which were impersonating senior executives in an attempt to trick employees of targeted companies to send funds to attacker-controlled bank accounts.

Bad actors could create or change websites and social media content to discredit this year's electoral process, cautions the FBI and CISA. The 2020 presidential election promises to be a rough and divisive one. A new message from the Federal Bureau of Investigations and the Cybersecurity and Infrastructure Security Agency warns voters of the likelihood that foreign actors and cybercriminals will try to propagate fake news about the election results to discredit the process and weaken confidence in the US political system.

While the COVID-19 outbreak has disrupted the lives and operations of many people and organizations, the pandemic failed to interrupt onslaught of malicious emails targeting people's inboxes, according to an attack landscape update published by F-Secure. Increase of malicious emails utilizing COVID-19 issues.

A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said in a Tuesday analysis.

"The biggest takeaway is that there exists a market, demanded by cybercriminals, for threat actors to advertise customized sniffer variants to conduct attacks against e-commerce websites through malicious JavaScript injection," researchers with Recorded Future told Threatpost, on Thursday. One such Russian-speaking threat actor currently making waves is called "Billar," which created and is the sole designer of a payment card sniffer called "Mr.SNIFFA." This sniffer was first debuted on Exploit Forum on Dec. 3, 2019, and is currently being advertised for about $3,000.

While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it's a purported "Job offer" or a pretend "Critical invoice." The attack vector is still widespread enough where tech giants are re-inventing new ways to try to stomp it out, with Microsoft just this week rolling out a feature for Office 365 that aims to protect users against malicious attachments sent via email, for instance.

To help people and businesses affected financially, the government has been offering loans, stimulus packages, and increased unemployment benefits. A report published Friday by global threat intelligence firm IntSights describes how cybercriminals have been combining various types of data to create phony IDs to obtain unemployment benefits from the US government.