Security News

The Computer Emergency Response Team of Ukraine has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The email messages come with the subject line "Windows Update" and purportedly contain instructions in the Ukrainian language to run a PowerShell command under the pretext of security updates.

Microsoft has addressed a known issue affecting Outlook for Microsoft 365 customers that prevented them from accessing group mailboxes and calendars using the Outlook desktop client. "A recent standard service update inadvertently contains an authentication code regression which is resulting in some users being unable to access or perform various Microsoft 365 group actions in the Outlook desktop client," the company described the issue under EX540503 in the Microsoft 365 admin center.

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. QBot is a banking trojan that's known to be active since at least 2007.

QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files to infect Windows devices. Qbot is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors.

A recruitment business that sent out an eye watering 107 million spam emails is now nursing a £130,000 fine from Britain's data watchdog. "It's an issue many of us face - opening up our email inboxes and it being filled with emails we did not ask for or consent to," said Andy Curry, ICO head of investigations.

A suspected Nigerian fraudster is scheduled to appear in court Friday for his alleged role in a $6 million plot to scam businesses via email. Kosi Goodness Simon-Ebo, 29, is the first of three Nigerian men to have been extradited from Canada to the US after a federal grand jury charged the trio on seven counts including money laundering and wire fraud for their alleged roles in a scheme to defraud victims out of millions of dollars.

Microsoft is working on fixing an issue affecting some Outlook for Microsoft 365 customers and preventing them from accessing emails and their calendars. "After updating to Outlook Version 2303 Users may be unable to view or access Microsoft 365 group calendars and email messages in Outlook Desktop," the company said in a support document published on Thursday.

Syncro has launched a new agreement with Proofpoint to enable Syncro's MSP partners to offer their customers access to Proofpoint's email security and security awareness training solutions. "This reseller agreement not only allows our MSPs to give their customers superior security in a world where safeguarding users is critical, it also provides an opportunity to increase revenue with existing and prospective customers," said Emily Glass, CEO at Syncro.

As TechRepublic has reported previously, business email compromise - or BEC - attacks are on the upswing, particularly as threat actors use such tactics as third-party reconnaissance to impersonate vendors. Email security firm Armorblox reported a rise in nearly all forms of email attack last year.

Phishers are targeting YouTube content creators by leveraging the service's Share Video by Email feature, which delivers the phishing email from an official YouTube email address. The email informs the targets of a new monetization policy, new rules, and prompts them to view a video.