Security News
"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers," Rackspace said in an incident report update shared with BleepingComputer in advance. "Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor."
To address these challenges, Google, Microsoft and Proton, whose Proton Mail service was a first-mover in secure email, both moved to expand end-to-end encryption offerings. Google's announcement followed that of Proton, an encrypted cloud storage platform launched in 2013 in Geneva, Switzerland by CEO Andy Yen.
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.
Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private and public data on various online hacker forums and cybercrime marketplaces. These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.
In brief Business email compromise continues to be a multibillion-dollar threat, but it's evolving, with the FBI and other federal agencies warning that cybercriminals have started using spoofed emails to steal shipments of physical goods - in this case, food. Along with the Food and Drug Administration's Office of Criminal Investigations and the US Department of Agriculture, the FBI said several US food manufacturers have already fallen victim to scams, many of which involved fake orders for hundreds of thousands of dollars worth of a single item: powdered milk.
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information. The link to appeal the account deletion is an actual Facebook post on facebook.com, helping threat actors bypass email security solutions and ensure their phishing messages land in the target's inbox.
There's no end - or restored data - in sight for some Rackspace customers now on day 12 of the company's ransomware-induced hosted Exchange email outage. Rackspace did not say if or when it expects to recover people's data that was lost or scrambled when ransomware hit its systems - an attack that took down some of Rackspace's hosted Microsoft Exchange services on December 2.
A business email compromise attack is a type of scam aimed at an organization's employees in which the attacker impersonates a top executive or other trusted person associated with the business. While BEC attacks usually occur via email, they're now using SMS text messages to hit recipients.
MuddyWater hackers, a group associated with Iran's Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets. [...]
Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks. Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.