Security News

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems.

The widespread malware known as Qbot has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. As shown in the following diagram, Qbot moves quickly to perform privilege escalation immediately following an infection, while a full-fledged reconnaissance scan takes place within ten minutes.

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session.

A cross-site scripting vulnerability in the Zimbra email platform is currently actively exploited in attacks targeting European media and government organizations. Zimbra is an email and collaboration platform that also includes instant messaging, contacts, video conferencing, file sharing, and cloud storage capabilities.

Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. Intuit's alert follows reports received from customers who were emailed and told that their Intuit accounts were disabled following a recent server security upgrade.

Microsoft has added SMTP MTA Strict Transport Security support to Exchange Online to ensure Office 365 customers' email communication integrity and security. This new standard strengthens Exchange Online email security and solves several SMTP security problems, including expired TLS certificates, the lack of support for secure protocols, and certificates not issued by trusted third parties or matching server domain names.

In South Africa, you get an IRP5 at the end of the tax year - an archaic term that we are guessing is short for Inland Revenue/Personal, Form #5, even though the South African tax office hasn't been called the Inland Revenue for nearly 25 years. Here at Naked Security, we know the names of these forms, amongst numerous others, because they often show up in tax scam emails, presumably to give those messages an air of realism.

Microsoft says Samsung devices enrolled in Microsoft Intune using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. Microsoft Intune is a cloud-based service designed to help admins manage Windows, macOS, iOS/iPadOS, and Android apps and devices in enterprise environments.

The Omicron variant has contributed to a 521 per cent rise in COVID test related scam emails between October 2021 and January 2022, according to Barracuda Networks. One of the most common scams include offers to sell counterfeit or unauthorised COVID tests, and other medical supplies such as masks or gloves.

ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages. ProtonMail is an end-to-end encrypted email service based in Switzerland and uses a client-side encryption approach to maintain user privacy and protect their communications from snooping intermediaries.