Security News

The U.S. Federal Bureau of Investigation on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "Sophisticated chain attack." "Vinny Troia wrote a book revealing information about hacking group TheDarkOverlord. Shortly after, someone began erasing ElasticSearch clusters leaving behind his name. Later his Twitter was hacked, then his website. Now a hacked FBI email server is sending this," Hutchins tweeted.

Well-known email tracking organisation Spamhaus, which maintains lists of known senders of spams and scams, is warning of a fraudulent "FBI/Homeland Security" alert that has apparently been widely circulated to network administrators and other IT staff in North America. Urgent: Threat actor in systems Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.

The Federal Bureau of Investigation email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. The emails pretended to warn about a "Sophisticated chain attack" from an advanced threat actor known, who they identify as Vinny Troia.

Email is fundamental to the operation of most businesses. 90 per cent of IT execs are prioritizing the protection of docs and info in emails according to research from Echoworx.

A new business email compromise campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users. Researchers at Avanan, a CheckPoint company, first discovered the campaign - dubbed One Font because of the way it hides text in a one-point font size within messages - in September.

Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. According to a report by Barracuda, who surveyed 10,500 organizations, 35% of them received at least one bait attack email in September 2021 alone.

Well, over the past 24 hours, we, and many of our colleagues, have been on the receiving end of an email scam that preys on exactly these fears. In other words, receiving an email from a "Colleague" whom you don't know, and who doesn't know you, but who seems to have been dragged into a customer "Dispute" that you weren't even aware of yet.

A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes. The email body contains a hyperlink to a Google Drive URL, which, if clicked, downloads an MHT file onto the victim's machine.

Phishers readily deploy attacks, with the average phishing campaign lasting only 12 minutes, according to Google, which reports blocking 100 million phishing emails per day. Implementing DMARC eliminates the most common attack vector - phishing emails - and adds another layer of protection.

Musical instruments, motorcycle parts and now malware - Craigslist really does have it all. The Craigslist internal email system was hijacked by attackers this month to deliver convincing messages messages, ultimately aimed avoiding Microsoft Office security controls to deliver malware.