Security News

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," Malwarebytes CEO and co-founder Marcin Kleczynski said.

Anyvan, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed it was the victim of a digital burglary that involved the theft of customers' personal data. The company wrote to customers mid-last week to inform them of a "Breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register.

Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters. Images have also been used for ages as a way to circumvent an email's textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.

The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. "On December 24, 2020, the Department of Justice's Office of the Chief Information Officer learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others," DoJ spokesperson Marc Raimondi said in a short statement.

A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan. As an initial attack vector, the group used spear-phishing emails containing obfuscated JavaScript code meant to load malicious scripts from an attacker-controlled remote server.

The US Department of Justice said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department's Office 365 email inboxes. The Justice Department currently employs over 115,000 people [1, 2] which translates to around 3450 potentially breached mailboxes.

The email accounts of multiple members of parliament were compromised following a cyberattack as revealed today by the Parliament of Finland. "Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs," Parliament officials said.

The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. Such is the case in a recent phishing campaign discovered by cybersecurity firm Cybereason that pretends to be an Amazon gift certificate sent via email.

Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution. The Microsoft 365 Defender suite is used by security teams for coordinated threat protection in enterprise environments for protecting devices, identity, data, and applications.