Security News

US universities are being targeted in multiple phishing attacks designed to impersonate college login portals to steal valuable Office 365 credentials. These campaigns are believed to be conducted by multiple threat actors starting in October 2021, with Proofpoint sharing details on the tactics, techniques, and procedures used in the phishing attacks.

A massive shortfall in PC availability, lack of login for secure IT systems, disjointed IT systems and a desperate attempt to fall back onto printed paper methods all contributed to chaotic scenes at the newly merged Foreign, Commonwealth, and Development Office, according to written testimony put before Parliament today. "On the evening of Saturday 21 August, the soldiers were issued one FCDO computer for every two soldiers. These did not work because FCDO IT had not issued the passwords to unlock them. These computers were finally unlocked on the afternoon of Sunday 22 August. Until this, the soldiers worked with one computer shared between roughly eight people," said former desk officer Raphael Marshall in his evidence [PDF] to the House of Commons Foreign Affairs Select Committee's Inquiry on Government Policy on Afghanistan.

Microsoft is offering discounts of up to 50% on Microsoft 365 subscriptions to those using pirated versions of Microsoft Office willing to switch to a genuine version. The message displayed is a call to action for those likely using a pirate copy of Microsoft Office: "GET UP TO 50% OFF. For a limited time, save up to 50% on a genuine Microsoft 365 subscription."

A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. Instead of reaching the Office 365 portal when clicking the 'Review' button, they are sent to a phishing landing page that will ask them to enter their Microsoft credentials to access the quarantined spam messages.

Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection.Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with automated attack remediation and defends them from various threats, including business email compromise and credential phishing.

The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators. The revival of Emotet is serious because in its final form the Windows malware network was increasingly being used to deliver ransomware, as well as the traditional online banking credential-stealing code it was previously best known for.

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. Office 365 credentials are a common target for phishing attacks.

Kaspersky said today that a legitimate Amazon Simple Email Service token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users. Amazon SES is a scalable email service designed to allow developers to send emails from any app for various use cases, including marketing and mass email communications.

A novel threat actor with unclear motivesis running a crimeware campaign delivering multiple Windows and Android RATs through the exploitation of CVE-2017-11882. The actor has registered multiple domains that feature political themes such as diplomatic and humanitarian efforts and uses them to deliver malware payloads to the victims.

Microsoft has been branded as "The world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security researchers. TheAnalyst noted that a BazarLoader malware campaign was hosting its malware on Microsoft's OneDrive service.