Security News

A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.

Zyxel Networks announced the launch of XGS1250-12 12-Port Web-Managed Multi-Gigabit Switch with 3-Port 10G and 1-Port 10G SFP+. Designed to optimize high-bandwidth applications in the home and office, such as HD multimedia content creation and storage, and high-speed WiFi 6 data and IoT traffic, the versatile XGS1250-12 switch features three multi-Gigabit ports to eliminate network bottlenecks for devices such as 10G NAS or servers, WiFi 6 access points and new 2.5G motherboards. The switch features eight Gigabit Ethernet ports, one 10G SFP+ port, and three Multi-Gigabit ports that support five speeds: 10 Gbps, 5 Gbps, 2.5 Gbps, 1 Gbps and 1 Gbps. The highest common link speed is automatically and independently negotiated with each connected device.

Alcatel-Lucent Enterprise and RingCentral are joining forces to launch Rainbow Office, powered by RingCentral, a Unified Communication as a Service solution, in Ireland. Stemming from a strategic partnership between RingCentral and Alcatel-Lucent Enterprise, announced in August 2020, Rainbow Office, powered by RingCentral, will combine the very latest in UCaaS technology from RingCentral, with market-leading networking, communication, and cloud solutions and services from Alcatel-Lucent Enterprise's portfolio, making it a unique offering in the market.

Most of the recent credential phishing attacks seen by Menlo Security served phony Outlook and Office 365 login pages. In its report, the Menlo Tabs team said it discovered a rise in credential phishing attacks over the past month.

The UK's Home Office is on the hunt for a supplier to help support applications running on its counter-terrorism data network to fulfil a contract that could be worth up to £32m. The National Communications Data Service gives security, intelligence, and law enforcement agencies legal access to communications data. In a tender document released last week, the Home Office said it was looking to engage suppliers early before it puts together a contract to "Facilitate the delivery of its communications data applications."

A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time. More than 1,200 user accounts were removed in this act of sabotage, causing a complete shutdown of the company's operations for two days.

A former IT contractor has been sentenced to two years in prison after hacking into a company's server and deleting the majority of its employees' Microsoft Office 365 accounts. On Aug. 8, 2018, Kher then hacked into the company's server and deleted over 1,200 of its 1,500 O365 user accounts.

A California federal court has sentenced a "Vengeful" techie to two years in the clink after he deleted 1,200 Microsoft user accounts belonging to a client. Deepanshu Kher, a Delhi-based employee of an unnamed IT outsourcing firm, was tasked with helping a company in the coastal city of Carlsbad, California, migrate its Office 365 environment.

Phishers have been exploiting people's fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives. Cybercriminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control, U.S. Internal Revenue Service, U.S. Department of Health and Human Services, World Health Organization, and other agencies and businesses.

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise attacks, according to a new report from Area 1 Security. These new, sophisticated attacks are aimed at C-suite executives, their assistants and financial departments, and can work around email security and Office 365 defenses.