Security News

This shift to working from home has exposed new security risks and has left nearly 50% of those employees worried about impending cyber threats in their new home office settings. The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools-yet the survey showed many employees are lacking guidance, direction and policies.

Those running VMWare guest machines on Mac will want to update their software to get a security fix for VMware Tools. Earlier this month, Microsoft dropped its usual boatload of Patch Tuesday updates, sans a set for Office for Mac.

Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, announced the availability of integrations with Box and Slack to stop socially engineered attacks and data loss across email, messaging, and file-sharing services. In addition to API-based integrations with Office 365, G Suite, and Exchange, these new integrations extend Armorblox capabilities beyond email to prevent targeted attacks and sensitive data disclosures across cloud office applications.

Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the attacks-the majority of which targeted European companies, with others seen in Asia and the Middle East-in April, when they discovered emails sent to victims titled "Office 365 Voice Mail.".

SecureAge Technology has announced a key update to its flagship SecureAPlus Endpoint Protection Platform, to reduce user anxiety for remote or office-based workers. "SecureAPlus end point protection is designed to provide end users - wherever they are working - with 100% protection from ransomware, keyloggers and other malware by simply blocking all previously unknown processes," said Dr. Teow-Hin, SecureAge founder and CEO. "With Recommended Actions we go further to reduce stress for both end users and IT admins by providing intelligence-led guidance based on our analysis of millions of viruses together with collective malware research."

Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.

A Brit public sector-owned office supplies company shrugged off a ransomware demand for 102 Bitcoins after a staffer opened a phishing email. A local blogger, publishing the Vox Medway site, claimed the attack froze all CSG services at 01:30 UK time on 2 April.

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general's office, according to a new complaint filed with the government's internal affairs division. As detailed this week by the Mexican daily Reforma, several Mexican federal, state and municipal officers filed a complaint saying the attorney general office responsible for combating corruption had initiated formal proceedings against them for investigating Romanians living in Mexico who are thought to be part of the ATM skimming operation.

Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.

The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. "The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA in the email - View Subpoena - clearly describing the purpose of the email."