Security News
Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.
A Brit public sector-owned office supplies company shrugged off a ransomware demand for 102 Bitcoins after a staffer opened a phishing email. A local blogger, publishing the Vox Medway site, claimed the attack froze all CSG services at 01:30 UK time on 2 April.
A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general's office, according to a new complaint filed with the government's internal affairs division. As detailed this week by the Mexican daily Reforma, several Mexican federal, state and municipal officers filed a complaint saying the attorney general office responsible for combating corruption had initiated formal proceedings against them for investigating Romanians living in Mexico who are thought to be part of the ATM skimming operation.
Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.
The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. "The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA in the email - View Subpoena - clearly describing the purpose of the email."
The Register reported that an admin was told that their company's internal search results had been made visible when queries were run by users from another company. At no time were the files that were displayed accessible to the user who received the incorrect search results.
Phishers are trying to bypass the multi-factor authentication protection on users' Office 365 accounts by tricking them into granting permissions to a rogue application. How? The aforementioned authorization code is exchanged for an access token that is presented by the rogue application to Microsoft Graph, which will authorize its access.
A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.
Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."
Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have received search results from another organization."