Security News

So how can organizations overcome the sudden increase in security threats and regain the upper hand against bad actors with fewer resources than ever before? Increasingly, it looks like zero-trust will become the ideal approach for doing more with less, because ultimately, it's the users and their cyber-hygiene that's the first line in phishing defense. As anyone, no matter how technically savvy, is at risk of falling victim to phishing attacks, it's vital that organizations rethink their approach to security as a whole to combat these threats.

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials. "The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday.

Don't miss our cybersecurity podcast minisodes! Bliss is a hill in wine country. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

It's easy to forget that the "Obviousness" of many scam emails comes from the fact that the crooks never intended those scams for us in the first place. We received a phish this morning that specifically targeted one of the main South African banks.

Apache patches an embarrassing bug and then has to patch the patch. Oh! No! The computer that punched a user in the face.

It's the second week of Cybersecurity Awareness Month 2021, and this week's theme is an alliterative reminder: Fight the Phish! Anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it's what computer scientists or mathematical analysts call a solved game.

The Milanote app, billed as the "Evernote for creatives" by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways, researchers said. According to analysis from Avanan released Thursday, attackers are looking to hook victims by starting off with a simple email.

"Attached herewith is the revised circular," the malicious email reads. "Since 50 percent of the malicious emails targeted South Korea, we can speculate that threat actors were closely monitoring local news about the vaccination campaign in the country and anticipated shipment of 14 million doses of coronavirus vaccine," the spokesperson said.

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.

Click Studios, the software company behind the Passwordstate enterprise password manager, is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware. Click Studios published a second advisory on Sunday, saying that "Only customers that performed In-Place Upgrades between the times stated above are believed to be affected and may have had their Passwordstate password records harvested."