Security News

While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat groups affiliated with or backing Vladimir Putin's government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. There have been a recent spate of distributed denial-of-service attacks against Ukrainian government sites, such as the Ministry of Foreign Affairs and the Ministry of Internal Affairs, as well as key services that help Ukrainians find information, such as Liveuamap, according to Google TAG. China's Mustang Panda also has joined the fray, using the war in Ukraine to target European entities with lures related to the Ukrainian invasion in a recent phishing campaign.

So how can organizations overcome the sudden increase in security threats and regain the upper hand against bad actors with fewer resources than ever before? Increasingly, it looks like zero-trust will become the ideal approach for doing more with less, because ultimately, it's the users and their cyber-hygiene that's the first line in phishing defense. As anyone, no matter how technically savvy, is at risk of falling victim to phishing attacks, it's vital that organizations rethink their approach to security as a whole to combat these threats.

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials. "The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday.

Don't miss our cybersecurity podcast minisodes! Bliss is a hill in wine country. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

It's easy to forget that the "Obviousness" of many scam emails comes from the fact that the crooks never intended those scams for us in the first place. We received a phish this morning that specifically targeted one of the main South African banks.

Apache patches an embarrassing bug and then has to patch the patch. Oh! No! The computer that punched a user in the face.

It's the second week of Cybersecurity Awareness Month 2021, and this week's theme is an alliterative reminder: Fight the Phish! Anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it's what computer scientists or mathematical analysts call a solved game.

The Milanote app, billed as the "Evernote for creatives" by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways, researchers said. According to analysis from Avanan released Thursday, attackers are looking to hook victims by starting off with a simple email.

"Attached herewith is the revised circular," the malicious email reads. "Since 50 percent of the malicious emails targeted South Korea, we can speculate that threat actors were closely monitoring local news about the vaccination campaign in the country and anticipated shipment of 14 million doses of coronavirus vaccine," the spokesperson said.

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.