Security News

Microsoft offers rewards for security bugs in Microsoft TeamsMicrosoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. SECURE Magazine issue 68 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Phishers have been exploiting people's fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will continue to do it for as long it affects out private and working lives. Cybercriminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control, U.S. Internal Revenue Service, U.S. Department of Health and Human Services, World Health Organization, and other agencies and businesses.

Phishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. The phishing message is delivered via LinkedIn's internal messaging system and looks like it has been sent by one of the victim's contacts.

The constant increase in phishing attacks and the damage they cause make all of us anxious, especially since they're becoming harder to detect. To protect yourself from phishing, you must understand how phishers operate, what motivates them, and which tricks they tend to use.

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro. The phishers were able to compromise 40 legitimate email addresses of CEOs, directors, company founders, and owners, as well as those of other enterprise employees.

Loading remotely hosted images instead of embeedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters. Images have also been used for ages as a way to circumvent an email's textual content analysis but, as security technologies became more adept at extracting and analyzing content from images, phishers began trying out several tricks to make the process more difficult and time-consuming for security scanners.

A rising onslaught of phishing messages delivered via SMS has been hitting mobile users around the world in the last few months. The messages take the form of alerts about recipients being eligible to apply for the COVID-19 vaccine, fake notifications about missed deliveries and/or requirements to pay for specific deliveries, messages offering financial help from the government, prizes won.

A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales. Spoofed the sender's domain to make it look like the email comes from Microsoft.

Check out this series to understand the phisher’s perspective and better defend your organization from cyber threats. In this series of videos, BitDam’s cyber expert, Roy Rashti, will share some...

As America counts down to the November 3 elections, things are tense for political campaigns. The Republican Party of Wisconsin, a key battleground state which President Trump won in 2016 by less than 1 per cent, has admitted that it lost $2.3m earlier this month to business email deception - where phishing emails harvest credentials and use these to submit fake or altered invoices for services rendered.