Security News

Phishers are trying to bypass the multi-factor authentication protection on users' Office 365 accounts by tricking them into granting permissions to a rogue application. How? The aforementioned authorization code is exchanged for an access token that is presented by the rogue application to Microsoft Graph, which will authorize its access.

Phishers are trying to trick investment brokers into sharing their Microsoft Office or SharePoint login credentials by impersonating FINRA, a non-governmental organization that regulates member brokerage firms and exchange markets. Phishers target investment brokers with malicious emails.

Web shell malware continues to evade many security toolsCyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. Phishers exploit Zoom, Webex brands to target businessesProofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco.

A few days ago, we outlined several phishing campaigns going after Zoom and WebEx credentials of employees. Two new ones are trying to exploit their fears by delivering fake "Zoom meeting about termination" emails and fake notifications about COVID-19 stimulation/payroll processing.

Proofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco. "Not only are attackers using video conferencing brands as a lure for malware, but they're using it for credential phishing, in particular to steal Zoom and Webex credentials."

With so many people and organizations using Microsoft Office 365, phishers who exploit this brand can target a vast amount of people as a way to steal their account credentials, as described by Vade Secure. Phishing attacks that exploit Office 365 come in different varieties, according to Adrien Gendre, chief solutions architect at Vade Secure.

Nurses are among the groups most heavily targeted by email scammers because of the value of the data they can access, according to email security biz Proofpoint's Adenike Cosgrove. Cosgrove, an infosec strategist for Proofpoint, told The Register that not only are nurses and other frontline healthcare professionals at the top of phishing target lists, but that a healthcare worker asked her for advice on security best practice - rather than her own organisation's security team.

The latest example of the latter are fake emails purportedly coming from the World Health Organisation, which is, ironically, engeaged in fighting an "Infodemic" of fake coronavirs-themed news online. It also shows a simple pop-up asking the potential victim to "Verify" their email by entering their email address and password.

83 users have already been affected by 65 malicious files disguised as copies of Star Wars: The Rise of Skywalker according to Kaspersky.

Phishing scammers have once again targeted users of the popular Steam gaming service, it was revealed this week.