Security News

Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service web server software that it said is designed to harvest credentials from Outlook Web Access, the webmail client for Exchange and Office 365. "While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020," Kaspersky said in its announcement of the discovery.

A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. Agent Tesla is a.Net-based info-stealer that has been circulating the internet for many years but remains a threat in the hands of phishing actors.

The report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors. End users still inclined to click on phishing email links.

Kaspersky's in-depth analysis of phishing websites found that nearly three quarters of all phishing pages stop showing signs of activity within 30 days. The fear and paranoia that phishing can evoke may only be made worse by this news, but have faith: Kaspersky said that it believes its data "Could be used to improve mechanisms for re-scanning pages which have ended up in anti-phishing databases, to determine the response time to new cases of phishing, and for other purposes," all of which could make katching, tracking and killing phishing pages and their operators easier.

A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process. If the embedded button is clicked, the victim arrives at the phishing site after passing through Google's feed proxy service 'FeedBurner.

These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false snse of legitimacy to victims. "The attacks use dozens of distinct Microsoft 365 third-party applications with malicious redirect URLs defined for them," explains Proofpoint's report.

A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook. To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.

US universities are being targeted in multiple phishing attacks designed to impersonate college login portals to steal valuable Office 365 credentials. These campaigns are believed to be conducted by multiple threat actors starting in October 2021, with Proofpoint sharing details on the tactics, techniques, and procedures used in the phishing attacks.

A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. Instead of reaching the Office 365 portal when clicking the 'Review' button, they are sent to a phishing landing page that will ask them to enter their Microsoft credentials to access the quarantined spam messages.

A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. Verified accounts on Twitter refer to those possessing a blue badge with a checkmark.