Security News

Enterprise software developer Proxmox Server Solutions GmbH has released Proxmox Mail Gateway 6.4, the latest version of its open-source email security solution. Proxmox Mail Gateway is a complete operating system based on Debian Buster 10.9, but using Linux kernel 5.4.106, which is under long term support status.

A report issued on Tuesday by email security provider Armorblox looked at the tactics employed by three recent phishing campaigns and suggests ways to avoid these types of scams. In each case, the emails were able to get past security defenses to end up in the inboxes of their targeted victims.

The Internal Revenue Service is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. "The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions," the US revenue service warned.

A phishing email campaign detailed earlier this month is expanding with the use of additional email services to hide malicious intent, according to a warning from software giant Microsoft. At the time, the researchers revealed that the adversary behind the campaign was leveraging trusted domains to ensure that phishing emails successfully bypass email protections.

Cybercriminals ruthlessly exploited the coronavirus pandemic to set up phishing websites that posed as Pfizer, BioNTech and other household-name suppliers of vaccines and PPE, according to Palo Alto Networks. In a post published today, Palo Alto's Unit 42 threat intel division said COVID-themed phishing lure URLs "Largely centered around Personal Protective Equipment and testing kits in March 2020, government stimulus programs from April through the summer 2020 and vaccines from late fall 2020 onward."

An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways. The attacks are part of multiple phishing campaigns collectively dubbed the "Compact" Campaign, active since early 2020 first detected by the WMC Global Threat Intelligence Team.

Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departmentsA sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries. As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leakMicrosoft Exchange servers around the world are still getting compromised via the ProxyLogon and three other vulnerabilities patched by Microsoft in early March.

Sony's new PS5 is one topic ripe for exploitation, especially since the new console is in short supply due to a scarcity of semiconductor chips. A Friday report from security firm Kaspersky explains how a new scam promising a PS5 is playing out and offer tips on how to avoid taking the bait.

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise attacks, according to a new report from Area 1 Security. These new, sophisticated attacks are aimed at C-suite executives, their assistants and financial departments, and can work around email security and Office 365 defenses.

A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans which allows attackers to take control of victims' machines through a new phishing email scheme, Cybereason discovered. The new infection process is designed to evade antivirus tools and tricks targets into installing the malware via a tax-themed Word Document containing a malicious macro that downloads an OpenVPN client on the targeted machine.