Security News

With the proliferation of malicious websites, domain name system filtering has been adopted as an effective method for blacklisting content and blocking out suspicious webpages. Peter Lowe, security researcher with DNSFilter, talks to Cody Hackett on this week's Threatpost Podcast about how DNS filtering works, how DNS blocking tactics are evolving to keep up with new cybercriminal tricks - and how companies can implement DNS filtering in order to protect themselves.

US securities industry regulator FINRA warned brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website. WHOIS domain data does not provide any information on who registered the phishing domain since all personal information is redacted using the registrar's privacy service.

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.

Scammers are trying to steal email credentials from employees by impersonating their organization's human resources department in phishing emails camouflaged as internal 'back to work' company memos. These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defenses according to stats provided by researchers at email security company Abnormal Security who spotted this phishing campaign.

Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom business meetings, as usual, today is a prime opportunity to perform a phishing attack using Zoom invite lures.

A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted in the arrest of the Nigerian nationals, believed to be responsible for distributing malware, carrying out phishing campaigns and extensive scams worldwide. In a BEC attack, a scammer impersonates a company executive or other trusted party, and tries to trick an employee responsible for payments or other financial transactions into wiring money to a bogus account.

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. Armorblox co-founder and head of engineering Arjun Sambamoorthy just published a report detailing how now-ubiquitous services like Google Forms, Google Docs and others are being used by malicious actors to give their spoofing attempts a false veneer of legitimacy, both to security filters and victims.

A blog post published Thursday by cybersecurity firm Armorblox details how phishing campaigns are using some of the technologies available from Google and offers advice on how to protect yourself. In the post entitled "OK Google, Build Me a Phishing Campaign," Armorblox's co-founder and head of engineering, Arjun Sambamoorthy, explains that Google is a ripe target for exploitation due to the free and democratized nature of many of its services.

While online holiday shopping is nothing new, more of us will be avoiding the malls and brick-and-mortar stores this year - which opens up big opportunities for cybercriminals. We already know that COVID-19-related phishing scams skyrocketed 600 percent between February and March this year, shortly after the pandemic took hold across Europe and the U.S. This year, along with the usual garden-variety holiday scams, we're likely to see more phishing attacks both directly and indirectly related to the pandemic.

Google offers a wide array of free software and services that allow users to create documents, spreadsheets, online forms, and free websites. The first Google tool we will look at is the free form creation service called Google Forms that lets anyone create free online surveys that can then be sent to other users.