Security News

New phishing attack uses Morse code to hide malicious URLs
2021-02-07 15:40

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire.

Microsoft warns of increasing OAuth Office 365 phishing attacks
2021-02-05 17:07

Microsoft has warned of an increasing number of consent phishing attacks targeting remote workers during recent months, BleepingComputer has learned. Consent phishing is an application-based attack variant where the attackers attempt to trick targets into providing malicious Office 365 OAuth apps with access to their Office 365 accounts.

IRONSCALES further improves ability to detect advanced and highly targeted phishing attacks
2021-02-03 02:00

IRONSCALES announced new platform features as part of its new release to further improve the company's ability to detect advanced and highly targeted phishing attacks, especially those focused on credential harvesting and account takeover. IRONSCALES unveiled improvements to its phishing awareness training module with the addition of a "One-click campaign" feature offering a more seamless process for security teams to test employees' individual phishing awareness via targeted simulations.

Phishing campaign lures US businesses with fake PPP loans
2021-02-01 19:15

Threat actors are sending phishing emails impersonating a Small Business Administration lender to prey on US business owners who want to apply for a Paycheck Protection Program loan to keep their business going during the COVID-19 crisis. The attackers behind this phishing campaign are taking advantage of the ongoing financial problems some businesses are experiencing due to the pandemic to lure them into handing over sensitive business and personal info.

U.K. Arrest in ‘SMS Bandits’ Phishing Service
2021-02-01 15:21

The proprietors of the phishing service were variously known on cybercrime forums under handles such as SMSBandits, "Gmuni," "Bamit9," and "Uncle Munis." SMS Bandits offered an SMS phishing service for the mass sending of text messages designed to phish account credentials for different popular websites and steal personal and financial data for resale. Sasha Angus is a partner at Scylla Intel, a cyber intelligence startup that did a great deal of research into the SMS Bandits leading up to the arrest.

Week in review: Sudo vulnerability, Emotet takedown, execs targeted with Office 365 phishing
2021-01-31 08:55

"Serious" vulnerability found in Libgcrypt, GnuPG's cryptographic libraryLibgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch. Sudo vulnerability allows attackers to gain root privileges on Linux systemsA vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host.

Vishing: FBI says beware of voice phishing at large organizations
2021-01-29 16:31

Attackers are tricking employees into logging into phishing sites.

LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages
2021-01-28 16:46

A newly-uncovered phishing kit, dubbed LogoKit, eliminates headaches for cybercriminals by automatically pulling victims' company logos onto the phishing login page. These targeted services range from generic login portals to false SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals.

Business executives targeted with Office 365-themed phishing emails
2021-01-26 13:43

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information.

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
2021-01-26 11:00

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks. In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.