Security News
In form-based phishing attacks, scammers leverage sites such as Google Docs and Microsoft Sway to trap victims into revealing their login credentials. The initial phishing email typically contains a link to one of these legitimate sites, which is why these attacks can be difficult to detect and prevent.
The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security. A blog post published Wednesday by security provider Abnormal Security describes how phishing attacks are taking advantage of Amazon Web Services to steal user credentials.
COVID-19 phishing emails have been bombarding inboxes since the virus began to spread in December and January. Cybersecurity company INKY pored through the months of coronavirus-themed phishing emails and compiled a report on where most of them were coming from, finding that the majority of IP addresses found in email headers originated from the United States.
Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.
Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google's cloud infrastructure to dupe victims and skate by secure email gateways. Using the Firebase storage API, companies can store data in a Google cloud storage bucket.
LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page. "Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user's password manager," Abnormal Security noted.
LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security. As more people work from home due to the coronavirus, a new phishing campaign is impersonating the remote access tool LogMeIn to obtain the account credentials of unsuspecting victims.
A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.
Admins working with Microsoft Azure beware: phishers are updating their assets to reflect changes on the company's cloud-based login screen. Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns.