Security News

One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19. Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks. The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks. The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

In form-based phishing attacks, scammers leverage sites such as Google Docs and Microsoft Sway to trap victims into revealing their login credentials. The initial phishing email typically contains a link to one of these legitimate sites, which is why these attacks can be difficult to detect and prevent.

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security. A blog post published Wednesday by security provider Abnormal Security describes how phishing attacks are taking advantage of Amazon Web Services to steal user credentials.

COVID-19 phishing emails have been bombarding inboxes since the virus began to spread in December and January. Cybersecurity company INKY pored through the months of coronavirus-themed phishing emails and compiled a report on where most of them were coming from, finding that the majority of IP addresses found in email headers originated from the United States.

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page. The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google's cloud infrastructure to dupe victims and skate by secure email gateways. Using the Firebase storage API, companies can store data in a Google cloud storage bucket.

LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page. "Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user's password manager," Abnormal Security noted.