Security News

Microsoft 365 phishing campaign exploits Samsung, Adobe, and Oxford University
2020-06-18 18:46

In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website. Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.

Credential phishing attack impersonates Bank of America
2020-06-18 16:52

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

Phishing Campaign Targeting Office 365, Exploits Brand Names
2020-06-18 12:55

Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the attacks-the majority of which targeted European companies, with others seen in Asia and the Middle East-in April, when they discovered emails sent to victims titled "Office 365 Voice Mail.".

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com
2020-06-14 04:01

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn't quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address.

Google Sees Increase in COVID-19 Phishing in Brazil, India, UK
2020-06-12 15:07

Cyber-threats taking advantage of the COVID-19 pandemic are evolving, and Google is seeing an increase in related phishing attempts in countries such as Brazil, India, and the UK. As the coronavirus crisis spreads worldwide, cyber-criminals and state-sponsored actors have adapted their attacks to leverage pandemic-related lures. Google says it has observed an increase in the number of scams targeting Aarogya Setu, an initiative where the government is trying to connect people across India with essential health services.

Phishing Attack Hits German Coronavirus Task Force
2020-06-08 15:16

Researchers are warning of an ongoing phishing attack that's targeting the credentials of more than 100 high-profile executives at a German multinational corporation that's tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task force created March 30 by the German government and the private sector to procure personal protective equipment for healthcare workers on the front lines of COVID-19, such as face masks and medical equipment.

Phishing Attacks against Trump and Biden Campaigns
2020-06-08 11:13

Google's threat analysts have identified state-level attacks from China. I hope both campaigns are working under the assumption that everything they say and do will be dumped on the Internet before the election.

Enterprise mobile phishing increased by 37% in Q1 2020
2020-06-05 03:00

There was a 37 percent increase worldwide in enterprise mobile phishing encounter rate between the fourth quarter of 2019 and the first quarter of 2020, according to Lookout. The report also shows that unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails
2020-06-04 20:10

With the U.S. presidential election months away, advanced persistent threat groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. A China-linked APT group targeted Biden's campaign staff, while an Iran-linked APT targeted Trump's.

Anti-Phishing Firm INKY Raises $20 Million
2020-06-04 13:27

College Park, MD-based phish prevention firm INKY has raised $20 million in a Series B funding round led by Insight Partners. The firm brings artificial intelligence in the form of machine learning and computer vision technology to the recognition and handling of phishing emails.