Security News

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google's cloud infrastructure to dupe victims and skate by secure email gateways. Using the Firebase storage API, companies can store data in a Google cloud storage bucket.

LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page. "Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user's password manager," Abnormal Security noted.

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security. As more people work from home due to the coronavirus, a new phishing campaign is impersonating the remote access tool LogMeIn to obtain the account credentials of unsuspecting victims.

A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.

Admins working with Microsoft Azure beware: phishers are updating their assets to reflect changes on the company's cloud-based login screen. Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns.

The spread of the coronavirus has triggered a surge in templates that spoof government agencies and health organizations in an effort to capture personal information from people. In a blog post published Thursday, security provider Proofpoint looks at several virus-themed templates that have been used in phishing attacks.

Phishers are incessantly pumping out COVID-19 themed phishing campaigns and refining the malicious pages the targets are directed to. "Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting. The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials," Proofpoint researchers have noted.

That's especially true with phishing emails that attempt to hide the source of their deceptive landing pages and spoof or reference a well-known company or brand. A new phishing attack analyzed by Armorblox takes advantage of Symantec to trick users into falling for the scam.

Motimatic, a social impact company that enhances motivation and reinforces positive behavior through its marketing-for-good platform, announced the launch of a new cybersecurity solution for corporate employees. Motimatic for Cybersecurity enables enterprises to complement their existing cybersecurity investments by leveraging the power of social media and digital advertising to deliver targeted messages that educate employees, reinforce best practices, and motivate viewers to take preventative measures against cyberattacks.

The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security. A new phishing campaign spotted by Abormal Security takes advantage of the popularity of Zoom to try to capture account credentials of unsuspecting users.