Security News

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report.

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. This ongoing issue was confirmed by countless Outlook users who have reported that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

India's Telecom Regulatory Authority has announced a fresh crackdown on TXT spam - this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results. The TRAI's approach to managing spam - or Unsolicited Commercial Communication as it prefers to describe it - saw the regulator create a mandatory register of telemarketers and telecoms service providers, and require them to secure opt-ins from message recipients.

To get successful access to those cloud environments, the attackers have deployed credential stuffing attacks: They attempted to reuse valid credentials they obtained from other services or applications. Once all these steps were done, the attackers could easily access the malicious application, even in the case of a password change from the compromised administrator account.

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.

Phishers, scammers and malware peddlers are ready to take advantage of the summer holiday season: According to Bitdefender security analysts, the deluge of travel-themed spam has started in March and is expected to reach its peak in June. Security analyst Alina Bizga told Help Net Security that they haven't seen any really sophisticated travel-themed scams, phishing or attempts at impersonating popular booking platforms as they have seen in the past, but that the summer holiday season is just starting.

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up.

Researchers have identified a never-before-seen method for sneaking malicious links into email inboxes. The clever trick takes advantage of a key difference in how email inboxes and browsers read URLs, according a Monday report by Perception Point.

The BBC were the target of nearly 50 million malicious email attacks between 1st October 2021 and the end of January 2022. This means the BBC is facing an average of 383,278 email threats a day, which is a 35 per cent increase from the daily figure of 283,597 email attacks blocked per day observed by Parliament Street in Summer 2020.

A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. Instead of reaching the Office 365 portal when clicking the 'Review' button, they are sent to a phishing landing page that will ask them to enter their Microsoft credentials to access the quarantined spam messages.