PerSwaysion phishing attack now uses legitimate accounts to bypass blocklists and filters
Sophisticated “PerSwaysion” phishing attack sent from a legitimate but compromised vendor account allows emails to bypass any mass blocklists and filters.
SC Magazine - 12th May 2020
Attacks on cloud storage double while phishing website blockages soar by 230%
Group-IB uncovers ‘tremendous increase’ of phishing resource blockages in the second half of 2019 as the duration of attacks grows.
The alarming trend has been revealed by Group-IB’s Computer Emergency Response Team (CERT-GIB), with a “tremendous increase” in the number of phishing websites blockages rising more than 230 percent year-on-year.
Web phishers have increasingly targeted cloud storage over email service providers in the so-called "Top three of phishers’ targets", in a slight and more general way in 2019, the company said.
SC Magazine - 11th May 2020Read more
World Password Day: Is The Password Still Fit For Purpose?
The password has become a significant source of security breaches and user friction. On World Password Day, have we arrived at the point where the password must be replaced with new security protocols?
As businesses continue to adapt to remote mass working, how these connections are secured has been coming under increasing scrutiny. The use of passwords is an accepted and standard component of logon protocols.
However, the password has for several years come under criticism by consumers and businesses alike.
Silicon.co.uk - 7th May 2020Read more
Fresenius Hospital Operator Suffers Ransomware Attack
Despite high demand during the Coronavirus pandemic, hackers have hit IT systems of a major hospital operator with a ransomware attack
Europe’s largest private hospital operator, Fresenius, has suffered a ransomware attack that has limited some of its operations.
Despite the attack, which occurred during a global Coronavirus pandemic, the Berlin-based hospital operator did manage to continue patient care.
Silicon.co.uk - 7th May 2020Read more
PerSwaysion spear-phishing campaign tricks users to get 365 log-in credentials
Microsoft Sway used to trick victims into giving up 365 log-in credentials in spear-phishing campaign.
Cyber-criminals have been observed using Microsoft Sway to dupe users into revealing Office 365 login credentials, according to security researchers.
In a blog post by Feixiang He, senior threat intelligence analyst at Group-IB, explains that the phishing attack, dubbed PerSwaysion, is a three-phase operation which takes a victim from a PDF attached email, through Microsoft file sharing services, then to the final phishing site.
SC Magazine - 1st May 2020Read more
2FA-stealing Android malware gives enterprises cause for concern
Security researchers have warned that newly created mobile banking malware can not only grab passwords for more than 200 financial apps, but intercept two-factor authentication codes as well.
The Cybereason Nocturnus research team has been investigating the EventBot Android malware since it emerged last month, and today published a report into its findings. Assaf Dahan, senior director for threat research at Cybereason, told SC Media UK that the EventBot code "seems to have been written from scratch, and it doesn't look like it's based on previous Android malware." It's also subject to what the researchers refer to as "constant iterative improvement," and has the potential to cause a whole heap of financial damage.
SC Magazine - 30th April 2020Read more
GDPR ignored by Warwick University? - failure to alert staff & students over data breach
Warwick University has reportedly kept secret from staff and student data breaches to its infrastructure. Breach happened after employee unwittingly installed malware.
According to reports from Sky News, the problem happened when a member of staff installed remote-viewing software allowing cyber-criminals to steal sensitive personal information on students, staff and even people taking part in research studies.
An earlier report found that security was so poor at the educational institution that it could not identify what data had been stolen.
SC Magazine - 29th April 2020Read more
Researchers Take Down Massive Crypto-Mining Botnet
VictoryGate crypto-mining botnet infected at least 35,000 systems, mostly in Peru, and continues to spread via infected removable USB drives
Security researchers have taken down a crypto-mining botnet that infected at least 35,000 devices and which is continuing to spread.
The VictoryGate botnet mainly affects systems located in Latin America and particularly in Peru, where 90 percent of the infected machines are located, ESET said.
It has been active since at least May 2019 with three variants of the original module and about 10 secondary payloads being identified.
Silicon.co.uk - 27th April 2020Read more
Critical vulnerability in Microsoft Teams could lead to data theft by just looking at a picture
Malicious Gif sent to victims could let malware scrape data in Microsoft Teams and spread to other groups.
Security researchers have discovered a critical security vulnerability in Microsoft Teams desktop and browser instances which could lead to widespread data theft campaigns, compromised credentials, ransomware attacks and corporate espionage.
According to a blog post by CyberArk, researchers found that by that leveraging a subdomain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape user's data and ultimately take over an organisation’s entire roster of Teams accounts.
SC Magazine - 27th April 2020Read more
NCSC launches coronavirus scam reporting service, plus advice on secure video-conferencing
Scam reporting service launched to flag suspicious emails for the NCSC to assess and take down malicious content, Cyber Awareness campaign starts, includes advice on securing video-conferencing.
It launched its ‘Suspicious Email Reporting Service’ to make it easy for people to forward suspicious emails to the NCSC – including those claiming to offer services related to coronavirus.
SC Magazine - 21st April 2020Read more