Collecting Cyber-News from over 60 sources

Tag: email

Microsoft Teams Vishing Spreads DarkGate RAT

Dec 16, 2024 8:44 PM

Tags: attack, email, malware, microsoft, phishing, rat, threat

A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/vishing-via-microsoft-teams-spreads-darkgate-rat
YouTube Creators Targeted in Global Phishing Campaign

Dec 16, 2024 11:44 AM

Tags: email, malware, phishing

Over 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/youtube-creators-global-phishing/
Future of proposed US cybersecurity healthcare bills in doubt

Dec 16, 2024 10:42 AM

Tags: access, attack, authentication, breach, business, ceo, cio, ciso, citrix, compliance, credentials, cybersecurity, data, data-breach, email, finance, government, group, healthcare, infrastructure, jobs, law, mfa, penetration-testing, ransomware, regulation, risk, risk-analysis, risk-management, service, technology, theft, training, unauthorized, vulnerability

Six months after Congressional hearings that promised action on the massive Change Healthcare ransomware attack and data theft, three pieces of proposed legislation to tighten cybersecurity requirements on healthcare providers are waiting to be dealt with.But Senators have left the proposals too late in the legislative calendar: Experts say the issue will likely only be…
Security leaders top 10 takeaways for 2024

Dec 16, 2024 8:42 AM

Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerability

This year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…
Security Affairs newsletter Round 502 by Pierluigi Paganini INTERNATIONAL EDITION

Dec 15, 2024 12:05 PM

Tags: cisa, email, infrastructure, international, WeeklyReview

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. IOCONTROL cyberweapon used to target infrastructure in the US and Isreael U.S. CISA adds Cleo Harmony, VLTrader, and…
NCSC Mail Check Changes Their Impact on UK Public Sector Email Security

Dec 13, 2024 9:07 PM

Tags: email, mail, phishing, strategy

Discover how the 2025 changes to NCSC Mail Check will impact UK public sector organizations and learn strategies for maintaining robust protection against phishing and spoofing. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/ncsc-mail-check-changes-their-impact-on-uk-public-sector-email-security/
Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries

Dec 13, 2024 5:05 AM

Tags: email, group, phishing, threat

A detailed report from Group-IB reveals a sophisticated global phishing campaign targeting employees across 30 companies in 15 jurisdictions. By leveraging trusted domains and dynamic personalization, the threat actors have... First seen on securityonline.info Jump to article: securityonline.info/secure-email-gateways-fail-to-stop-advanced-phishing-campaign-targeting-multiple-industries/
Screen Actors Guild Health Plan sued after September data breach exposes healthcare info

Dec 12, 2024 8:05 PM

Tags: breach, data, data-breach, email, healthcare, law, phishing

SAG-AFTRA Health Plan said investigators traced the breach back to a phishing email that compromised the account. Law enforcement has been notified and the investigation is ongoing. ]]> First seen on therecord.media Jump to article: therecord.media/screen-actors-guild-health-plan-sued-over-data-breach
KeyTrap DNSSEC: The day the internet (almost) stood still

Dec 12, 2024 7:05 PM

Tags: attack, cyberattack, cybersecurity, data, dns, email, exploit, germany, google, Internet, mitigation, service, software, technology, vulnerability

A severe vulnerability in the internet lookup protocol DNSSEC carried the potential to make much of the web functionally inaccessible for many, according to a presentation at Black Hat Europe.DNSSEC (Domain Name System Security Extensions) offers mitigation against various types of cyberattacks, including DNS spoofing and cache poisoning, by providing a way to cryptographically authenticate…
PEC “invoice scam” Stealing time, money, and trust from businesses

Dec 12, 2024 7:05 PM

Tags: business, credentials, email, malicious, risk

PEC stands for “Posta Elettronica Certificata” – a type of legally binding “certified email” used in Italy. It’s also a hub of abuse targeting business owners. In this article, we share a real-life case of criminals stealing PEC credentials to send malicious emails, causing significant loss of time and money, and explore the risks of…
Notorious Nigerian cybercriminal tied to BEC scams extradited to U.S.

Dec 12, 2024 5:05 PM

Tags: business, cybercrime, email, fraud, scam

Abiola Kayode, a 37-year-old Nigerian national, has been extradited from Ghana to the United States to face charges of conspiracy to commit wire fraud. Kayode, who was on the FBI’s Most Wanted cybercriminal list, is charged with participating in a business email compromise (BEC) scheme and romance fraud from January 2015 to September 2016, defrauding…
Sublime Snags $60M Series B for Email Security Tech

Dec 12, 2024 5:05 PM

Tags: email

Sublime said the new capital was provided by IVP, Citi Ventures, Index Ventures, Decibel Partners, and Slow Ventures and brings the total raised to $93.8 million. The post Sublime Snags $60M Series B for Email Security Tech appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/sublime-snags-60m-series-b-for-email-security-tech/
Fortinet Acquires Perception Point Reportedly for $100 Million

Dec 12, 2024 5:05 PM

Tags: email, fortinet

Fortinet has acquired Israeli collaboration and email security company Perception Point to expand its offering. The post Fortinet Acquires Perception Point Reportedly for $100 Million appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-acquires-perception-point-reportedly-for-100-million/
Top 10 dmarcian Alternatives: Features, Pricing, Pros, and Cons

Dec 12, 2024 3:05 PM

Tags: dmarc, email, tool

Searching for dmarcian alternatives? Explore the top DMARC management tools, compare features and pricing, and choose the best solution for your email security needs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/top-10-dmarcian-alternatives-features-pricing-pros-and-cons/
Attackers can abuse the Windows UI Automation framework to steal data from apps

Dec 12, 2024 5:05 AM

Tags: attack, automation, computer, control, credit-card, data, detection, edr, email, endpoint, exploit, framework, Internet, malicious, malware, microsoft, service, software, technology, threat, tool, windows

An accessibility feature built into Windows to facilitate the use of computers by people with disabilities can be abused by malware to steal data from other applications or control them in malicious ways that evades detection by most endpoint protection systems.The Windows UI Automation framework has existed since the days of Windows XP and provides…
Researchers Crack Microsoft Azure MFA in an Hour

Dec 11, 2024 11:05 PM

Tags: access, cloud, email, flaw, mfa, microsoft, unauthorized

A critical flaw in the company’s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/researchers-crack-microsoft-azure-mfa-hour
The imperative for governments to leverage genAI in cyber defense

Dec 11, 2024 10:05 PM

Tags: ai, attack, cyber, cyberattack, cybersecurity, dark-web, data, deep-fake, defense, detection, email, endpoint, gartner, government, incident response, infrastructure, intelligence, LLM, malicious, malware, microsoft, strategy, tactics, threat, tool, training, vulnerability

In an era where cyber threats are evolving at an unprecedented pace, the need for robust cyber defense mechanisms has never been more critical. Sixty-two percent of all cyberattacks focus on public sector organizations directly and indirectly. Nation-state actors, equipped with generative artificial intelligence (genAI) sophisticated tools and techniques, pose significant threats to national security,…
US sanctions Chinese cybersecurity firm over global malware campaign

Dec 11, 2024 5:36 AM

Tags: attack, breach, china, computer, control, corporate, credentials, cve, cyber, cyberattack, cybersecurity, email, encryption, exploit, finance, firewall, fraud, government, group, healthcare, identity, infection, infrastructure, intelligence, international, malicious, malware, monitoring, network, office, password, ransomware, risk, service, software, sophos, technology, terrorism, threat, tool, vulnerability, zero-day

The US government has imposed sanctions on Chinese cybersecurity firm Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, for their alleged involvement in a 2020 global cyberattack that exploited zero day vulnerabilities in firewalls.The actions were announced by the US Department of the Treasury and the Department of Justice (DOJ), which also…
Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

Dec 10, 2024 8:08 PM

Tags: email, group, infection, malware, ransomware, social-engineering, tactics

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations. First seen on hackread.com Jump to article: hackread.com/black-basta-gang-ms-teams-email-bombing-malware/
Hackers Target Job Seekers with AppLite Trojan Using Fake Job Emails

Dec 10, 2024 5:07 PM

Tags: email, hacker, jobs

SUMMARY Zimperium’s zLabs has shared its latest research with Hackread.com, ahead of its publishing on December 10. According… First seen on hackread.com Jump to article: hackread.com/hackers-job-seekers-banking-trojan-fake-job-emails/
Inside the incident: Uncovering an advanced phishing attack

Dec 10, 2024 5:07 PM

Tags: access, attack, detection, email, malicious, phishing, tactics, threat

Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-the-incident-uncovering-an-advanced-phishing-attack/
AWS customers face massive breach amid alleged ShinyHunters regroup

Dec 10, 2024 3:08 PM

Tags: access, ai, attack, breach, business, cloud, credentials, crypto, cyber, cybersecurity, data, data-breach, email, endpoint, exploit, fraud, group, hacker, hacking, iam, identity, infrastructure, Internet, law, open-source, phishing, service, threat, tool, unauthorized, vulnerability

Terabytes of data belonging to thousands of AWS customers, including customer details, AWS credentials, and proprietary source code, were compromised in a large-scale cyber operation linked to the now-defunct ShinyHunters hacking group.Independent cybersecurity researchers, Noam Rotem and Ran Locar, found the operation exploiting vulnerabilities and misconfigurations in a number of public sites to gain unauthorized…
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client

Dec 10, 2024 3:08 PM

Tags: email, injection, LLM, microsoft

Microsoft offers $10,000 in rewards to researchers who can manipulate a realistic simulated LLM-integrated email client. The post Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-bets-10000-on-prompt-injection-protections-of-llm-email-client/
Webinar Today: Inside a Hacker’s Playbook How Cybercriminals Use Deepfakes

Dec 10, 2024 3:08 PM

Tags: business, cybercrime, deep-fake, email, exploit, hacker, social-engineering, tactics, technology

Join the live, eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC). The post Webinar Today: Inside a Hacker’s Playbook How Cybercriminals Use Deepfakes appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/webinar-today-inside-a-hackers-playbook-how-cybercriminals-use-deepfakes/
CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

Dec 10, 2024 12:08 PM

Tags: attack, computer, country, cyber, defense, email, phishing, russia, threat, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new set of cyber attacks that it said were aimed at defense companies in the country as well as its security and defense forces.The phishing attacks have been attributed to a Russia-linked threat actor called UAC-0185 (aka UNC4221), which has been active since…
APT53 Weaponizing LNK Files To Deploy Malware Into Target Systems

Dec 10, 2024 8:10 AM

Tags: apt, attack, cyber, cyberattack, defense, email, government, malicious, malware, phishing, tactics, threat

Gamaredon, a persistent threat actor since 2013, targets the government, defense, diplomacy, and media sectors of their victims, primarily through cyberattacks, to gain sensitive information and disrupt operations. It continues to employ sophisticated tactics, leveraging malicious LNK and XHTML files alongside intricate phishing schemes to carry out cyberattacks. Phishing emails with four distinct attack payloads…
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Dec 9, 2024 8:07 PM

Tags: email, qr, ransomware, social-engineering, tactics, threat

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024.”Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user’s email…
Suspected Russian hackers target Ukrainian defense enterprises in new espionage campaign

Dec 9, 2024 5:07 PM

Tags: computer, conference, defense, email, espionage, group, hacker, military, phishing, russia, ukraine

Ukraine’s military computer emergency response team said the group sent phishing emails disguised as invitations to a legitimate defense conference that took place in Kyiv last week.]]> First seen on therecord.media Jump to article: therecord.media/suspected-russian-hackers-target-ukrainian-enterprises-espionage
Microsoft dangles $10K for hackers to hijack LLM email service

Dec 9, 2024 2:07 PM

Tags: ai, email, hacker, LLM, microsoft, service

Outsmart an AI, win a little Christmas cash First seen on theregister.com Jump to article: www.theregister.com/2024/12/09/microsoft_llm_prompt_injection_challenge/
Phishing Scam Targets Ukrainian Defense Companies

Dec 9, 2024 1:07 PM

Tags: defense, email, phishing, scam, ukraine

CERT-UA has issued a warning about phishing emails targeting Ukrainian defense companies and security forces First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-scam-targets-ukrainian/