Collecting Cyber-News from over 60 sources

Tag: email

Novel phishing campaign uses corrupted Word documents to evade security

Dec 2, 2024 6:48 PM

Tags: attack, email, microsoft, phishing, software

A novel phishing attack abuses Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/novel-phishing-campaign-uses-corrupted-word-documents-to-evade-security/
Microsoft Ignite: Redefining email security with LLMs to tackle a new era of social engineering

Dec 2, 2024 5:48 PM

Tags: email, LLM, microsoft, social-engineering

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-ignite-redefining-email-security-with-llms-to-tackle-a-new-era-of-social-engineering/
Corrupted Word Files Fuel Sophisticated Phishing Campaign

Dec 2, 2024 5:48 PM

Tags: attack, email, phishing

A new phishing attack uses corrupted Word docs to bypass security, luring victims with fake payroll and HR emails First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/corrupted-word-files-fuel-phishing/
New register to prevent SMS scammers from using trusted business names to dupe Australians

Dec 2, 2024 3:28 PM

Tags: business, communications, email, government, law, scam

Telcos will be required to either block scam texts or warn recipients they come from unregistered senders in Labor crackdown<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>Telcos will be required to block scam texts or warn recipients they come from unregistered senders, under new rules to be introduced by…
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 – Dec 1)

Dec 2, 2024 1:30 PM

Tags: ai, attack, cybersecurity, email, hacker, phishing, threat, tool

Ever wonder what happens in the digital world every time you blink? Here’s something wild – hackers launch about 2,200 attacks every single day, which means someone’s trying to break into a system somewhere every 39 seconds.And get this – while we’re all worried about regular hackers, there are now AI systems out there that…
Novel phising campaign uses corrupted Word documents to evade security

Dec 2, 2024 12:28 PM

Tags: attack, email, microsoft, phishing, software

A novel phishing attack abuses Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/novel-phising-campaign-uses-corrupted-word-documents-to-evade-security/
Check Point transformiert erneut die ESicherheit

Dec 1, 2024 7:27 PM

Tags: email, mail

Seit 2023 hat Check Point mehr als 75 neue Funktionen für Harmony Email & Collaboration veröffentlicht und damit die E-Mail-Sicherheit in der Zusammen… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-transformiert-erneut-die-e-mail-sicherheit/a37050/
Security Affairs newsletter Round 500 by Pierluigi Paganini INTERNATIONAL EDITION

Dec 1, 2024 2:30 PM

Tags: android, email, google, international, ransomware, WeeklyReview

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. 15 SpyLoan Android apps found on Google Play had over 8 million installs Notorious ransomware programmer Mikhail Pavlovich…
How I Accessed Microsoft’s ServiceNow, Exposing ALL Microsoft Employee emails, Chat Support Transcripts & Attachments

Dec 1, 2024 4:20 AM

Tags: email, microsoft

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-transcripts-attachments/
Security Advisory: CVE-2024-45519

Dec 1, 2024 1:19 AM

Tags: advisory, cve, email, service, vulnerability

Summary CVE-2024-45519 is a critical security vulnerability discovered in the postjournal service of Zimbra Collaboration Suite, a popular email and c… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/02/security-advisory-cve-2024-45519/
Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks

Nov 29, 2024 12:28 PM

Tags: 2fa, attack, authentication, credentials, cybersecurity, email, malicious, mfa, microsoft, phishing, service

Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials.”This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA) First seen on thehackernews.com Jump to…
The CSO guide to top security conferences

Nov 29, 2024 7:46 AM

Tags: access, cio, cloud, compliance, conference, cyber, cybersecurity, email, germany, guide, identity, india, intelligence, international, jobs, law, resilience, risk, risk-management, threat, tool, training, update

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead.…
Beyond FUD Links: Rockstar PaaS Kit Exploits Trusted Platforms for Phishing

Nov 29, 2024 5:46 AM

Tags: cybersecurity, email, exploit, phishing, service, tactics

The Rockstar Phishing-as-a-Service (PaaS) kit has caught the attention of cybersecurity experts for its advanced and devious tactics to bypass email defenses. In a report from Trustwave SpiderLabs, Rockstar’s arsenal... First seen on securityonline.info Jump to article: securityonline.info/beyond-fud-links-rockstar-paas-kit-exploits-trusted-platforms-for-phishing/
Microsoft re-releases Exchange updates after fixing mail delivery

Nov 28, 2024 12:23 AM

Tags: email, mail, microsoft, update

Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-re-releases-exchange-updates-after-fixing-mail-delivery/
Attack Group APT60 Targets Japan Using Trusted Platforms

Nov 27, 2024 7:11 PM

Tags: apt, attack, email, google, group, jobs, malware, phishing

APT-C-60 targets Japan with phishing emails, using job application ruse and malware via Google Drive First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aptc60-targets-japan-using-trusted/
INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

Nov 27, 2024 10:11 AM

Tags: business, cybercrime, email, infrastructure, interpol, law, malicious, network, ransomware

An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent.Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware,…
Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa

Nov 26, 2024 10:10 PM

Tags: business, cybercrime, email, extortion, interpol, ransomware

Operation Serengeti targeted criminal suspects in Africa behind ransomware, business email compromise, digital extortion and scams. The post Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/interpol-clamps-down-on-cybercrime-and-arrests-over-1000-suspects-in-africa/
OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts

Nov 26, 2024 9:10 PM

Tags: crypto, email, malicious, marketplace, phishing

Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/opensea-phishers-aim-drain-crypto-wallets-nft-enthusiasts
Use LogicApps and Copilot for Security to auto-process ISAC Emails

Nov 26, 2024 5:02 PM

Tags: email

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/use-logicapps-and-copilot-for-security-to-auto-process-isac-emails/
Gang gobbles 15K credentials from cloud and email providers’ garbage Git configs

Nov 26, 2024 4:06 PM

Tags: cloud, credentials, email

First seen on theregister.com Jump to article: www.theregister.com/2024/10/31/emeraldwhale_credential_theft/
Gangster counseling center fears data leak

Nov 25, 2024 6:51 PM

Tags: access, breach, crime, data, data-breach, email, leak, network, organized, scam, service

If personal data is stolen, it is anything but a pleasure for those affected. However, when it comes to those previously involved in, or victims of, organized crime, the potential consequences are far more serious: Life and limb could be at stake.While it may sound a little far-fetched, this apparently what happened in the Japanese…
FBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probe

Nov 25, 2024 6:51 PM

Tags: access, blockchain, breach, ciso, cloud, communications, computer, control, crime, crimes, crypto, cybercrime, cybersecurity, data, email, fraud, group, hacking, identity, Internet, law, mail, okta, phishing, service, technology, theft, tool

The US Justice Department on Wednesday announced the arrest of five suspected members of the notorious Scattered Spider phishing crew, but the most interesting part of the case was a US Federal Bureau of Investigation (FBI) document detailing how easily the feds were able to track the phishers’ movements and activities. In recent years, services that push…
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice

Nov 25, 2024 6:51 PM

Tags: access, ai, apt, attack, captcha, chatgpt, control, cyber, cybercrime, defense, detection, email, espionage, finance, github, group, infrastructure, jobs, least-privilege, malicious, malware, marketplace, microsoft, open-source, password, phishing, powershell, social-engineering, software, technology, threat, tool, ukraine, update, vulnerability, windows

Threat groups are increasingly adopting a social engineering technique dubbed ClickFix to trick users into copying malicious PowerShell code and executing it themselves. Despite requiring more user interaction to succeed, the tactic has been adopted by several threat groups in recent months, suggesting it is reasonably effective at evading detection compared to relying on automated…
Job termination scam warns staff of phony Employment Tribunal decision

Nov 25, 2024 6:51 PM

Tags: access, awareness, ciso, computer, country, cybersecurity, data, defense, detection, email, intelligence, jobs, login, malicious, malware, microsoft, phishing, scam, service, social-engineering, software, threat, training, zero-trust

Creators of phishing messages usually want to create anxiety in their targets so they’ll unwittingly download malware. And nothing gets stomachs churning more than the possibility of losing your job.One of the latest examples of this was detected by Cloudflare, which issued a report Thursday on a recent job termination phishing scam that included some…
North Korean fake IT workers up the ante in targeting tech firms

Nov 25, 2024 6:51 PM

Tags: access, advisory, ai, awareness, breach, ciso, compliance, crowdstrike, crypto, cybercrime, data, deep-fake, detection, edr, email, exploit, extortion, finance, governance, government, grc, group, incident response, infrastructure, jobs, korea, north-korea, risk, scam, social-engineering, technology, theft, tool, unauthorized, usa, vpn

North Korean fake IT worker scams are evolving to incorporate theft and extortion as more examples of targeting against technology and other companies emerge.The deception typically features North Korean operatives posing as legitimate IT professionals in attempts to gain employment at Western firms, almost always for positions that offer remote working options.Once hired, these “remote…
Act fast to snuff out employee curiosity over ‘free’ AI apps

Nov 25, 2024 6:51 PM

Tags: access, ai, authentication, awareness, chatgpt, ciso, computer, crypto, cybercrime, cybersecurity, data, email, hacking, infection, intelligence, malware, mfa, monitoring, network, phishing, russia, scam, service, skills, strategy, threat, tool, training, windows

The word “free” has always tempted employees who are looking for an app or template to make their work easier. These days, combine “free” with “AI” and the lure is almost irresistible.Since the release of ChatGPT in late 2022, free AI-themed apps have exploded. Unfortunately, some are created by threat actors. One of the latest…
25th November Threat Intelligence Report

Nov 25, 2024 6:08 PM

Tags: communications, email, intelligence, threat

The Library of Congress, part of the US Capitol complex and home to the world’s largest media collection, was hacked by a foreign adversary, exposing email communications between Library staff and congressional […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/25th-november-threat-intelligence-report/
Huge Leak of Customer Data Includes Military Personnel Info

Nov 25, 2024 6:08 PM

Tags: china, data, data-breach, email, government, leak, military

EnamelPins, which manufactures and sells medals, pins, and other emblematic accessories, for months left open an Elasticsearch instance that exposed 300,000 customer emails, including 2,500 from military and government personnel. The company, based in California, also has links to China, Cybernews researchers wrote. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/huge-leak-of-customer-data-includes-military-personnel-info/
Security Affairs newsletter Round 499 by Pierluigi Paganini INTERNATIONAL EDITION

Nov 24, 2024 5:54 PM

Tags: apt, china, cyberattack, email, international, linux, WeeklyReview

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyberattack on gambling giant IGT disrupted portions of its IT systems China-linked APT Gelsemiumuses a new Linux…
Andrew Tate’s University Breach: 1 Million User Records and Chats Leaked

Nov 23, 2024 7:55 PM

Tags: breach, data, data-breach, email

Andrew Tate’s >>The Real World