Cyber News
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
Microsoft will disable Exchange Online basic auth next month
September 2, 2022
Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022. Today's announcement follows multiple reminders and warnings the company has issued over the last three years, the first published in September 2019. Read more >>>
Hackers hide malware in James Webb telescope images
August 31, 2022
Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. Read more >>>
PayPal Phishing Scam Uses Invoices Sent Via PayPal
August 22, 2022
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. Read more >>>
Ransomware gangs move to 'callback' social engineering attacks
August 12, 2022
At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim’s network. This allows the threat actors to deploy highly-targeted attacks that are more difficult to detect and stop because of the social engineering component. Read more >>>
Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. Read more >>>
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign's goal is to breach corporate accounts to conduct BEC attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US. Read more >>>
