September 2, 2022
Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022. Today's announcement follows multiple reminders and warnings the company has issued over the last three years, the first published in September 2019. Read more >>>
August 31, 2022
Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. Read more >>>
August 22, 2022
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. Read more >>>
August 12, 2022
At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim’s network. This allows the threat actors to deploy highly-targeted attacks that are more difficult to detect and stop because of the social engineering component. Read more >>>
Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. Read more >>>
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign's goal is to breach corporate accounts to conduct BEC attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US. Read more >>>