Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations. The campaign, targeting Office 365 users, sends an email that includes a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.” Instead of a legitimate sign-up page, however, it instead directs users to a malicious link, where they are asked to input their credentials (at the moment that…
ISBuzz Team
The NCSC announced that it has received one million phishing reports since launching its Suspicious Email Reporting Service. The cybersecurity experts commented below on the importance of reporting phishing emails and how it help to prevent the frauds.
This week’s report on encrypted malware evading security through uninspected HTTPS. With enterprises grappling with an increasing remote workforce and how to properly secure their employees, there is a greater focus on making sure basic security measures are taken.
Avanan’s security analysts have detected new malicious .slk files bypassing Microsoft 365 security, risking 200M+ users. In this attack, hackers send an email with an .slk attachment that contains a malicious macro (MSI exec script) to download and install a remote access trojan. The attack specifically targets Microsoft 365 accounts and until recently, was isolated to a small number of organizations. This has changed. Please find below the attack details. SYLKin Attack: New Malicious .slk files are bypassing Microsoft 365 Security, Risking 200M+ UsersShare A new attack method bypasses both Microsoft 365 default security (EOP) and advanced security (ATP). At the time of…
Reaching out in regards to the saddening data breach suffered by Aspire News, an app backed by Dr.Phil to help domestic violence victims covertly signal distress. The breach, leaking thousands of uploaded video recordings, was due to an unprotected cloud server left open for anyone online to access.
Infosecurity Magazine reports personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk of being targeted by scams. The leak was discovered by Risk Based Security’s data breach research team on June 6 when a known threat actor revealed they had compromised Preen.Me’s systems and were holding the personal information of over 100,000 affiliated influencers under…
Tomorrow (26th June) is the 75th anniversary of the signing of the UN Charter, designed to increase international cooperation and peace. However, 75 years on, the rules of engagement have been challenged by the fact that military operations are no longer confined to land, air, and sea.
In response to news that the ACLU of Michigan is lodging a complaint against Detroit police on behalf of a black man falsely arrested because facial recognition technology it uses cannot consistently and accurately tell black people apart, a security expert offers perspective on facial reco and the tech sector’s diversity gap.
A new variant of the crypto-miner malware ‘Golang’, is targeting Windows and Linux machines, according to researchers at Barracuda Networks, the trusted partner and leading provider for cloud-enabled security solutions. Instead of targeting end-users, this new malware attacks servers, targeting web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL. Its main goal is to mine Monero cryptocurrency using a known miner, XMRig. The malware spreads like a worm, searching, and infecting other vulnerable machines. Barracuda researchers also revealed that, once the malware infects a machine, it downloads a number of dangerous files, which are customised based upon the…
Cybersecurity is one of the most widely discussed topics in the world of technology today. Despite security solutions being constantly developed and improved, small businesses (SMBs) and home office workers (SOHOs) remain largely unprepared for a potential data breach or cyberattack. Furthermore, small businesses often believe they are too small to be the targets of cyberattacks. But the fact of the matter is, around a quarter of SMBs and SOHOs do not have any cybersecurity strategies in place, so are one of the primary targets for cybercriminals as a result. And with home working becoming a necessity for most organisations,…