Microsoft has warned that Office 365 customers are receiving phishing emails that aim to trick unsuspecting users into giving OAuth permissions to an app that allows attackers to read and write emails. The OAuth phishing emails were delivered to hundreds of Office 365 customers, warned the Microsoft Security Intelligence team.

A convincing yet illegitimate government procurement portal is advertising the opportunity to submit a bid for government projects. However, the site harvests credentials from unassuming victims instead. The phishing campaign is targeting aspiring government vendors with an invitation to bid on fake federal projects within the US Department of Labor.

A group named Patchwork by Malwarebytes has been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT). The group has been traced back to India and is also known by the names Hangover Group, Dropping Elephant, Chinastrats, and Monsoon. The group has been active

Hellmann Worldwide Logistics, a German logistics provider, has warned its customers of social engineering attacks after a ransomware attack compromised some of the company’s systems earlier this month. As a result of the attack, Hellmann was forced to take its IT systems temporarily offline on December 9. Hellmann has confirmed

Threat researchers at Lookout are seeking to take down a phishing campaign that has allegedly been targeting members of the US military and their families. The campaign has been operating for a while and impersonates military support organizations and personnel to commit advance fee fraud and steal sensitive personal and

According to a new study by Proofpoint, more than four-fifths (81%) of UK retailers are putting consumers at risk of email fraud. Proofpoint found that an alarmingly high number of companies are not implementing the recommended level of domain-based message authentication, reporting, and conformance protection (DMARC). DMARC is an email

According to Microsoft, a new campaign has been observed targeting Microsoft 365 users deploying sophisticated obfuscation tactics to avoid security protections. The campaign is designed to harvest credentials. The business email compromise campaign is tricking natural language processing filters through hiding text in a one-point font size within messages. According

A North Korean hacking group has been targeting think tanks in South Korea through blog posts riddled with malware. The new campaign dates back to June 2021 and consists of a state-sponsored advanced persistent threat group attempting to plant surveillance and theft-based malware on South Korean victim machines. Researchers from

A new campaign impersonating Proofpoint has successfully avoided Microsoft email security. The campaign consists of phishers attempting to fool targets into believing the email comes from Proofpoint, a well-known cybersecurity company, in an attempt to steal Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, one such

At least 6,000 Coinbase customers were robbed after attackers were able to bypass the multi-factor authentication on the cryptocurrency exchange platform. Coinbase suspects phishing allowed the attackers to access personal details, but also blamed a flaw in the multi-factor authentication process. The theft occurred between March and May 20, 2021.