Microsoft Sway Abused in Office 365 Phishing Attack
According to an analysis released by Group-IB on Thursday, a threat actor group called PerSwaysion has attacked Microsoft services, compromising at least 150 executives in a targeted phishing campaign. The attacks were effective in gathering the Office 365 credentials of the executives since mid-2019. The campaign’s success was attributed to
Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo
According to major US pharmaceutical firm ExecuPharm, the company was hit by a cyberattack on March 13 in which threat actors attacked the company’s IT systems with ransomware and demanded payment in return for decryption. The pharmaceutical firm stated that their servers were encrypted as a result of the attack
Fake Fedex and UPS delivery issues used in COVID-19 phishing
The online shopping and home delivery industries have experienced an influx over the past several weeks as people socially isolate and telecommute. Threat actors have been capitalizing on this recent adjustment, creating new scams luring victims through fake Coronavirus delivery issue emails. The emails contain malicious links or open malware.
COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
Google has stated that nearly a fifth of all phishing email messages that have been identified on its Gmail platform feature COVID-19 as part of their content, using the pandemic to lure victims into malicious links and attachments. The giant stated that last week, they saw roughly 18 million email
NASA under ‘significantly increasing’ hacking, phishing attacks
NASA reported that they have been observing increasing malicious activity originating from both cybercriminals and nation-state hackers targeting their personnel and systems while their employees telecommute during the COVID-19 pandemic. The agency stated that they had successfully blocked a wave of malicious cyberattacks with pre-existing mitigation tools and measures. However,
IRS Warns of Surge in Economic Stimulus Payment Scams
The IRS has warned Americans about an influx in scams related to the COVID-19 pandemic occurring over either email, phone calls, or social media that requests personal information while using fraudulent IRS stimulus checks as a lure. The scam campaign can result in identity theft and tax-related fraud and is
667% spike in email phishing attacks due to coronavirus fears
Amid the coronavirus pandemic, attackers are capitalizing on public fear and taking advantage of heightened emotions by targeting victims in email phishing attacks related to COVID-19. The number of email attacks related to COVID-19 has been increasing since January according to data collected by cybersecurity firm Barracuda Networks. However, the
WHO Chief Impersonated in Phishing to Deliver HawkEye Malware
A new and continuing phishing campaign is posing as the Director-General of the World Health Organization (WHO) and is spreading malware known as HawkEye to victims’ devices. According to IBM X-Force Threat Intelligence researchers, the campaign started on Thursday, the same day it was discovered after the researchers found several
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
An open Elasticsearch incident has reportedly exposed more than 5 billion records from 2012 to March 16, when the breach was discovered. The data in two of the collections is information on data breaches collected by a UK research firm over the course of the same time period. The data
Phishers Use Fake HIV Test Results as Bait
Cybersecurity researchers have discovered a new phishing campaign that uses fake HIV test results to gather information from victims after clicking a malicious link, targeting insurance, healthcare and pharmaceutical companies around the world. Researchers at Proofpoint uncovered the campaign, stating that the cybercriminals were impersonating Vanderbilt University Medical Center and