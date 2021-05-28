Cancel
CreatorsPublishersAdvertisers
View more in
Public Safety

Microsoft: SolarWinds hackers are back with new wave of phishing attacks

wraltechwire.com
 28 days ago

Cover picture for the articleThe state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft reports. The effort targeted about 3,000 email accounts at more than...

www.wraltechwire.com
View All 1 Commentsarrow_down
IN THIS ARTICLE
#Phishing Attacks#Phishing Emails#Hackers#Russian#Volexity#Triangle#Constant Contact
YOU MAY ALSO LIKE
News Break
Microsoft
News Break
SolarWinds
News Break
Public Safety
News Break
Technology
Country
Russia
Related
Technologymyce.com

Microsoft Warns of New Nobelium Phishing Campaign

Microsoft has recently issued a warning regarding the Russian-backed group known as Nobelium. The group is currently engaged in a phishing campaign after having gained control over the Constant Contact account used by USAID. Constant Contact is an email marketing platform. Through control of this account, Nobelium has been able...
whatreallyhappened.com

Russian hackers attacking organizations through system used by USAID, says Microsoft

Russia-linked hackers behind the SolarWinds attack have been targeting government agencies, think tanks and non-governmental organizations through the email system of the U.S. Agency for International Development, Microsoft said late Thursday. The wide-scale attack was uncovered this week by the Microsoft Threat Intelligence Center who on Thursday identified the group...
Technologynationalcybersecuritynews.today

Microsoft and Google cloud platforms leveraged for phishing attacks | #microsoft | #hacking | #cybersecurity

With the global population moving to a more remote office structure because of the COVID-19 pandemic, it was inevitable for cybercriminals to take advantage of the situation. Security researchers have noticed an overall uptick in various schemes, many of them successful, like phishing attacks in the past year or so. According to researchers at Proofpoint, it appears that criminals are utilizing cloud infrastructure from Microsoft and Google (Microsoft 365, Azure, OneDrive, SharePoint, G Suite, and Firebase storage) to commit various large-scale phishing attacks.
TechnologyLumia UK

Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools, products, and services people and organizations use on a daily basis, but also in the security that needs to be built into these technologies to protect them against adversaries intent on abusing the same technologies for nefarious purposes.
Technologyinfosecurity-magazine.com

Novel Phishing Attack Abuses Google Drive and Docs

Enterprising cyber-criminals have found a way to create convincing phishing emails which abuse Google Docs and Drive functionality to bypass security filters, according to Avanan. Researchers at the email security vendor claimed this is the first time such techniques have been used to piggyback on a popular service like Google’s.
Public Safetysecuritybrief.asia

Phishing remains number one threat to cyber safety, while stalkerware, gaming attacks are on the rise

Phishing campaigns remain the number one threat to consumer cyber safety, according to the latest research from NortonLifeLock. Norton Labs, NortonLifeLock’s global research team, has launched its first quarterly Consumer Cyber Safety Pulse Report, tapping into the company’s breadth of threat telemetry to reveal the top cybersecurity trends from January to March 2021.
Public Safetynationalcybersecuritynews.today

Ransomware Hacker Skills Now As Good or Better Than Countries, Expert Says | #microsoft | #hacking | #cybersecurity

Following the attack on the Colonial Pipeline last month and the data breach at Solar Winds that started late last year, Cybersecurity is gaining more attention nationally. Industry leaders met Thursday in a panel hosted by CISO Street, an online community and information resource for cybersecurity professionals, on lessons learned from the recent cybersecurity attacks.
Internetsecuritymagazine.com

Threat actors are using Google Docs to host phishing attacks

Avanan analysts have recently discovered an exploit vector in Google Docs that attackers are using to deliver malicious phishing websites to victims. The attacker wants the victim to “Click here to download the document” and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another webpage made to look like the Google Login portal.
InternetDark Reading

Attackers Find New Way to Exploit Google Docs for Phishing

Researchers spotted what they describe as a new method that attackers appear to be using to lure victims to malicious phishing websites via Google Docs. The attack chain begins with the threat actor sending potential victims an email—on a topic of likely interest or relevance to the victim—with a link to a document on Google Docs. Users who follow the link are directed to a Google Docs page with what appears to be a downloadable document, according to researchers at Avanan.
Public Safetynationalcybersecuritynews.today

REvil hacker group attacks Sol Oriens with ransomware | #malware | #ransomware

The hacker group REvil has become a headache for a new victim: a 50-person firm based in Albuquerque that consults with the federal government on security-related projects. Sol Oriens, which consults for the U.S. Department of Energy’s National Nuclear Safety Administration, confirmed to CNBC that it became aware of the “cybersecurity incident” in May, its investigation is ongoing and law enforcement has been notified.
Technologynationalcybersecuritynews.today

Microsoft: Chinese Hackers Are Exploiting Exchange Server Flaws to Steal Emails | #computerhacking | #hacking

(Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images) If you run Microsoft Exchange Server, it’s time to patch. A hacking group is exploiting previously unknown vulnerabilities to steal email files from US-based servers. On Tuesday, Microsoft warned the public about the attacks, which it blamed on a Chinese state-sponsored...
Public Safetyfoxwilmington.com

Worst hackers avoid attacking Eastern European countries: reports

Some of the most notorious hackers steer clear of attacking organizations in Eastern European countries. DarkSide, the criminal organization behind the Colonial Pipeline cyberattack, and other high-profile hacking groups bar their partners from installing malicious software on computers using certain languages, according to Krebs on Security, a cybersecurity news site.
Public Safetyheimdalsecurity.com

We Are Witnessing a Wave of Credential Stuffing Attacks

In Ath0’s inaugural security report can be noticed key areas of concern for the security professionals responsible for managing digital identities, including the exponential rise of credential stuffing attacks. Credential stuffing is a cyberattack method used by attackers to compromise user credentials and breach a system. This type of attack...
SolarWindsscmagazine.com

Achieving Reliable Supply Chain Attack Detection Following the SolarWinds Breach

As organizations continue to embrace third-party vendors for software and applications, they expose themselves to potential risks in their supply chain. New types of attacks increase the risks associated with a supply chain attack considerably. Attackers have more resources and tools at their disposal than ever before, creating a perfect storm.
Technologysecurityboulevard.com

How to Create a Simulated Phishing Attack Across Your Company

Email is one of the many weapons at the disposal of bad actors on the Internet, and your employees are in the firing line. Attackers try to hide behind a trusted entity, sometimes even masquerading as a known vendor or even as a representative of a group within your own organization, like HR or IT. They frequently offer something the victim might want or need, or a company or individual that the intended victim can relate to or might do business with – to get their quarry to download an attachment or click a link. This could be for various reasons; such as installing ransomware, stealing user data and passwords, collecting financial or system information, and other nefarious purposes. While email phishing dates back to the 1990s and is one of the earliest forms of cyberattack, it’s still one of the most prevalent, with phishing tactics becoming more and more sophisticated every day. Here are some data points that should give you pause, and start you thinking about your own enterprise’s security posture.