Thousands of Systems Turned Into Proxy Exit Nodes via Malware
To date, AT&T Alien Labs researchers have identified over 400,000 systems that act as proxy exit nodes in this network. However, it is unclear how many of these were infected, and the company that offers the proxy service claims that all devices pertain to users who are aware of the proxy application’s functionality. Last week,…
QR Code Phishing Campaign Targets Top US Energy Company
Attackers targeted a major US energy company with a phishing campaign that overall sent more than 1,000 emails armed with malicious QR codes aimed at stealing Microsoft credentials. The campaign, discovered by Cofense in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications — including Salesforce and…
Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn
Threat actors’ use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. “The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps,” Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service…
Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department
A government department in Colorado is the latest victim of a third-party attack by Russia’s Cl0p ransomware group in connection with the MOVEit Managed File Transfer platform. Department officials say that the group stole the personal health data of about 4 million members of state health programs from IBM-managed systems. On May 31, the Colorado…
Dell Credentials Bug Opens VMware Environments to Takeover
Hardcoded credentials in the Dell Compellent storage array service could enable attackers to take over enterprise VMware environments for any organizations running those two services in collaboration. Dell Compellent reached its end of life in 2019, and holds less than a 1% share of the data storage market, according to Enlyft. However, organizations still using…
Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows
A Microsoft 365 phishing campaign has targeted over 100 companies since March and successfully compromised accounts belonging to senior business executives. The attackers used EvilProxy, a phishing toolkit that uses reverse-proxy tactics to bypass multifactor authentication (MFA). “Contrary to what one might anticipate, there has been an increase in account takeovers among tenants that have…
Law Enforcement Takes Down Phishing As A Service Site
An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. Authorities in Indonesia arrested the site’s alleged administrator and another man, while Japanese police arrested an additional suspect, Interpol announced Tuesday. The site, 16shop, has been in existence since at least 2017. It…
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications
After vulnerabilities were found in the TETRA communications protocol that powers industrial control systems globally, researchers have revealed new research showing multiple additional zero-day vulnerabilities in a Motorola base station and system chip. Both are required to run and decrypt the TETRA communications algorithm, potentially exposing sensitive information. TETRA, or Terrestrial Trunked Radio, is a…
White House Pushes Cybersecurity Defense for K-12 Schools
The Biden administration says it want to get ahead of ransomware attacks against schools before tens of millions of pupils resume studies later this month. Typically understaffed and underfunded when it comes to cybersecurity, American K-12 schools have experienced a ramp-up in ransomware attacks, particularly after the novel coronavirus pandemic forced hasty adoption of remote…
Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings. So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely…
