Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
Threatpost editors discuss a phishing attack abusing Microsoft Sway, a Microsoft Teams flaw and an Android spyware campaign unearthed this week.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
Two severe security flaws have been discovered in the open-source SaltStack Sat configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version…
The Scouts acknowledged the necessity to “Be Prepared” over 100 years (!) ago; the industry should have, as well. Yet COVID-19 took businesses – more like the entire world – by surprise. Very few were prepared for the explosion of remote access, and the challenge of instantly shifting an entire organization to work from anywhere.…
Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system (LMS) plugins that various organizations and universities use to offer online training courses through their WordPress-based websites. According to the Check Point Research Team, the three WordPress plugins in question — LearnPress, LearnDash, and LifterLMS — have security…
A new type of mobile banking malware has been discovered abusing Android’s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called “EventBot” by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets…
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed ‘PerSwaysion,’ the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted phishing attacks. According to…
Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
Cisco’s IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
