Report: Microsoft Most Impersonated Brand in Phishing Scams

/in

Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point. Google was the second most impersonated brand in Q1 2024, making up 11% of attempts.

Cyware News – Latest Cyber News – ​Read More

XZ Utils might not have been the only sabotage target, open-source foundations warn

/in

The XZ Utils backdoor that recently sent ripples of concern through the Linux community may have only been the beginning.

Latest stories for ZDNET in Security – ​Read More

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

/in

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.
The vulnerability has been codenamed LeakyCLI by cloud security firm Orca.
“Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in

The Hacker News – ​Read More

New SteganoAmor Attacks Use Steganography to Target 320 Organizations Globally

/in

The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.

Cyware News – Latest Cyber News – ​Read More

3 Steps Executives and Boards Should Take to Ensure Cyber Readiness

/in

Many teams think they’re ready for a cyberattack, but events have shown that many don’t have an adequate incident response plan.

darkreading – ​Read More

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

/in

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.
“The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside

The Hacker News – ​Read More

Law Firm to Pay $8M to Settle Health Data Hack Lawsuit

/in

Orrick Herrington & Sutcliffe’s proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.

Cyware News – Latest Cyber News – ​Read More

FBI: Smishing Campaign Lures Victims With Unpaid-Toll Notices

/in

The scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages.

darkreading – ​Read More

LockBit 3.0 Variant Generates Custom, Self-Propagating Malware

/in

Kaspersky researchers discovered the new variant after responding to a critical incident targeting an organization in West Africa.

darkreading – ​Read More

Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million

/in

Charles O. Parks III was arrested and charged with defrauding two cloud-services providers of $3.5 million.

The post Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million appeared first on SecurityWeek.

SecurityWeek – ​Read More