Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the attacks—the majority of which targeted European companies, with others seen in Asia and the Middle East–in April, when they discovered emails sent to victims titled “Office 365 Voice Mail.”
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division.
Zoom says it will begin allowing users of its videoconferencing software to enable end-to-end encryption of calls starting with a beta next month, the company announced on Wednesday. The feature won’t be restricted to paid enterprise users, either. It’s coming to both free and paid users, Zoom says, and it will be a toggle switch any call admin can turn on or disable, in the event they want to allow traditional phone lines or older conference room phones to join.
Security vulnerabilities in modern communication protocol GTP used by mobile network operators can be exploited by attackers to target 4G/5G users. Researchers at cybersecurity firm Positive Technologies Security have discovered several vulnerabilities in communication protocol GPRS Tunnelling Protocol (GTP), that is used by mobile network operators (MNOs). Threat actors could exploit these flaws to conduct several malicious activities against 4G/5G users.
Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot is a banking trojan used to steal banking credentials and financial data, as well as to log user keystrokes, deploy backdoors, and drop additional malware on compromised machines. Banks whose customers have been targeted are JP Morgan, Citibank, Bank of America, Citizens, Capital One, Wells Fargo, and FirstMerit Bank.