Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
Cybercriminals are abusing cloud services, such as Google Cloud Services, to arrange a phishing campaign aimed at stealing Office 365 logins. Check Point reports attackers relied on Google Drive to host a malicious PDF document and Google’s "storage[.]googleapis[.]com" to host the phishing page. The page is designed to trick victims into providing their Office 365 logins or organization e-mail. WESTptotect recommendations include educating staff on phishing and not clicking on unknown links.
It's estimated around one billion online records have been exposed in a massive data breach, potentially affecting more than 20 million users of free Virtual Private Network (VPN) apps. vpnMentor cybersecurity researchers claim they found an unsecured server shared by several VPNs - software designed to protect users' privacy by hiding their identities.
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended. This Phishing campaign impersonating automated Zoom account suspension alerts has landed in over 50,000 mailboxes with the end goal of stealing Office 365 logins. WESTprotect recommends you use extra caution before clicking suspicious links and ensure patches are up-to-date.
Researchers from cybersecurity firm, ACROS Security, have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. The vulnerability is a remote code execution issue that allows the targeted user to perform some typical action such as opening a document file without any warning being shown. We recommend that you apply the latest patches available immediately to protect from known security risks.