Hackers are abusing a new technique: combining homoglyph domains with favicons to conduct credit card skimming attacks. Sophisticated skimming attacks like Magecart have incorporated favicons before and impacted well-known companies like Claire's, Tupperware, Smith & Wesson, Macy's, and British Airways. Being mere images, favicons give off the impression they are innocuous. But attackers find ways to abuse the associated metadata within these files for sinister purposes.
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. Previous efforts from Microsoft to eliminate this hazard work to an extent but cannot stop attackers from abusing Teams to plant and run their payloads. A patch for the new method is unlikely to emerge.
American medium-sized companies are actively targeted by LockBit ransomware operators according to an Interpol report on the impact the COVID-19 pandemic had on cybercrime around the world. The report was produced by Interpol's Cybercrime Directorate and it includes data from 48 Interpol member countries and 4 private partners, as well as info and analysis from Interpol's Cybercrime Threat Response (CTR) unit and its Cyber Fusion Centre (CFC).
The U.S. Federal Bureau of Investigation (FBI) has warned private industry partners of increased security risks impacting computer network infrastructure because of devices still running Windows 7 after the operating system reached its end of life on January 14. "The FBI has observed cybercriminals targeting computer network infrastructure after an operating system achieves end of life status," the FBI said in a private industry notification (PIN) issued yesterday.
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. The attackers behind these attacks took advantage of the fact that the domains used by Google's Ads platform are overlooked by SEGs, which allows them to deliver their phishing messages to their targets' inboxes bypassing email filters.