Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of two campaigns that ran between September and December 2020, targeting victims in multiple recurring waves.
Cyber News
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.
The concept of TMI – too much information – doesn’t just apply to socially awkward dinner conversations with your surprisingly loose-lipped blind date. Employees and executives are often oversharing personal details on social media and even in automated out-of-office (OOO) email messages. And under the wrong circumstances, an attacker could use some of these shared details to gain access to company networks.
The threat of scam text messages may now seem distant, even quaint. With the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But they can still be a big problem. Short message service (SMS) scams are social engineering attacks that work like email phishing attacks. Called ‘smishing’ (a mashup of SMS and phishing), the attacks aim to trick the victim into providing info or access that benefits the attacker.
The Office of the Washington State Auditor is investigating a security incident which has compromised the personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. State Auditor Pat McCarthy’s office blamed the breach on a third party software provider named Accellion, whose services are used to transmit computer files.
Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a Paycheck Protection Program (PPP) loan to keep their business going during the COVID-19 crisis.