Cybercriminals are abusing cloud services, such as Google Cloud Services, to arrange a phishing campaign aimed at stealing Office 365 logins. Check Point reports attackers relied on Google Drive to host a malicious PDF document and Google’s "storage[.]googleapis[.]com" to host the phishing page. The page is designed to trick victims into providing their Office 365 logins or organization e-mail. WESTptotect recommendations include educating staff on phishing and not clicking on unknown links.
Cyber News
Cyber threats are evolving every day, keeping up with them is a full-time job. The WESTprotect Cyber News is your source for how these changes affect you in the real estate, title, mortgage, and settlement services industry. From cyber threats to new Tactics, Techniques, and Procedures (TTP’s) we’ve got you covered.
Businesses worldwide have seen a jump in cyber-attacks with most reporting an increase in COVID-19 related malware. The COVID-19 outbreak also unveiled gaps in business recovery planning. These gaps are reported as slight to severe in 89% of cases in the country, and another 86% uncovered gaps in their IT operations because of the pandemic. Additionally, 85% identified problems due to a remote workforce and 73.5% had issues related to the visibility of cybersecurity threats.
It's estimated around one billion online records have been exposed in a massive data breach, potentially affecting more than 20 million users of free Virtual Private Network (VPN) apps. vpnMentor cybersecurity researchers claim they found an unsecured server shared by several VPNs - software designed to protect users' privacy by hiding their identities.
Threat intelligence firm, Cyble has identified a credible actor selling personal details and SSNs of approximately 40,000 U.S. citizens on the dark web. The leaked records include name, Address, City, State, SSN, and Date of Birth. WESTprotect recommends you not share personal information, including financial information over the phone, email, or SMS, WESTprotect also recommends that you use multi-factor authentication where possible.
Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended. This Phishing campaign impersonating automated Zoom account suspension alerts has landed in over 50,000 mailboxes with the end goal of stealing Office 365 logins. WESTprotect recommends you use extra caution before clicking suspicious links and ensure patches are up-to-date.
Researchers from cybersecurity firm, ACROS Security, have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. The vulnerability is a remote code execution issue that allows the targeted user to perform some typical action such as opening a document file without any warning being shown. We recommend that you apply the latest patches available immediately to protect from known security risks.