Resecurity spotted a surge in phishing messages delivered via Azure Front Door, Microsoft’s cloud CDN service. Most of the content targeted Amazon, SendGrid, and Docusign customers. Through well-known cloud services the criminals are constantly trying to evade detection of their phishing attacks by posing themselves as legitimate.
Microsoft claimed that hackers are increasingly deploying malware, including QBot, Emotet, Bazarloader, and ICEID, through infected LNK files. To distribute LNK files to victims, threat actors use spam emails and malicious URLs. Users should exercise caution when opening dangerous links and attachments in phishing emails.
According to Akamai, that has been following the situation, the fertile ground for the bot was created by a backlog of over 700,000 passport applications on the Ministry of the Interior, resulting from the lifting of travel restrictions.
Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.
Tracked as CVE-2022–21445 (CVSS score of 9.8), the vulnerability is described as a deserialization of untrusted data, which could be exploited to achieve arbitrary code execution.
The GAO has warned that private insurance companies are increasingly backing out of covering damages from major cyberattacks — leaving American businesses facing “catastrophic financial loss” unless another insurance model can be found.
An unauthorized party accessed patients’ personal information at IU Health’s vendor MCG Health, including names, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and Social Security numbers.
The amended version of the NDAA bill establishes a cyber threat information collaboration environment between DoD, the intelligence community, and the Department of Homeland Security.
Electronics retailer Fast Shop suffered a hacker attack this Wednesday (June 22). Both the website and the app went offline, but the company said services have now been restored.
The attackers have used Cobalt Strike, Sliver, and several commercially available network scanners. They targeted an ESXi server exposed over VMWare Horizon UAG by exploiting the Log4Shell flaw.