The number of targets being attacked by phishers – the banks, app providers, universities, and other entities that phishers imitate in order to fool victims – has continued to rise through 2021.
Threat actors are exploiting unsecured GCP instances to download cryptominers as well as abusing the cloud infrastructure to install ransomware, stage phishing campaigns, and more.
Sending the messages from the organization’s servers allows the attackers to bypass detection. Threat actors also exploit the access to internal emails to target business partners.
The vulnerability, discovered by the security researcher Abdelhamid Naceri, can be exploited to bypass a patch released by Microsoft in February to address another information disclosure flaw.
Ransomware attacks on the healthcare sector directly impact the patients. A Ponemon study revealed that a successful attack can lead to a longer stay for patients at around 70% of healthcare delivery organizations.
A notorious group of hackers has been found targeting customers of banks with phony fraud alerts and stealing thousands of dollars from their bank accounts. The scam first came to light in August.
Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to steal data. It hides in the Linux calendar sub-system as a task that has a nonexistent date viz. February 31. Organizations are suggested to invest more in data protection solutions to secure sensitive information.
A new Iranian actor was spotted abusing an RCE flaw in Microsoft MSHTML to target Farsi-speaking people globally and stealing their Google and Instagram credentials. The attacks started in July via spear-phishing emails that targeted Windows users with Winword attachments. Exports recommend organizations implement a robust patch program and deploy reliable anti-malware solutions.
The FBI has warned that online shoppers are at risk of losing more than $53 million this year to holiday scams that promise fake bargains and hard-to-find gifts.
The Israeli government has restricted the list of countries to which local security firms are allowed to sell surveillance and offensive hacking tools by almost two-thirds from 102 to 37 entries.