Voicemail Scam Steals Microsoft Credentials

Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.

Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.

Voicemail Scam Steals Microsoft Credentials

Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.

Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

Google Warns of New Spyware Targeting iOS and Android Users

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

You Need to Update Windows and Chrome Right Now

Plus: Google issues fixes for Android bugs. And Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

A New, Remarkably Sophisticated Malware Is Attacking Routers

Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets.

The Worst Hacks and Breaches of 2022 So Far

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

How to Avoid the Worst Instagram Scams

Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in.

Apple’s Lockdown Mode Aims to Counter Spyware Threats

Starting with iOS 16, people who are at risk of being targeted with spyware will have some much-needed help.

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Will These Algorithms Save You From Quantum Threats?

Quantum-proof encryption is here—decades before it can be put to the test.

Chinese Police Exposed 1B People's Data in Unprecedented Leak

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.

Popular NFT Marketplace Phished for $540M

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware.

Popular NFT Marketplace Phished for $540M

In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware.

Large-Scale Phishing Campaign Bypasses MFA

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

Large-Scale Phishing Campaign Bypasses MFA

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack.

Journalists Emerge as Favored Attack Target for APTs

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

Journalists Emerge as Favored Attack Target for APTs

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

Amazon Handed Ring Videos to Cops Without Warrants

Plus: A wild Indian cricket scam, an elite CIA hacker is found guilty of passing secrets to WikiLeaks, and more of the week's top security news.

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.

The 2022 US Midterm Elections' Top Security Issue: Death Threats

While cybersecurity and foreign meddling remain priorities, domestic threats against election workers have risen to the top of the list.

The January 6 Secret Service Text Scandal Turns Criminal

Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

Messaging Apps Tapped as Platform for Cybercriminal Activity

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

Messaging Apps Tapped as Platform for Cybercriminal Activity

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

A New Attack Easily Knocked Out a Potential Encryption Algorithm

SIKE was a contender for post-quantum-computing encryption. It took researchers an hour and a single PC to break it.

The Microsoft Team Racing to Catch Bugs Before They Happen

What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks.

Open Redirect Flaw Snags Amex, Snapchat User Data

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

Open Redirect Flaw Snags Amex, Snapchat User Data

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

Phishers Swim Around 2FA in Coinbase Account Heists

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.

A Slack Bug Exposed Some Users’ Hashed Passwords for 5 Years

The exposure of cryptographically scrambled passwords isn’t a worst-case scenario—but it isn’t great, either.

The US Emergency Alert System Has Dangerous Flaws

Plus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.

Phishers Swim Around 2FA in Coinbase Account Heists

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.

GitHub Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.

One of 5G’s Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.

The Hacking of Starlink Terminals Has Begun

It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.

Google's Android Red Team Had a Full Pixel 6 Pwn Before Launch

Before the flagship phone ever landed in users’ hands, the security team thoroughly hacked it by finding bugs and developing exploits.