You are here

Home » Cybersecurity

Cybersecurity

Threat Awareness – Another Microsoft Phishing Campaign Capable of Bypassing Multifactor Authentication

A new large-scale phishing campaign is employing a custom proxy-based phishing kit to bypass multi-factor authentication (MFA) and a variety of URL obfuscation techniques to circumvent email security software to steal credentials for Microsoft email accounts, according to security researchers at Zscaler. Notably, the campaign has targeted energy companies in the U.S., the U.K., New Zealand, and Australia. Researchers believe the goal of the campaign is to compromise corporate email accounts to carry out BEC (business email compromise) attacks.

Cyber Resilience – CISA’s Cyber Guidance and Free Resources for Small Businesses

The Cybersecurity and Infrastructure Security Agency (CISA) published a cybersecurity action plan and resource guide for small organizations that may not have the maturity or financial resources of larger firms. In the guide, CISA lays out an action plan informed by the way cyber attacks actually happen. According to CISA, “we break the tasks down by role, starting with the CEO. We then detail tasks for a Security Program Manager, and the Information Technology (IT) team.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 4, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Security Awareness – Trustworthy Brands Make for Convincing Scams

When it comes to phishing and other scams, as a society, we’ve largely grasped the age-old “don’t click on things you don’t recognize” advice. However, threat actors turned that age-old advice against us years ago when they began leveraging well-known brands to trick us into clicking on their malicious links and attachments. The success of social engineering based cyber attacks relies on trust and it’s the trust those brands have already engendered that give scams the air of credibility.

VMWare Releases Security Advisory Addressing Multiple Security Vulnerabilities, Urges Organizations to Patch Immediately

Today, VMWare released a security advisory warning system administrators to patch a critical authentication bypass security vulnerability that affects local domain users in multiple products and allows unauthenticated attackers to gain admin privileges.

Security Awareness – Microsoft Top Brand Impersonated in Phishing Attacks During First Half of 2022

Brand impersonation attacks, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most deceptive forms of phishing. A recent report from the email security company Vade identifies the top brands threat actors impersonated in brand phishing attacks in the first half of 2022.

Threat Awareness – Unpatched Microsoft Exchange Servers Infected with IIS Backdoors

Multiple security researchers have discovered that threat actors are increasingly employing malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers. These malicious IIS extensions provide adversaries with a durable persistence tool and are harder to detect than web shells with traditional security tools “since they mainly reside in the same directories as legitimate modules used by target applications,” according to Microsoft.

Pages

Subscribe to Cybersecurity