Daily NCSC-FI news followup 2020-09-20

Hackers leak details of 1,000 high-ranking Belarus police officers

www.zdnet.com/article/hackers-leak-details-of-1000-high-ranking-belarus-police-officers/ A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles.

Google App Engine feature abused to create unlimited phishing pages

www.bleepingcomputer.com/news/security/google-app-engine-feature-abused-to-create-unlimited-phishing-pages/ A newly discovered technique by a researcher shows how Google’s App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products. Google App Engine is a cloud-based service platform for developing and hosting web apps on Google’s servers. While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed.

The Cybersecurity Threat No One Talks About Is A Simple Code

www.forbes.com/sites/louiscolumbus/2020/09/20/the-cybersecurity-threat-no-one-talks-about-is-a-simple-code/ QR codes are going through a renaissance today. All businesses are focusing on how they can protect employees, customers and suppliers during the pandemic by adopting touchless transactions and services to provide a safer, more streamlined buying experience. Fraudsters are quick to capitalize on the opportunity QR codes soaring popularity present too. Combining social engineering with QR codes that can be created in a second, fraudsters are using them to open victims bank accounts and drain it within seconds, install malware, penetrate entire corporate networks and more.

Analysis of a Salesforce Phishing Emails

isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/ Over the past week, I have noticed several phishing emails linked to Salesforce asking to confirm the recipients email address.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.