Office 365 Phishing Attack Targets Financial Execs
threatpost.com/office-365-phishing-attack-financial-execs/164925/ Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials. Also:
www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/
Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10
arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/ As if the mass-exploitation of Exchange servers wasn’t enough, now there’s BIG-IP. Last week, F5 disclosed and patched critical BIG-IP vulnerabilities that allow hackers to gain complete control of a server. Despite a severity rating of 9.8 out of 10, the security flaws got overshadowed by a different set of critical vulnerabilities Microsoft disclosed and patched in Exchange server a week earlier. Also:
thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html
Stalkerware in 2020 is still a burning issue
www.kaspersky.com/blog/stalkerware-in-2020/39102/ Stalkerware activity dropped off during the pandemic, but it’s picking up again. How to deal with the threat.
Report reveals the staggering scale of Business Email Compromise losses
blog.malwarebytes.com/business-2/2021/03/report-reveals-the-staggering-scale-of-business-email-compromise-losses/ The Internet Crime Complaint Center (IC3), an arm of the FBI where internet users can report online fraud crimes, recently released the 2020 Internet Crime Report, an annual report that contains high-level information on suspected fraud cases reported to them and their losses. A state-by-state statistical breakdown of these cases were included in an accompanying report, 2020 State Reports, that you can browse through here. Also:
www.ic3.gov/Media/PDF/AnnualReport/2020State/StateReport.aspx
The Week in Ransomware – March 19th 2021 – Highest ransom ever!
www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-19th-2021-highest-ransom-ever/ While the beginning of this week was fairly quiet, it definitely ended with a bang as news came out of the largest ransom demand yet.
US grid at rising risk to cyberattack, says GAO
thehill.com/policy/energy-environment/543831-government-watchdog-energy-department-must-address-cyber-threats-to Distribution systems within the U.S. electrical grid are increasingly vulnerable to cyberattack, a government watchdog said in a report released Thursday. www.gao.gov/assets/gao-21-81.pdf
4 Ways Hackers Are Bypassing Network Segmentation
infosecwriteups.com/4-ways-hackers-are-bypassing-network-segmentation-9190d6f71a70?source=rss—-7b722bfd1b8d—4&gi=f72540426c4f If you own a business or work in the industry, you’ve most likely heard of PCI and know maintaining compliance is critical for a business to continue accepting credit card payments.
Ryuk ransomware explained: A targeted, devastatingly effective attack
www.csoonline.com/article/3541810/ryuk-ransomware-explained-a-targeted-devastatingly-effective-attack.html#tk.rss_news Ryuk ransomware attacks are targeted to the most vulnerable, most likely to pay companies and are often paired with other malware such as TrickBot.