Phishing Campaign Spoofs Microsoft Teams
Oct23

Phishing Campaign Spoofs Microsoft Teams

A large-scale phishing campaign is being conducted that spoofs Microsoft Teams in an attempt to get users to part with their Microsoft Office 365 credentials. Abnormal Security reports that up to 50,000 mailboxes have been targeted in the campaign so far. The emails appear to be automatic notifications from Microsoft with “There’s new activity in Teams” as the display name. The subject line indicates messages have been sent in Teams...

Read More
Top 25 Vulnerabilities Exploited by Chinese State Sponsored Hackers
Oct22

Top 25 Vulnerabilities Exploited by Chinese State Sponsored Hackers

Chinese state-backed hackers are targeting U.S. organizations for espionage purposes, with access to computer systems usually gained by exploiting unpatched vulnerabilities. Hackers are scanning for unpatched systems and use publicly released or homegrown exploits to gain a foothold in networks with a view to stealing intellectual property and sensitive data. On Tuesday, the U.S. National Security Agency (NSA) published a list of 25...

Read More
DOJ Charges 6 GRU Hackers for NotPetya Wiper Attacks
Oct21

DOJ Charges 6 GRU Hackers for NotPetya Wiper Attacks

The U.S. Department of Justice has indicted six Russian intelligence operatives for the 2017 NotPetya malware attacks and other major hacking operations. All six individuals are believed to be members of Russia’s Main Intelligence Directorate, GRU, and specifically GRU Unit 74455, otherwise known as Sandworm. The hackers are believed to be responsible for the June 27, 2017 destructive NotPetya attacks, which have been estimated...

Read More
Ryuk Ransomware Gang Uses Zerologon Exploit to Achieve Domain-Wide Encryption in Just 5 Hours
Oct20

Ryuk Ransomware Gang Uses Zerologon Exploit to Achieve Domain-Wide Encryption in Just 5 Hours

The threat actors behind Ryuk ransomware have started using an exploit for the Zerologon privilege escalation flaw, CVE-2020-1472, which has allowed them to perform ransomware attacks at breakneck speed. The Zerologon vulnerability allows them to compromise a domain controller and all Active Directory identity services. In one successful attack, it took the attackers just two hours from an initial phish to exploit the vulnerability,...

Read More
Microsoft Issues Out-of-Band Updates to Correct Two RCE Flaws
Oct19

Microsoft Issues Out-of-Band Updates to Correct Two RCE Flaws

On Friday, Microsoft issued out-of-band patches to correct two flaws which could potentially lead to remote code execution. The flaws have been rated ‘important’ by Microsoft, although they could potentially be exploited by an attacker to gain full control of a vulnerable system. One of the flaws – tracked as CVE-2020-17023 – affects Microsoft’s Visual Studio Core, a source code editor for Windows, Linux, and macOS. If exploited, an...

Read More