Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

The Treat Post published a report on phishing attack targeting Microsoft users which leverages a bogus Google reCAPTCHA system.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims' companies.

According to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Google reCAPTCHA is a service that helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).

Read further on The Treat Post

Google: Bad bots are on the attack, and your defence plan is probably wrong

Report by ZDNet on Google's recommendations concerning modern bot attacks.

At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen "two years' worth of digital transformation in two months." Google now sees that attackers have adapted to these changed conditions and are boosting attacks on newly online businesses, with bots high on the list of tools used.

Read further on ZDNet

Criminals leveraging shift to remote work to develop targeted attacks

Helpnetsecurity.com reported on recent shift of cybercrime focus on remote workers.

Malwarebytes announced the findings of its report which explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes.

In the wake of this change, cybercriminals ditched many of their old tactics, placing a new emphasis on gathering intelligence, and exploiting and preying upon fears with targeted and sophisticated attacks. As a result, the report found a notable shift in the devices targeted and strategies deployed by cybercriminals.

Read further on helpnetsecurity.com

Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware

The Threat Post reported on a vulnerability threatening to the billion users of the unpatched application.

An Android app that's been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk (MiTD) attacks on people's devices, researchers discovered.

The flaws exist in an app called SHAREit, which allows Android app users to share files between friends or devices. They were identified and reported to the app maker three months ago by researchers at Trend Micro. However, the flaws remain unpatched, according to a report posted online Monday. Softonic, a company based in Barcelona, Spain, is the app's developer and distributor.

Read further on The Threat Post

In the shadow of SolarWinds: Personal reflections

The Security Magazine published an expert's opinion on SolarWinds situation.

As I traversed the globe for four years as the Cylance Ambassador-at-Large and would share with audiences and customers the prowess that AI-powered machine learning was bringing to the battlespace, I was frequently asked what we could anticipate in the way of a reaction from our adversaries. In the shadow of the SolarWinds compromise, my thoughts reverted to those questions. My response at the time was that we should definitely anticipate a retaliation, pivot or adjustment. There was too much at stake, financially and otherwise, for them not to respond.

Read further on the Security Magazine

Cisco DNA Center Bug Opens Enterprises to Remote Attack

The TheatPost published a news on Cisco DNA bug.

A cross-site request forgery (CSRF) vulnerability in the Cisco Digital Network Architecture (DNA) Center could open enterprise users to remote attack and takeover.

The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.

Read further on the ThreatPost

Cybercriminals Resort to Shady Ad Practices that Rip Off Users

The Hacker News published a report on using malicious ad practices on mobile devices.

Shady ad practices have become a significant source of threats for many mobile devices. Apart from being used as a channel to distribute malware, the attack vector is seeing a potential role in technical support scams using browser locking web pages, and for the propagation of fleeceware apps.

Read further


Switching to Signal? Turn on these settings now for greater privacy and security

ZDNet in view of the great migration to Signal gives some valuable advise on how to improve its privacy.

Many people are making the switch from WhatsApp to Signal. Many are switching because of the increased privacy and security that Signal offers.

But with a few simple tweaks, did you know that you can make Signal even more secure?

There are a few settings I suggest you enable. There are some cosmetic differences between the iOS and Android versions of Signal, but these tips apply to both platforms.

Read further on ZDNet

Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame?

SCMagazine reported on phishing campaign involving Microsoft domain.

An email security company says its researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft's servers were not enforcing protective DMARC authentication protocols when communications were received and perhaps still are not.

The campaign, according to a blog post published by the company Ironscales, uses a lure that suggests the recipient has important email messages that have been quarantined, and must click a link to salvage them. The phishing email reportedly alludes to a hosted email security feature that Microsoft introduced last September as a way to salvage emails that are wrongly labeled as spam, or phishes by the company's Exchange Online Protection filtering service.

Read further on the SCMagazine

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

The Hacker News reports on the features of TrickBot, one of the most notorious and adaptable malware botnets in the world.

The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to inject malicious code in the UEFI/BIOS firmware of a device, granting the attackers an effective mechanism of persistent malware storage.

"This marks a significant step in the evolution of TrickBot as UEFI level implants are the deepest, most powerful, and stealthy form of bootkits," the researchers said.

Read further on The Hacker News