U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

COVID-19 – Phishing attacks target employees that come back to the office

Hackers are attempting to exploit the return to the “new normal” after the governments are removing restrictions imposed in response to COVID-19. The number of COVID-19 infections are decreasing in many countries and some governments are reducing the restrictions for their citizens. Workers are going back to offices after months of remote working and crooks […]

post COVID-19 emails

Hackers are attempting to exploit the return to the “new normal” after the governments are removing restrictions imposed in response to COVID-19.

The number of COVID-19 infections are decreasing in many countries and some governments are reducing the restrictions for their citizens. Workers are going back to offices after months of remote working and crooks are attempting to exploit the situation by conducting spear-phishing attacks against their organizations.

Researchers from Cofense Phishing Defense Center (PDC) uncovered a phishing campaign aimed at gathering login credentials from employees by posing as the Chief Information Officer (CIO). The messages pretend to provide information about changes to business operations the company is taking relative to the COVID-19 pandemic.

post COVID-19 emails

“The body of the email appears to have been sent from a source within the company, giving the company’s logo in the header, as well as being signed spoofing the CIO. By pretending to be an executive, the threat actor has sent a false newsletter explaining the new precautions and changes to business operations the company is taking relative to the pandemic.” reads the analysis published by Cofense.

The emails were crafted to steal company and personal credentials, they include a link to a fake Microsoft SharePoint page with two documents that outline new business operations.

Upon clicking on the documents, victims have displayed a login panel that prompts them to provide login credentials to access the files.

“Instead of simply redirecting to a login page, this additional step adds more depth to the attack and gives the impression that they are actual documents from within the company.” continues the analysis. “This is uncommon among most Microsoft phishing pages where the tactic of spoofing the Microsoft login screen opens an authenticator panel,” the report said. “By giving the files the appearance of being real and not redirecting to another login page, the user may be more likely to supply their credentials in order to view the updates.”

In other attacks observed by the experts, threat actors used fake validated credentials. The first few times login information is entered into the panel, victims will observe the error message, “Your account or password is incorrect.”

Then the victim will be redirected to an authentic Microsoft page in the attempt to trick them into thinking they’ve successfully accessed the files. This technique trick victims into believing to have provided the correct login information and he has access to the OneDrive documents. Unfortunately, the threat actor now has full access to the account owner’s information.

“As the world begins returning to normal, and as new standards are set in place, threat actors are certain to continue using every tool at their disposal to steal information from whomever they target. This campaign is another example of the types of attacks designed to compromise credentials and evade secure email gateways.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, COVID-19)

[adrotate banner=”5″]

[adrotate banner=”13″]