Email security

FTC: Impersonation scam losses exceed $1.1B

SC StaffApril 2, 2024

BleepingComputer reports that the U.S. was noted by the Federal Trade Commission to have incurred more than $1.1 billion in losses from impersonation scams last year, a threefold increase from 2020.

Network Security

Germany: Vulnerable internet-exposed Microsoft Exchange servers prevalent

SC StaffMarch 27, 2024

Nearly 17,000 internet-exposed Microsoft Exchange servers across Germany were confirmed by the country's Federal Office for Information Security, or BSI, to have significant security issues, reports BleepingComputer.

Email security

Third-Party Risk Management – BEC Compromises and the Cloud – Michael Swinarski – CSP #167

March 26, 2024

Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ...

Identity

New Tycoon 2FA PhaaS kit examined

SC StaffMarch 26, 2024

Microsoft 365 and Gmail accounts have been increasingly targeted with attacks leveraging the new Tycoon 2FA phishing-as-a-service kit.

A computer screen displays a digital alert of an email phishing threat, accompanied by a striking red warning sign.

Email security

Novel MuddyWater phishing campaign hits Israel

SC StaffMarch 26, 2024

Attacks commenced with the delivery of malicious emails with PDF attachments linking to file-sharing site-hosted documents, which when opened fetches an MSI installer-containing ZIP archive that prompts Atera Agent installation.

Concept of cyber crime, hand using laptop and show malware screen that comes with email, hack password and personal data.

Network Security

StrelaStealer malware hits more than 100 EU and US organizations

Steve ZurierMarch 25, 2024

Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.

Barracuda zero-day bug analysis finds new payloads, no attribution

Data Security

Massive StrelaStealer malware campaign hits US, Europe

SC StaffMarch 25, 2024

More than 100 organizations in the U.S. and Europe have been subjected to a far-reaching StrelaStealer malware attack campaign aimed at exfiltrating email account credentials that peaked from late January to early February, BleepingComputer reports.

Businessmen use laptops to access information in online documents. through the protection system.Document Management System (DMS), online documentation database, and digital file storage system.

Email security

Document publishing sites leveraged in phishing attacks

SC StaffMarch 20, 2024

Digital document publishing sites have been exploited by threat actors to facilitate new phishing attacks that better bypass email security controls.

Email security

FTC: Impersonation scam losses exceed $1.1B

Germany: Vulnerable internet-exposed Microsoft Exchange servers prevalent

Third-Party Risk Management – BEC Compromises and the Cloud – Michael Swinarski – CSP #167

New Tycoon 2FA PhaaS kit examined

Novel MuddyWater phishing campaign hits Israel

StrelaStealer malware hits more than 100 EU and US organizations

Massive StrelaStealer malware campaign hits US, Europe

Document publishing sites leveraged in phishing attacks

Fast Five

Selected by the SC Media Editorial team every Tuesday.