Email security

The FBI is warning that criminals are using business email compromise (BEC) tactics to target vendors in a variety of industries, including computer hardware vendors, to obtain their products without paying. 

North Korean state-sponsored threat operation Kimsuky, also known as Thallium and Velvet Chollima, has launched a new spear-phishing campaign involving the use of malicious Google Chrome extensions to exfiltrate Gmail emails, BleepingComputer reports.

Abnormal Security identified and stopped a vendor email compromise scam from escalating for one of its clients, a well-known real estate company.

Security researchers have been unpacking the now-patched zero-day in Outlook that allows for elevation of privileges.

BleepingComputer reports that the NBA has been affected by a data breach following the compromise of a third-party service provider it uses for emailing fans updates regarding the NBA, WNBA, NBA G League, NBA 2K League, and Basketball League Africa.

Cloud-based e-signature service Adobe Acrobat Sign is being exploited by threat actors to facilitate the deployment of the RedLine information-stealing malware, BleepingComputer reports.

Microsoft has addressed a critical zero-day security flaw in Outlook that has been leveraged by Russian state-sponsored hacking operation APT28, also known as Fancy Bear, STRONTIUM, Sofacy, and Sednit, in its attacks against European organizations, reports BleepingComputer.