Email security

BleepingComputer reports that more threat actors have been exploiting software-as-a-service platforms to host credential-stealing phishing campaigns, with phishing URLs on SaaS platforms increasing by more than 1,100% between June 2021 and June 2022.

Mitiga researchers spotted a business email compromise campaign leveraging inherent weaknesses in Microsoft 365 Multi-Factor Authentication, Authenticator, and Identity Protection.

Iranian-backed threat group Charming Kitten was observed in December using a novel tool called “Hyperscrape” used to download email from Gmail, Yahoo and Microsoft Outlook accounts, Google’s Threat Analysis Group (TAG) detailed in a blog post Tuesday.

Security researchers say hackers will continue to leverage popular, legitimate sites such as AWS, to host malicious pages to bypass web filters.

Barracuda Email Protection offers a multi-layered approach to the many challenges companies face managing email security. Armed with Barracuda Email Protection, IT and security teams can quickly identify the scope of an incident and automate post-delivery remediation, saving time and significantly reducing risk of potential security breach.

Two new HC3 alerts share threat tactics and recommended remediation to combat ongoing social engineering attempts and the rise of vishing attacks on the healthcare sector.

Threat actors have launched a new phishing campaign leveraging Amazon Web Services in an effort to avert security scans, according to TechRepublic.

Scammers will delay being detected as a malicious site by restricting which people see the malicious page and which ones are instead directed to a clean “legit” page.