TechCrunch: DocuSign phishing campaign targets low-ranking employees

TechCrunch: DocuSign phishing campaign targets low-ranking employees. “Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization. As reported by Avanan researchers, half of all phishing emails they analyzed in recent months impersonated non-executives, and 77% of them targeted employees on the same level.”

VentureBeat: IBM finds cloud credentials sell for mere dollars in ‘booming’ dark web market

VentureBeat: IBM finds cloud credentials sell for mere dollars in ‘booming’ dark web market. “Cyberattacks have been increasing in both frequency and severity, but it’s not just because malicious actors are upping their game (though they very much are). Many cybersecurity veterans feel that the effective solutions the industry has put out over the years aren’t fully being taken advantage of, and now a new report from IBM sheds light on the ways enterprises are leaving the door wide open. It also details a ‘booming’ dark web marketplace for compromised cloud accounts, where some credentials are selling for just a few dollars.”

VentureBeat: 3 SSL VPN vulnerabilities disclosed in 2019 are still routinely exploited

VentureBeat: 3 SSL VPN vulnerabilities disclosed in 2019 are still routinely exploited. “Vulnerabilities in SSL VPN products are some of the most exploited by attackers for initial access to target networks, acting as a doorway for exploitation. Earlier this year, Tenable Research named three VPN vulnerabilities as part of its Top Five Vulnerabilities of 2020. Although all three vulnerabilities (CVE-2019-19781, CVE-2019-11510, CVE-2018-13379) were disclosed in 2019 and patched by January 2020, they continue to be routinely exploited more than halfway through 2021.”

Microsoft warns cloud customers of flaw that may have exposed databases: report (Marketwatch)

MarketWatch: Microsoft warns cloud customers of flaw that may have exposed databases: report. “Reuters reported that Microsoft warned of a major flaw in its flagship Azure Cosmos DB database service, which could allow hackers to read, change or delete data. The vulnerability was discovered by cybersecurity company Wiz, whose chief technology officer used to be CTO for Microsoft’s cloud security unit. Microsoft agreed to pay Wiz $40,000 for reporting the flaw, Reuters reported, citing an email.”

Wanted: Disgruntled Employees to Deploy Ransomware (Krebs on Security)

Krebs on Security: Wanted: Disgruntled Employees to Deploy Ransomware. “Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.”

Wired: AI Wrote Better Phishing Emails Than Humans in a Recent Test

Wired: AI Wrote Better Phishing Emails Than Humans in a Recent Test. “NATURAL LANGUAGE PROCESSING continues to find its way into unexpected corners. This time, it’s phishing emails. In a small study, researchers found that they could use the deep learning language model GPT-3, along with other AI-as-a-service platforms, to significantly lower the barrier to entry for crafting spearphishing campaigns at a massive scale.”

Wired: A New Tool Wants to Save Open Source From Supply Chain Attacks

Wired: A New Tool Wants to Save Open Source From Supply Chain Attacks. “RUSSIA’S HISTORICALLY DESTRUCTIVE NotPetya malware attack and its more recent SolarWinds cyberespionage campaign have something in common besides the Kremlin: They’re both real-world examples of software supply chain attacks. It’s a term for what happens when a hacker slips malicious code into legitimate software that can spread far and wide. And as more supply chain attacks emerge, a new open source project is angling to take a stand, making a crucial safeguard free and easy to implement.”

AP: Tool created to aid cleanup from Microsoft hack in broad use

AP: Tool created to aid cleanup from Microsoft hack in broad use. “A tool designed to help businesses protect themselves from further compromises after a global hack of Microsoft email server software has been downloaded more than 25,000 times since it was released last week, the White House’s National Security Council said Monday. As a result, the number of vulnerable systems has fallen by 45%, according to an NSC spokesperson.”

ZDNet: Microsoft releases one-click mitigation tool for Exchange Server hacks

ZDNet: Microsoft releases one-click mitigation tool for Exchange Server hacks. “Released on Monday, the tool is designed to mitigate the threat posed by four actively-exploited vulnerabilities that have collectively caused havoc for organizations worldwide. Microsoft released emergency fixes for the critical vulnerabilities on March 2. However, the company estimates that at least 82,000 internet-facing servers are still unpatched and vulnerable to attack.”

AP: Microsoft server hack has victims hustling to stop intruders

AP: Microsoft server hack has victims hustling to stop intruders. “Victims of a massive global hack of Microsoft email server software — estimated in the tens of thousands by cybersecurity responders — hustled Monday to shore up infected systems and try to diminish chances that intruders might steal data or hobble their networks. The White House has called the hack an ‘active threat’ and said senior national security officials were addressing it.”

Ars Technica: A new type of supply-chain attack with serious consequences is flourishing

Ars Technica: A new type of supply-chain attack with serious consequences is flourishing. “A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.”

CNET: Microsoft Exchange attackers strike more than 30,000 US organizations

CNET: Microsoft Exchange attackers strike more than 30,000 US organizations. “On March 2, Microsoft released an emergency security update for its Microsoft Exchange email and communications software, patching a security hole in versions of the software going back to 2013. But as customers slowly update their systems, there are signs that at least 30,000 organizations across the US have already been hit by hackers who stole email communications from their systems.”