SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign. “Researchers at Intel471 have identified a new malicious document builder that has gone from a new, relatively unknown exploit to being incorporated into the attack chains of top cybercriminal groups in less than a year. The builder, dubbed EtterSilent, comes in two flavors: one version exploits an old remote code execution vulnerability in Microsoft Office and another uses a Macro-based exploit and is designed to look like DocuSign, a popular software program that allows individuals or businesses to electronically sign documents.”
The Register: Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020
The Register: Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020. “In a post published today, Palo Alto’s Unit 42 threat intel division said COVID-themed phishing lure URLs ‘largely centered around Personal Protective Equipment (PPE) and testing kits in March 2020, government stimulus programs from April through the summer 2020 (including a fake US Trading Commission website that posed as the US Federal Trade Commission in order to steal user credentials) and vaccines from late fall 2020 onward.’ It added that it had seen 69,950 phishing URLs between January 2020 and January 2021 which focused on ‘COVID-related topics’.”
BetaNews: Phishing campaign uses US tax season to lure victims . “Researchers at Cybereason have detected a new campaign targeting US taxpayers with documents that purport to contain tax-related content. These deliver NetWire and Remcos — two powerful and popular RATs which can allow attackers to take control of the victims’ machines and steal sensitive information. The malicious documents used are roughly 7MB in size, which allows them to evade traditional AV mechanisms and heuristic detection.”
ZDNet: Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests. “The case is a countersuit to a Facebook filing from November 30, 2020, when the social network used a UDRP (Uniform Domain-Name Dispute-Resolution) request to force domain name registrar Namecheap to hand over several domain names that were mimicking Facebook and Instagram brands.”
CNET: COVID-19 vaccines offered by email or text? How to identify a phishing scam. “Online scammers have used crises and major events to con people for years. The pandemic has created an appealing situation because the entire world is aware of the disease and the hardship it’s caused in everyone’s lives. On top of that, the virus has pushed many work from from home offices, where they still have access to sensitive workplace information. From a criminal’s perspective, it’s a great opportunity to get lots of people to act against their better judgment.”
New York Times: Why on Earth Is Someone Stealing Unpublished Book Manuscripts?. “It isn’t clear who the thief or thieves are, or even how they might profit from the scheme. High-profile authors like Margaret Atwood and Ian McEwan have been targeted, along with celebrities like Ethan Hawke. But short story collections and works by little-known debut writers have been attacked as well, even though they would have no obvious value on the black market. In fact, the manuscripts do not appear to wind up on the black market at all, or anywhere on the dark web, and no ransoms have been demanded. When copies of the manuscripts get out, they just seem to vanish. So why is this happening?”
Bleeping Computer: New tool lets attackers easily create reply-chain phishing emails. “A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim’s inbox. By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server.”
Washington Post: The company email promised bonuses. It was a hoax — and Tribune Publishing employees are furious.
Washington Post: The company email promised bonuses. It was a hoax — and Tribune Publishing employees are furious.. “Employees of the Tribune Publishing Company were momentarily thrilled Wednesday after they received a company email announcing that they were each getting a bonus of up to $10,000, to ‘thank you for your ongoing commitment to excellence.’ To see how big their bonus would be, they just had to click on a link that … well, that’s when they learned they had failed the test. And there was no bonus at all.” I understand the need for enterprises to test security, but what a garbage thing to do.
Better Business Bureau: BBB Scam Alert: Photo sharing message phishes for your Google password. “Don’t let your curiosity get the better of you. A new scam appears to be an email from Google, informing you that someone has shared a photo album with you. But it’s really a phishing scheme that’s after your password.”
KTAR: Voice phishing scams are on the rise as more people work from home. “The term ‘vishing’ refers to ‘voice phishing’ scams, which have grown in popularity lately, since so many people are working from home during the pandemic.”
CNET: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams. “Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. That’s what happened at Twitter in July, where the company says hackers targeted employees on their phones. Spear-phishing attacks also often take place over email. Hackers usually send targets an ‘urgent’ message and include credible-sounding information specific to you, like something that could have come from your own tax return, social media account or credit card bill. These scams aim to override any red flags you might notice about the email with details that make the sender sound legitimate.”
CNET: Democrats are warned that hackers are after their Facebook accounts, report says. “An alert from the committee’s security team, reported by CNN, said emails designed to look as if they’re from Facebook tell users that their pages have been deactivated because of a term violation. The email then directs those users to a fake Facebook website, where they’re told to provide personal information to appeal the deactivation.”
BuzzFeed News: A Security Breach Exposed More Than One Million DNA Profiles On A Major Genealogy Database
BuzzFeed News: A Security Breach Exposed More Than One Million DNA Profiles On A Major Genealogy Database. “First GEDmatch, the DNA database that helped identify the Golden State Killer, was hacked. Then email addresses from its users were used in a phishing attack on another leading genealogy site.”