SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign

SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign. “Researchers at Intel471 have identified a new malicious document builder that has gone from a new, relatively unknown exploit to being incorporated into the attack chains of top cybercriminal groups in less than a year. The builder, dubbed EtterSilent, comes in two flavors: one version exploits an old remote code execution vulnerability in Microsoft Office and another uses a Macro-based exploit and is designed to look like DocuSign, a popular software program that allows individuals or businesses to electronically sign documents.”

The Register: Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020

The Register: Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020. “In a post published today, Palo Alto’s Unit 42 threat intel division said COVID-themed phishing lure URLs ‘largely centered around Personal Protective Equipment (PPE) and testing kits in March 2020, government stimulus programs from April through the summer 2020 (including a fake US Trading Commission website that posed as the US Federal Trade Commission in order to steal user credentials) and vaccines from late fall 2020 onward.’ It added that it had seen 69,950 phishing URLs between January 2020 and January 2021 which focused on ‘COVID-related topics’.”

BetaNews: Phishing campaign uses US tax season to lure victims

BetaNews: Phishing campaign uses US tax season to lure victims . “Researchers at Cybereason have detected a new campaign targeting US taxpayers with documents that purport to contain tax-related content. These deliver NetWire and Remcos — two powerful and popular RATs which can allow attackers to take control of the victims’ machines and steal sensitive information. The malicious documents used are roughly 7MB in size, which allows them to evade traditional AV mechanisms and heuristic detection.”

ZDNet: Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests

ZDNet: Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests. “The case is a countersuit to a Facebook filing from November 30, 2020, when the social network used a UDRP (Uniform Domain-Name Dispute-Resolution) request to force domain name registrar Namecheap to hand over several domain names that were mimicking Facebook and Instagram brands.”

CNET: COVID-19 vaccines offered by email or text? How to identify a phishing scam

CNET: COVID-19 vaccines offered by email or text? How to identify a phishing scam. “Online scammers have used crises and major events to con people for years. The pandemic has created an appealing situation because the entire world is aware of the disease and the hardship it’s caused in everyone’s lives. On top of that, the virus has pushed many work from from home offices, where they still have access to sensitive workplace information. From a criminal’s perspective, it’s a great opportunity to get lots of people to act against their better judgment.”

New York Times: Why on Earth Is Someone Stealing Unpublished Book Manuscripts?

New York Times: Why on Earth Is Someone Stealing Unpublished Book Manuscripts?. “It isn’t clear who the thief or thieves are, or even how they might profit from the scheme. High-profile authors like Margaret Atwood and Ian McEwan have been targeted, along with celebrities like Ethan Hawke. But short story collections and works by little-known debut writers have been attacked as well, even though they would have no obvious value on the black market. In fact, the manuscripts do not appear to wind up on the black market at all, or anywhere on the dark web, and no ransoms have been demanded. When copies of the manuscripts get out, they just seem to vanish. So why is this happening?”

Bleeping Computer: New tool lets attackers easily create reply-chain phishing emails

Bleeping Computer: New tool lets attackers easily create reply-chain phishing emails. “A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim’s inbox. By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server.”

Washington Post: The company email promised bonuses. It was a hoax — and Tribune Publishing employees are furious.

Washington Post: The company email promised bonuses. It was a hoax — and Tribune Publishing employees are furious.. “Employees of the Tribune Publishing Company were momentarily thrilled Wednesday after they received a company email announcing that they were each getting a bonus of up to $10,000, to ‘thank you for your ongoing commitment to excellence.’ To see how big their bonus would be, they just had to click on a link that … well, that’s when they learned they had failed the test. And there was no bonus at all.” I understand the need for enterprises to test security, but what a garbage thing to do.

Daily Dot: Don’t click that USPS text you just got—it’s a scam

Daily Dot: Don’t click that USPS text you just got—it’s a scam. “Receiving USPS text messages about an unclaimed package? Don’t click the link. Text messages purporting to be from the United States Postal Service (USPS) have been hitting phones all across the country this week, asking recipients to claim a package. But the texts are not from the USPS and are part of a wide-scale phishing scam, designed to steal users’ personal information.”

CNET: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams

CNET: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams. “Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. That’s what happened at Twitter in July, where the company says hackers targeted employees on their phones. Spear-phishing attacks also often take place over email. Hackers usually send targets an ‘urgent’ message and include credible-sounding information specific to you, like something that could have come from your own tax return, social media account or credit card bill. These scams aim to override any red flags you might notice about the email with details that make the sender sound legitimate.”

CNET: Democrats are warned that hackers are after their Facebook accounts, report says

CNET: Democrats are warned that hackers are after their Facebook accounts, report says. “An alert from the committee’s security team, reported by CNN, said emails designed to look as if they’re from Facebook tell users that their pages have been deactivated because of a term violation. The email then directs those users to a fake Facebook website, where they’re told to provide personal information to appeal the deactivation.”

Tom’s Guide: Don’t fall for this Google Chrome email update scam

Tom’s Guide: Don’t fall for this Google Chrome email update scam. “The latest wave of attacks involved 18,000 malicious emails sent in June and July to recipients in Canada, France, Germany, Italy, the U.K. and the U.S. The emails prompt the recipient to visit a website of interest to persons in that chosen field. The site is legitimate, but it has been corrupted by an injection of the malicious JavaScript-based framework known as SocGholish, or TA569.”