Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions. “A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.”

Ars Technica: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

Ars Technica: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail. “A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.”

Ars Technica: Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz

Ars Technica: Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz. “Attackers suspected of working for the Russian government masqueraded as a US State Department official in an attempt to infect dozens of organizations in government, military, defense contracting, media, and other industries, researchers from security firm FireEye warned on Monday.”

Ars Technica: Microsoft shuts down phishing sites, accuses Russia of new election meddling

Ars Technica: Microsoft shuts down phishing sites, accuses Russia of new election meddling. “Russia has denied any knowledge of a spear phishing attempt that allegedly mimicked the domains of the US Senate and two US-based think tanks. Russia’s denial came after Microsoft said it detected and shut down the campaign.”

Krebs on Security: The Year Targeted Phishing Went Mainstream

Krebs on Security: The Year Targeted Phishing Went Mainstream. “It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness.”

Report: Chinese government is behind a decade of hacks on software companies (Ars Technica)

Ars Technica: Report: Chinese government is behind a decade of hacks on software companies. “Researchers said Chinese intelligence officers are behind almost a decade’s worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia, and elsewhere. The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts. In the process, they made serious operational security errors that revealed key information about their targets and possible location.”

TechCrunch: Russian hackers are targeting U.S. Senate email accounts

TechCrunch: Russian hackers are targeting U.S. Senate email accounts. “According to a new report, the same group that hacked the Democratic National Committee actively targeted the U.S. Senate through the latter half of 2017. The revelation comes out of a new report from Trend Micro, a Japanese firm that has revealed similar phishing schemes taking aim at foreign governments in the past. As the security report details, the activity began in June 2017 and attempted to compromise a lawmaker’s credentials through a phishing site designed to look like the Senate’s internal email system.”