Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Microsoft warns that a fake ChatGPT desktop app was used to deliver PipeMagic malware, linked to ransomware attacks…...

PT-2024-7437

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sequoia 15 Description A security issue exists in macOS related to deficiencies in access control. Exploitation of this issue may allow an attacker to bypass privacy settings. Microsoft discovered this flaw, dubbed "HM...

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines VMs for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can...

Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily

An open source adversary-in-the-middle AiTM phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. The Microsoft Threat Intelligence team is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101...

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced...

Tech support scammers target Microsoft users with fake Office 365 USB sticks

Microsoft is a hot target for scammers and acts of fraud. For example, tech support scam websites cover themselves in Windows branding and messages. Phone scammers claim to be calling directly from Microsoft. If its not a Bill Gates themed lottery spam mail in your mailbox, its a fake Excel...

What SMBs can do to protect against Log4Shell attacks

As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell CVE-2021-44228, aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event...

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits th...

Hackers Using Website's Contact Forms to Deliver IcedID Malware

Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive...

Office 365 OAuth Attack Targets Coinbase Users

Office 365 users are receiving emails purporting to come from cryptocurrency platform Coinbase, which ask them to download updated Terms of Service via an OAuth consent app. But when they agree to do so, users are unknowingly giving attackers full access to their email. OAuth is an open standard...

Dexphot Malware Hijacks 80K+ Devices to Mine Cryptocurrency

Microsoft is warning of malware, Dexphot, that has infected more than 80,000 machines, sucking up their CPU power in order to mine cryptocurrency. Researchers first discovered Dexphot in October 2018 and saw its activity peak during July. They said that the malware has a complex attack chain and...

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group o...

Latest Tax Scams Include Phishing Lures, Malware

Microsoft warned Monday this year’s crop of tax scams are using social engineering attacks based on fear to spread Zdowbot and Omaneat banking Trojans and collect personal info via spoofed tax sites linked to from phishing campaigns. The warning comes with less than a month before the April 18 ta...

Malicious Firefox, Chrome Extensions Target Facebook Users

Facebook users are being warned of malicious Firefox and Chrome extensions that can give an attacker remote control over a Facebook profile. Microsoft has seen an increase in activity around these extensions, in particular in Brazil. The threat is detected as Trojan:JS/Febipos.A and has been...

Apple Ships Java Patches, Says It May Drop Java From Future OS X Releases

Apple has shipped security fixes for a number of bugs in its Java implementation, and the company also said that it has deprecated its Java implementation in OS X and may remove it from future release of the operating system. Apple’s patch release on Wednesday included several fixes for...