New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros. Security researchers at Avanan have discovered a new attack method... Read more »
New Calendar Invitations as Phishbait Attack Wave

New Calendar Invitations as Phishbait Attack Wave

BleepingComputer warns that cybercriminals are using calendar invites to send phishing links to Wells Fargo customers. Researchers at Abnormal Security discovered this phishing campaign in mid-June, and it’s targeted more than 15,000... Read more »
New Calendar Invitations as Phishbait Attack Wave

WARNING: The List of Ransomware-Turned-Data Breach Operators is Getting Long

Seeing a better opportunity to generate more “revenue” from their victims, the idea of ransomware also exfiltrating data to be used to extort the payment is gaining steam. Ransomware started as little... Read more »
Pyongyang's Phishing with Job Offers

Pyongyang’s Phishing with Job Offers

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, according to researchers... Read more »