minute read
Share this article:
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.
A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways (SEGs). In a post on Tuesday, the firm said that this is an example of why it’s not always prudent to share documents via Microsoft’s hugely popular, widely used SharePoint collaboration platform.
The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature. The campaign cropped up in a spot that’s supposed to be protected by Microsoft’s own SEG. This isn’t the first time that we’ve seen the SEG sanctuary get polluted:: In December, spearphishers spoofed Microsoft.com itself to target 200 million Office 365 users, successfully slipping
Hackers Threaten to Leak D.C. Police Informants Info If Ransom Is Not Paid
The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack.
The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police s networks and stolen 250 GB of unencrypted files. Screenshots shared by the group, and seen by The Hacker News, include various folders containing what appears to be investigation reports, arrests, disciplinary actions, and other intelligence briefings.
Also called the DC Police, the MPD is the primary law enforcement agency for the District of Columbia in the U.S.
The RaaS developers thumbed their noses at police, saying “We find 0 day before you.”
The Babuk gang of threat actors claims to have stolen more than 250 gigabytes of data from the Washington D.C. Metropolitan Police Department (MPD) on Monday, including police reports, internal memos, and arrested people’s mug shots and personal details.
According to Vice, the attackers published the claim and the data on the official Babuk site. They also criticized the MPD’s security, and taunted the law enforcement agency by saying that “We find 0 day before you” in its demand note, and threatened to publish yet more data if their extortion demands aren’t met.
Over 50% Increase of Unique Cyber Threats in the Wild in 2020, Cymulate s Continuous Security Testing Report Reveals
USA - English
News provided by
Share this article
Share this article
NEW YORK and RISHON LETZION, Israel, March 3, 2021 /PRNewswire/ Cymulate, the only SaaS-based Continuous Security Validation platform to operationalize the MITRE ATT&CK® framework end-to-end, announced today a summary of its platform usage in 2020, illustrating the dramatic influence of the global pandemic on the security landscape.
Highlights include:
A significant uplift in awareness of phishing attacks across all industries as employees improved their high-risk score from 66.3 in 2019 to a new low of 18.1 in 2020 (on a scale of 0-100).
Cymulate Integrates with Microsoft Defender for Endpoint
USA - English
News provided by
Share this article
NEW YORK and RISHON LETZION, Israel, Jan. 28, 2021 /PRNewswire/ Cymulate, one of the only SaaS-based Continuous Security Validation platform to operationalize the entire MITRE ATT&CK® framework, today announced that it has joined the Microsoft Intelligent Security Association and has integrated Cymulate with Microsoft Defender for Endpoint. These integrations streamline the process of continuous security validation and prioritize remediation efforts, delivering operational efficiencies and better security to Microsoft customers.
Cymulate Integrates with Microsoft Defender ATP
The integration with Microsoft Defender for Endpoint capabilities enables organizations to assess and optimize its protection and detection capabilities against evolving threats. Cymulate correlates EDR findings with hacking techniques, behavior-based attacks and malware launched from the Cymula