Security
Headlines
HeadlinesLatestCVEs

Headline

Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token

It’s a legitimate access token, stolen from a third-party contractor, that lets the attackers send phishing emails from kaspersky.com email addresses.

Threatpost
#Hacks#Web Security#amazon#git

Related news

Office 365 Phishing Campaign Abuses Stolen Amazon SES Token

Stolen access token leveraged in phishing campaign that spoofs brand name email addresses.

CVE-2021-29844: IBM X-Force Exchange

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2021-29844: IBM Jazz Team Server products server-side request forgery CVE-2021-29844 Vulnerability Report

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Google details cookie stealer malware campaign targeting YouTubers

By Waqas Google attributed the malware campaign to a group of attackers recruited via a Russian-language hacker forum. This is a post from HackRead.com Read the original post: Google details cookie stealer malware campaign targeting YouTubers

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.

CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

75K Email Inboxes Hit in New Credential Phishing Campaign

Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says.

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.

Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers

The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.

Groove Ransomware Gang Tries New Tactic to Attract Affiliates

The threat group, which leaked some 500,000 credentials for Fortinet SSL VPN devices, views ransomware as just one way to profit from compromised networks, experts say.

Threatpost: Latest News

Student Loan Breach Exposes 2.5M Records