By Habiba Rashid
 The report highlights the fact that cybersecurity is essential for brand protection.
This is a post from HackRead.com Read the original post: Check Point Research: Microsoft the Most Phished Brand in Q2 2023

Technology giants like Google and Apple are also among the top brands impersonated in Q2 2023 phishing attacks, Check Point Research finds.

Check Point Research (CPR) has released its highly anticipated Brand Phishing Report for the second quarter of 2023. The report reveals a shift in cybercriminal tactics, with three major technology companies dominating the list of most frequently imitated brands. The report also highlights the fact that **cybersecurity is essential for brand protection**.

Should this come as a surprise? Not at all. The prevalence of malicious Office documents accounted for 43% of all malware downloads **in 2020**. During the 3rd quarter of that year, approximately 38% of all downloadable malware was discovered concealed within Microsoft Office documents.

Microsoft, the global technology giant, claimed the top spot with a staggering 29% of all **brand phishing attempts** during Q2. This marks a significant leap for Microsoft, which had previously held the third position in the first quarter of the year.

A recently spotted phishing scam aiming at login credentials of Microsoft and Adobe users

The rise in phishing attempts can be attributed to a targeted campaign aimed at Microsoft account holders, wherein cybercriminals sent fraudulent messages regarding unusual sign-in activity.

These deceptive emails appeared to originate from within the company and included detailed information about the alleged security breach, leading users to malicious websites to steal their credentials and personal information.

**Google and Apple**

Google secured the second position, accounting for 19.5% of brand phishing attempts. Meanwhile, Apple made its debut on the list, featuring in 5.2% of phishing events during the last quarter. The technology sector itself was the most impersonated industry, followed closely by banking and social media networks.

Gmail phishing page targeting Windows users

The **report** also highlighted a worrisome trend concerning the finance industry. American banking organization Wells Fargo ranked fourth this quarter, becoming a prime target for cybercriminals through a series of malicious emails requesting account information. Other notable brands impersonated in phishing attempts included Amazon, Walmart, Roblox, LinkedIn, Home Depot, and Facebook.

Omer Dembinsky, Data Group Manager at Check Point Software, emphasized the need for vigilance when dealing with suspicious emails, stating, “While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do. This is why we all must commit to stop and review, taking a moment before clicking on any link we don’t recognize.”

Brand phishing attacks involve cybercriminals imitating well-known brands, and deploying deceptive domains and web page designs that **resemble genuine sites** to steal users’ personal data, credentials, or payment details. These attacks can be delivered through emails, text messages, or fraudulent mobile applications.

The top phishing brands for Q2 2023 were as follows:

1.  Microsoft (29%)
2.  Google (19.5%)
3.  Apple (5.2%)
4.  Wells Fargo (4.2%)
5.  Amazon (4%)
6.  Walmart (3.9%)
7.  Roblox (3.8%)
8.  LinkedIn (3%)
9.  Home Depot (2.5%)
10.  Facebook (2.1%)

Cybersecurity experts stress the importance of being cautious and conducting due diligence before interacting with any unfamiliar links or providing personal information online. As cybercriminals continue to evolve their tactics, proactive measures and advanced security technologies become increasingly vital in the **fight against brand phishing**.

**RELATED ARTICLES**

1.  4 Essential Facets of Brand Protection
2.  42,000 phishing domains found mimicking popular brands
3.  16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar
4.  Google, Microsoft &Oracle generated most vulnerabilities in 2021
5.  Microsoft, PayPal & Facebook most targeted phished brands- 2019

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Check Point Research: Microsoft the Most Phished Brand in Q2 2023

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

From TikTok to Huawei routers to DJI drones, rising tensions between China and the US have made Americans—and the US government—increasingly wary of Chinese-owned technologies. But thanks to the complexity of the hardware supply chain, encryption chips **sold by the subsidiary of** a company specifically flagged in warnings from the US Department of Commerce for its ties to the Chinese military have found their way into the storage hardware of military and intelligence networks across the West.

In July of 2021, the Commerce Department's Bureau of Industry and Security added the Hangzhou, China-based encryption chip manufacturer Hualan Microelectronics, also known as Sage Microelectronics, to its so-called “Entity List,” a vaguely named trade restrictions list that highlights companies “acting contrary to the foreign policy interests of the United States.” Specifically, the bureau noted that Hualan had been added to the list for “acquiring and ... attempting to acquire US-origin items in support of military modernization for \[China's\] People's Liberation Army.”

Yet nearly two years later, Hualan—and in particular its subsidiary known as Initio, a company originally headquartered in Taiwan that it acquired in 2016—still supplies encryption microcontroller chips to Western manufacturers of encrypted hard drives, including several that list as customers on their websites Western governments' aerospace, military, and intelligence agencies: NASA, NATO, and the US and UK militaries. Federal procurement records show that US government agencies from the Federal Aviation Administration to the Drug Enforcement Administration to the US Navy have bought encrypted hard drives that use the chips, too.

The disconnect between the Commerce Department’s warnings and Western government customers means that chips sold by Hualan’s subsidiary have ended up deep inside sensitive Western information networks, perhaps due to the ambiguity of their Initio branding and its Taiwanese origin prior to 2016. The chip vendor’s Chinese ownership has raised fears among security researchers and China-focused national security analysts that they could have a hidden backdoor that would allow China’s government to stealthily decrypt Western agencies’ secrets.

“If a company is on the Entity List, it’s because the US government says this company is actively supporting another country’s military development,” says Dakota Cary, a China-focused research fellow at the Atlantic Council, a Washington, DC-based think tank. “It's saying you should not be purchasing from them, not just because the money you’re spending is going to a company that will use those proceeds in the furtherance of another country’s military objectives, but because you can’t trust the product.”

Technically, the Entity List is an “export control” list, says Emily Weinstein, a researcher at Georgetown University's Center for Security and Emerging Technology. That means US organizations are forbidden from exporting components _to_ companies on the list, rather than importing components _from_ them. But Cary, Weinstein, and the Commerce Department note that it's often used as a de facto warning to US customers not to buy from a listed foreign company, either. Both networking firm Huawei and drone-maker DJI have been added to the list, for instance, for their alleged ties to the Chinese military. “It’s used somewhat as a blacklist,” says Weinstein. “The Entity List should be a red or maybe a yellow alert to anyone in the US government who’s working with this company to take a second look at this.”

When WIRED reached out to the Commerce Department's Bureau of Industry and Security, a spokesperson responded that the BIS is restricted by law from commenting to the press on specific companies and that a company's unlisted subsidiary—like Initio—isn't technically affected by the Entity List's legal restrictions. But the spokesperson added that “as a general matter, affiliation with an Entity Listed party should be considered a ‘red flag.’”

Hualan's Initio chips are used in encrypted storage devices as so-called bridge controllers, sitting between the USB connection in a storage device and memory chips or magnetic drive to encrypt and decrypt data on a USB thumbdrive or external hard drive. Security researchers' teardowns have shown that storage device manufacturers including Lenovo, Western Digital, Verbatim, and Zalman have all at times used encryption chips sold by Initio.

But three lesser-known hard drive manufacturers, in particular, also integrate the Initio chips and list Western government, military, and intelligence agencies as customers. The Middlesex, UK-based hard drive maker iStorage lists on its website customers including NATO and the UK Ministry of Defence. South Pasadena, California-based SecureDrive lists as customers the US Army and NASA. And US federal procurement records show that Poway, California-based Apricorn has sold its encrypted storage products—which use Initio chips—to NASA, the Navy, the FAA, and the DEA, among many others.

The encryption features enabled by Initio chips in those drives are designed to protect their data against compromise if the drives are physically accessed, lost, or stolen. But the security of that encryption feature essentially depends on trusting the chip's designer, cryptography experts warn. If there were a secret vulnerability or intentional backdoor in the chips, it would allow anyone who lays hands on any drives that use them—drives are often marketed for use “in the field”—to defeat that feature. And that backdoor could be very, very difficult to detect, cryptographers note, even on the closest inspection.

“In the end, it's a matter of trust, whether you actually trust this vendor and its components with all your sensitive data,” says Matthias Deeg, a security researcher at German cybersecurity firm Syss, who has analyzed the Initio chips. “These kinds of microcontrollers are a black box to me and every other researcher trying to understand how this device is working.”

Last year, Deeg analyzed the first firmware of a Verbatim secure USB thumbdrive that uses an Initio chip and found multiple security vulnerabilities: One allowed him to quickly bypass a fingerprint reader or PIN on the drives and access any “administrative” password that had been set for the drives, a master password feature designed to allow IT administrators to decrypt users' devices. Another flaw allowed him to “brute-force” the decryption key for the drives, deriving the key to access their contents in at most 36 hours.

Deeg says that Initio has since fixed those vulnerabilities. But more troubling, he says, was how tough it was to do that analysis of the devices' firmware. The code had no public documentation, and Hualan didn't respond to his requests for more information. Deeg says the lack of transparency points to how difficult it would be to find a hardware-based backdoor in the chips, such as a minuscule component hidden in their physical design to allow for surreptitious decryption.

He notes, too, that there's no way of knowing whether the vulnerabilities he found were accidental. “Is it better to have a hidden backdoor,” Deeg asks, “or one that is more visible but can be attributed to negligence by the developer?”

Hualan didn't respond to WIRED's multiple requests for comment. But iStorage, the UK-based encrypted hard drive maker that uses Initio chips, told WIRED that its storage devices' architecture means that users don't have to trust Hualan or its Initio subsidiary because the private keys used to encrypt and decrypt data stored on them are generated and stored by a separate chip that comes from a different, France-based manufacturer, and the Initio chip never stores that key. “I appreciate concerns with using Chinese technology, but we’re very confident that even though we’re using these chips, our products cannot be hacked, even by Initio or Hualan,” iStorage's CEO John Michael says. (Michael also noted that some of iStorage products use a chip sold by Taiwanese firm Phison instead of Hualan or Initio, but didn't specify which products.)

Even if a bridge controller chip doesn't create a secret key and isn't intended to store it, however, it still has enough access to it to enable a backdoor, says Matthew Green, a cryptography-focused computer science professor at Johns Hopkins University. After all, a bridge controller performs the encryption and decryption using that secret key, and so could either secretly exfiltrate and store it or furtively encrypt the data with its own, different key. “If the chip has the key and does the encryption, there is a possibility of malfeasance,” Green says.

iStorage also passed on a statement from Initio pointing out that Initio isn't specifically named on Commerce's Entity List, and arguing that Hualan's inclusion on the list doesn't apply to Initio. But the Atlantic Council's Cary argues—echoing the Commerce spokesperson's “red flag” comment to WIRED—that wholly owned subsidiaries of companies on the list are generally considered to effectively be on the list, too. “I don’t buy that line of argument,” Cary says of Initio's claim to not be affected by the Entity List, pointing out that otherwise the list's restrictions could be easily circumvented through the use of subsidiary companies. “If the company that owns you is on the Entity List, you’re included.”

WIRED also reached out to Hualan and Initio customers including NATO, NASA, the US Navy and Army, the DEA, and the FAA. Of those that responded, none would comment on what hardware they buy. But statements from NATO, the US Navy, and the UK Ministry of Defence all repeated that they carefully vet the security of the technology they use. “We have policies in place to address supply chain risk management, as well as established security standards to ensure all procured commercial products and services are inspected for security vulnerabilities,” read a statement from the US Navy, for instance. An FAA spokesperson said the agency complies with government regulations like the National Defense Authorization Act related to the purchase of hardware, but didn't answer questions about purchasing components from companies on Commerce's Entity List.

In fact, several of the encrypted hard drives that use Hualan's and Initio's chips tout that they do have cybersecurity certification from the National Institute of Standards and Technology such as the FIPS 140-2 standard. But Johns Hopkins' Green notes that for that level of certification, NIST generally only checks for accidental vulnerabilities in cryptographic products, not intentionally hidden ones created by a determined adversary.

“These backdoors can be so subtle and clever, and there’s so many ways to do them that you may not even see in the code,” Green says. “It would really shock me if any of these tests are assuming an untrusted manufacturer.”

The mere fact that so many Western government agencies are buying products that include chips **sold by the subsidiary of** a company on the Commerce Department's trade restrictions list points to the complexities of navigating the computing hardware supply chain, says the Atlantic Council's Cary. “At minimum, it's a real oversight. Organizations that should be prioritizing this level of security are apparently not able to do so, or are making mistakes that have allowed for these products to get into their environments,” he says. “It seems very significant. And it’s probably not a one-off mistake.”

How Shady Chinese Encryption Chips Got Into the Navy, NATO, and NASA

Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS).

*   Home
*   Advisory
*   CVE-2019-5508 L2ping Denial of Service Vulnerability in Clustered Data ONTAP 9.2 and higher

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Advisory ID:** NTAP-20191024-0001 **Version:** 2.0 **Last updated:** 12/03/2019 **Status:** Final. **CVEs:** CVE-2019-5508

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2021 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2019-5508: CVE-2019-5508 L2ping Denial of Service Vulnerability in Clustered Data ONTAP 9.2 and higher

NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.

*   Home
*   Advisory
*   CVE-2021-27007 Remote Code Execution Vulnerability in NetApp Virtual Desktop Service (VDS)

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Advisory ID:** NTAP-20211223-0008 **Version:** 1.0 **Last updated:** 12/23/2021 **Status:** Final. **CVEs:** CVE-2021-27007

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2021 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2021-27007: CVE-2021-27007 Remote Code Execution Vulnerability in NetApp Virtual Desktop Service (VDS)

Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period.

*   Home
*   Advisory
*   CVE-2022-23241 Arbitrary WORM Data Modification Vulnerability in ONTAP 9.11.1

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Advisory ID:** NTAP-20221017-0001 **Version:** 1.0 **Last updated:** 10/17/2022 **Status:** Final. **CVEs:** CVE-2022-23241

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2022-23241: CVE-2022-23241 Arbitrary WORM Data Modification Vulnerability in ONTAP 9.11.1

E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.

*   Home
*   Advisory
*   CVE-2022-23237 Host Header Injection Vulnerability in E-Series SANtricity OS Controller Software 11.x

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Advisory ID:** NTAP-20220527-0002 **Version:** 1.0 **Last updated:** 05/27/2022 **Status:** Final. **CVEs:** CVE-2022-23237

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2022-23237: CVE-2022-23237 Host Header Injection Vulnerability in E-Series SANtricity OS Controller Software 11.x

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

*   Home
*   Advisory
*   CVE-2022-23236 Information Disclosure Vulnerability in E-Series SANtricity OS Controller Software 11.x

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Advisory ID:** NTAP-20220527-0001 **Version:** 1.0 **Last updated:** 05/27/2022 **Status:** Final. **CVEs:** CVE-2022-23236

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2022-23236: CVE-2022-23236 Information Disclosure Vulnerability in E-Series SANtricity OS Controller Software 11.x

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

*   Home
*   Advisory
*   CVE-2022-23238 Firewall Vulnerability in StorageGRID (formerly StorageGRID Webscale)

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Advisory ID:** NTAP-20220808-0001 **Version:** 1.0 **Last updated:** 08/08/2022 **Status:** Final. **CVEs:** CVE-2022-23238

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2022-23238: CVE-2022-23238 Firewall Vulnerability in StorageGRID (formerly StorageGRID Webscale)

SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.

*   Home
*   Advisory
*   CVE-2023-1096 Authentication Bypass Vulnerability in SnapCenter

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Subscribe to NTAP-20230511-0011 updates**

**Unsubscribe from NTAP-20230511-0011 advisory updates**

**Advisory ID:** NTAP-20230511-0011 **Version:** 1.0 **Last updated:** 05/11/2023 **Status:** Final. **CVEs:** CVE-2023-1096

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

CVE-2023-1096: CVE-2023-1096 Authentication Bypass Vulnerability in SnapCenter

NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector.

*   Home
*   Advisory
*   CVE-2023-27311 Information Disclosure Vulnerability in NetApp BlueXP Connector

circle-check-alt This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

**Subscribe to NTAP-20230525-0001 updates**

**Unsubscribe from NTAP-20230525-0001 advisory updates**

**Advisory ID:** NTAP-20230525-0001 **Version:** 1.0 **Last updated:** 05/25/2023 **Status:** Final. **CVEs:** CVE-2023-27311

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp. © 2022 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us