Dropbox users targeted by devious new phishing campaign
Published October 4, 2023
Cybersecurity researchers from Checkpoint have recently observed a brand new phishing campaign that abuses cloud storage platform Dropbox to get people to click on malicious links.
The campaign is widespread, “nearly impossible for email security services to stop,” and equally difficult for victims to identify, the company said in its report.
Their suggested course of action? A pinch of suspiciousness, and a lot of common sense. In the campaign, the unnamed threat actors create a Dropbox account and host a seemingly benign document. The document looks like a file from OneDrive and has a “view document” button on it, which leads the reader to a third-party host site, hosting the malicious, credential-harvesting page.
Read the complete article here at: Dropbox users targeted by devious new phishing campaign | TechRadar
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit
PUBLISHED September 9, 2023
Hundreds of threat actor groups are using a highly advanced phishing kit to target corporate Microsoft 365 accounts, with relative success, according to a new report from cybersecurity experts Group-IB.
The phishing kit is called W3LL, and it’s been in development since at least 2017. In that time, the kit grew and improved, and with it – its popularity rose, with more than 500 groups currently using it.
Those groups have managed to create roughly 850 phishing campaigns, which sought to steal Microsoft 365 credentials from more than 56,000 accounts. Apparently, they succeeded in some 8,000 instances. The result is, the researchers say, “millions of dollars” in financial losses, and possibly millions of files stolen from endpoints.
Read the complete article here at: Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
UPS discloses data breach
Global shipping giant UPS has confirmed it has experienced a data breach that may have exposed some customer data.
According to Emsisoft threat analyst Brett Callow, who announced the discovery via Twitter, customers have been receiving a letter from UPS which says, “UPS is aware that some package recipients have received fraudulent text messages demanding payment before a package can be delivered.”
Despite promises to be investigating via an internal review, and the subsequent revelation of how the scammer got hold of customer information, UPS has been scrutinized for the way it handled the event.
Read the complete article here at: UPS discloses data breach after exposed customer info used in SMS phishing | TechRadar
Call KC Micro Specialists to Prevent, Protect and Prevail Against Ransomware Threats.
Ransomware attacks worldwide have gone up by 102% in 2021 as compared to 2020. You must avoid becoming a victim by gathering actionable knowledge to strengthen your cyber resilience against ransomware threats.
What we will do for you:
- Prevent by building a multi-layered defense with powerful security solutions
- Protect by managing and securing all IT endpoints, keeping IT documentation intact, and mitigating cyber threats with the right expert support
- Prevail by eliminating ransomware, data loss and downtime with Cisco Security, adding immutability safeguards, and leveraging automation for fast prevention stopping the attack.
Is your business safe here in the Kansas City area? Contact KC Micro Specialists to review your company’s Email & Network Security today!
We offer a full solution featuring the best from Cisco Network Products:
>>>>>> Click here to schedule at call. <<<<<<<<