The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. Black Basta is a ransomware operation active since April 2022 and responsible for hundreds of attacks against corporations worldwide. (BleepingComputer)
|
“Posing as IT support staff on Microsoft Teams is a novel approach, exploiting the fact that many Intercompany communications platforms now allow third-party vendor access. Using the platform's more casual conversation familiarity to build trust with employees, this new strategy is the perfect example of evolving threats to companies and end users. Adversaries continually find new ways to effectively circumvent traditional defenses, posing a significant challenge for organizations relying solely on perimeter-based security measures or outdated training. Proper Social Engineering training for employees and contractors, and a rigorous vetting program for allowing third party vendors on your Intercompany communication platforms is prudent for all organizations, big or small.” – Andrew Tucker, Tier 3 SOC Analyst at Ingalls Information Security |
An investigation by French newspaper Le Monde found that the highly confidential movements of U.S. President Joe Biden, presidential rivals Donald Trump and Kamala Harris, and other world leaders can be easily tracked online through a fitness app that their bodyguards use. (SecurityWeek)
TechCrunch reports that major Japanese electronics manufacturing firm Casio has disclosed uncertainty in its recovery from a ransomware attack earlier this month as many of its systems continued to be inoperable. (MSSP Alert)
Cisco has disabled public access to one of its DevHub environments after threat actors downloaded some customer data from the site and put it up for sale on a cybercrime forum. (Dark Reading)
Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. (Ars Technica)
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. (Dark Reading)
Apple has introduced new tools and launched a virtual research lab to enable public inspection and verification of the security and privacy claims of the Private Cloud Compute technology integrated into modern iPhones. (SecurityWeek)