Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

https://threatpost.com/reservation-links-prey-on-travelers/180462/

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.

https://threatpost.com/water-supplier-hit-clop-ransomware/180422/

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

https://threatpost.com/black-hat-and-def-con-roundup/180409/

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.

https://threatpost.com/zeppelin-ransomware-resurfaces/180405/

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

https://threatpost.com/threat-pivot-microsofts-macro/180319/

Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

https://threatpost.com/messaging-apps-cybercriminals/180303/

Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.

https://threatpost.com/malware-hijacks-facebook/180285/

Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica?

https://threatpost.com/contis-costa-rica/180258/

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

https://threatpost.com/magecart-restaurant-ordering-systems/180254/

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.

https://threatpost.com/google-boots-malware-marketplace/180241/

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

https://threatpost.com/h0lygh0st-ransomware-north-korea/180232/

Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.

https://threatpost.com/journalists-target-apts/180224/

Victims instructed to make a phone call that will direct them to a link for downloading malware.

https://threatpost.com/callback-phishing-security-firms/180182/

The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.

https://threatpost.com/sneaky-malware-backdoors-linux/180158/

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks.

https://threatpost.com/healthcare-maui-ransomware/180154/

Iran’s steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country’s rail system.

https://threatpost.com/cyberattack-iran-campaign/180122/

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.

https://threatpost.com/zuorat-soho-routers/180113/

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.

https://threatpost.com/a-guide-to-surviving-a-ransomware-attack/180110/

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

https://threatpost.com/mitel-voip-bug-exploited/180079/

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.

https://threatpost.com/log4shell-targeted-vmware-data/180072/

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

https://threatpost.com/fancy-bear-nuke-threat-lure/180056/

The threat actor targets institutions and companies in Europe and Asia.

https://threatpost.com/elusive-toddycat-apt-targets-microsoft-exchange-servers/180031/

Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.

https://threatpost.com/kazakh-govt-used-spyware-against-protesters/180016/

Evidence suggests that a just-discovered APT has been active since 2013.

https://threatpost.com/apt-flew-under-radar-decade/179995/

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

https://threatpost.com/linux-malware-impossible-detect/179944/

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

https://threatpost.com/potent-emotet-variant-spreads-via-stolen-email-credentials/179932/

Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.

https://threatpost.com/paying-ransomware-bullseye-back/179915/

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.

https://threatpost.com/black-basta-ransomware-qbot/179909/

Deja-Vu data from this year’s DBIR report feels like we are stuck in the movie ‘Groundhog Day.’

https://threatpost.com/old-hacks-die-hard-ransomware-social-engineering-top-verizon-dbir-threats-again/179864/

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

https://threatpost.com/evil-corp-pivots-to-lockbit-to-dodge-u-s-sanctions/179858/

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

https://threatpost.com/international-authorities-take-down-flubot-malware-network/179825/

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

https://threatpost.com/enemybot-malware-targets-web-servers-cms-tools-and-android-os/179765/

Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports.

https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

https://threatpost.com/cybergang-claims-revil-is-back-executes-ddos-attacks/179734/

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

https://threatpost.com/chaos-onyx-and-yashma-ransomware/179730/

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

https://threatpost.com/verizon-dbir-report-2022/179725/

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

https://threatpost.com/fronton-botnet-disinformation/179721/

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

https://threatpost.com/snake-keylogger-pdfs/179703/

The U.S. Department of Justice indites middle-aged doctor, accusing him of being a malware mastermind.

https://threatpost.com/doj-says-doctor-is-malware-mastermind/179659/

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

https://threatpost.com/vmware-bugs-abused-mirai-log4shell/179652/

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

https://threatpost.com/telegram-spread-eternity-maas/179623/

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

https://threatpost.com/malware-discord-webhooks/179605/

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

https://threatpost.com/nerbian-rat-advanced-trick/179600/

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

https://threatpost.com/ransomware-deathblow-college/179574/

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

https://threatpost.com/conti-ransomware-attack-emergency-costa-rica/179560/

Researchers say a hacker is selling access to quality malware for chump change.

https://threatpost.com/low-rent-rat-worries-researchers/179553/

Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands.

https://threatpost.com/usb-malware-targets-windows-installer/179521/

A sophisticated campaign utilizes a novel anti-detection method.

https://threatpost.com/attackers-use-event-logs-to-hide-fileless-malware/179484/

The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.

https://threatpost.com/emotet-back-new-tricks/179410/

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.

https://threatpost.com/email-security-fail-block-threats/179370/

Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.

https://threatpost.com/catalangate-spyware/179336/

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.

https://threatpost.com/cyberattackers-speed-fortinet-podcast/179294/

Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims.

https://threatpost.com/karakurt-conti-diavol-ransomware/179317/

Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers.

https://threatpost.com/feds-apts-critical-infrastructure/179291/

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.

https://threatpost.com/menswear-zegna-ransomware/179266/

The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn.

https://threatpost.com/microsoft-takedown-domains-ukraine/179257/

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.

https://threatpost.com/google-play-bitten-sharkbot/179252/

Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.

https://threatpost.com/macos-malware-myth-vs-truth-podcast/179215/

This fresh malware strain extends the functionality of typical trojans with advanced functionality and a series of modules for launching various types of threat activity.

https://threatpost.com/borat-rat-ransomware-ddos/179233/

Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.

https://threatpost.com/belarusian-ghostwriter-actor-picks-up-bitb-for-ukraine-related-attacks/179210/

QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.

https://threatpost.com/qnap-customers-adrift-fix-openssl-bug/179197/

Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list.

https://threatpost.com/lapsus-back-from-vacation/179156/

A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.

https://threatpost.com/mshtml-flaw-exploited-to-attack-russian-dissidents/179150/

Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.

https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.

https://threatpost.com/exchange-servers-speared-in-icedid-phishing-campaign/179137/

The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.

https://threatpost.com/doj-indicts-russian-govt-employees-over-targeting-power-sector/179108/

London Police can’t say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.

https://threatpost.com/uk-cops-collar-7-suspected-lapsus-gang-members/179098/

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.

https://threatpost.com/microsoft-azure-developers-pii-stealing-npm-packages/179096/

Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.

https://threatpost.com/chinese-apt-combines-fresh-hodur-rat-with-complex-anti-detection/179084/

Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.

https://threatpost.com/microsoft-help-files-vidar-malware/179078/

Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.

https://threatpost.com/tax-season-scammers-spoof-fintechs-stash-public/179071/

A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.

https://threatpost.com/deadbolt-ransomware-qnap-again/179057/

The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.

https://threatpost.com/microsoft-lapsus-compromised-one-employees-account/179048/

Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana.

https://threatpost.com/lapsus-data-kidnappers-claim-snatches-from-microsoft-okta/179041/

“Evolving intelligence” shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said – but researchers warn that many orgs are not prepared.

https://threatpost.com/russia-cyberattacks-us-infrastructure/179037/

An unusual attack using an open-source Python package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.

https://threatpost.com/serpent-backdoor-chocolatey-installer/179027/

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.

https://threatpost.com/browser-in-the-browser-attack-makes-phishing-nearly-invisible/179014/

The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it’s actually spyware capable of stealing any and all information from victims’ social-media accounts.

https://threatpost.com/facestealer-trojan-google-play-facebook/179015/

The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but it’s reportedly clunkier code.

https://threatpost.com/conti-ransomware-v-3-including-decryptor-leaked/179006/

A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.

https://threatpost.com/bridgestone-hit-as-ransomware-torches-toyota-supply-chain/178998/

The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.

https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/

Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations’ networks for further malicious activity.

https://threatpost.com/google-conti-diavol-ransomware-access-broker/178981/

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.

https://threatpost.com/dev-sabotages-popular-npm-package-protest-russian-invasion/178972/

It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.

https://threatpost.com/reporting-mandates-to-clear-up-feds-hazy-look-into-threat-landscape-podcast/178947/

Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.

https://threatpost.com/cryptorom-crypto-scam-side-loaded-apple-apps/178942/

CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.

https://threatpost.com/destructive-wiper-organizations-ukraine/178937/

The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.”

https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.

https://threatpost.com/pandora-ransomware-hits-giant-automotive-supplier-denso/178911/

The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.

https://threatpost.com/staff-think-conti-group-legit-employer-podcast/178903/

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware.

https://threatpost.com/raccoon-stealer-telegram/178881/

Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead.

https://threatpost.com/malware-posing-russia-ddos-tool-bites-pro-ukraine-hackers/178864/

Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.

https://threatpost.com/blaming-ransomware-victims-podcast/178799/

The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.

https://threatpost.com/qakbot-botnet-sprouts-fangs-injects-malware-into-email-threads/178845/

Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China’s Mustang Panda targeting Europe.

https://threatpost.com/russian-apts-phishing-ukraine-google/178819/

While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.

https://threatpost.com/uncertain-future-it-automation/178709/

Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.

https://threatpost.com/nvidias-stolen-code-signing-certs-sign-malware/178784/

Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.

https://threatpost.com/massive-meris-botnet-embeds-ransomware-notes-revil/178769/

Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.

https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/

A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians.

https://threatpost.com/phishing-campaign-targeted-those-aiding-ukraine-refugees/178752/

It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

https://threatpost.com/russia-leaks-data-thousand-cuts-podcast/178749/

Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.

https://threatpost.com/teabot-trojan-haunts-google-play-store/178738/

The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel.

https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/

Via node-hopping, the espionage tool can reach computers that aren’t even connected to the internet.

https://threatpost.com/daxin-espionage-backdoor-chinese-malware/178706/

Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week.

https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/

A pro-Ukraine Conti member spilled 13 months of the ransomware group’s chats, while cyber actors are rushing to align with both sides.

https://threatpost.com/ukraine-russia-cyber-warzone-splits-cyber-underground/178693/

The infamous trojan is likely making some major operational changes, researchers believe.

https://threatpost.com/trickbot-break-researchers-scratching-heads/178678/

The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors.

https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/

Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.

https://threatpost.com/latest-insights-ransomware-threats/178391/

The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine.

https://threatpost.com/white-house-denies-mulling-massive-cyberattacks-against-russia/178658/

Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.

https://threatpost.com/harsh-truths-cybersecurity-part-two/178447/

The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.

https://threatpost.com/microsoft-app-store-electron-bot-malware/178629/

Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats.

https://threatpost.com/web-filtering-and-compliances-for-wi-fi-providers/178532/

With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.

https://threatpost.com/the-art-of-non-boring-cybersec-training-podcast/178594/

Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional “video evidence.”

https://threatpost.com/sextortion-rears-its-ugly-head-again/178595/

Nothing like zombie campaigns: WannaCry’s old as dirt, and GandCrab threw in the towel years ago. They’re on auto-pilot at this point, researchers say.

https://threatpost.com/wannacry-gandcrab-top-ransomware-scene/178589/

The overall number of attacks on mobile users is down, but they’re getting slicker, both in terms of malware functionality and vectors, researchers say.

https://threatpost.com/gaming-banking-trojans-mobile-malware/178571/

The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks.

https://threatpost.com/cyberattackers-employee-personal-data-meyer/178570/

Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.

https://threatpost.com/xenomorph-malware-google-play-facehugger/178563/

Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack.

https://threatpost.com/iranian-state-broadcaster-clumsy-buggy-code/178524/

Kraken has already spread like wildfire, but in the past few months, the malware’s author has been tinkering away, adding more infostealers and backdoors.

https://threatpost.com/golang-botnet-pulling-in-3k-month/178509/

On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.

https://threatpost.com/ukrainian-ddos-attacks-should-put-us-on-notice-researchers/178498/

Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware.

https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/

The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.

https://threatpost.com/trickbot-amazon-paypal-top-brands/178483/

The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks.

https://threatpost.com/massive-linkedin-phishing-bot-attacks-hungry-job-seekers/178476/

An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.

https://threatpost.com/emotet-spreading-malicious-excel-files/178444/

Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell.

https://threatpost.com/squirrelwaffle-fraud-exchange-server-malspamming/178434/