Email Bombing, ‘Vishing’ Tactics Abound in Microsoft 365 Attacks
Sophos noted more than 15 attacks have been reported during the past three months.
Sophos noted more than 15 attacks have been reported during the past three months.
Related
OWASP Highlights Supply Chain Risks in New Top 10
Security misconfiguration jumped to second place while injection vulnerabilities dropped, as organizations improve defenses against traditional coding flaws.
When the Cloud Rains on Everyone’s IoT Parade
What happens to all of those always-connected devices and Internet of Things when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.
Hackers Weaponize Remote Tools to Hijack Cargo Freight
Researchers uncovered a new threat campaign in which attackers use RMM tools to steal physical cargo out of the supply chain.
WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle
NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.
Water Systems Under Attack: Norway, Poland Blame Russia Actors
Water and wastewater systems have become a favored target of nation-state actors, drawing increasing scrutiny following attacks on systems in multiple countries.
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI