Threat actors spoof email security providers
A new report from phishing defense company Cofense highlights increasingly sophisticated phishing attacks that are exploiting trusted email security companies such as Proofpoint, Mimecast and Virtru to trick users into disclosing sensitive credentials.
The attacks make use of fake email attachments, phishing links and credential-harvesting tactics to compromise sensitive data. By mimicking well-known brands, threat actors boost the likelihood that the recipients will trust the emails and engage with harmful content, leading to them exposing critical information.
AI boosts rise in phishing and spoofing attacks on banks
The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing, and tactics are becoming increasingly advanced due to AI.
New research from BforeAI analyzed 62,074 domains registered between January and June 2024 with finance-related keywords. Of those registered domains, 62 percent were found to be involved in phishing attacks targeting legitimate entities via spoofing websites.
Microsoft reveals Office security flaw that has not yet been patched
Various versions of Microsoft Office have a serious security vulnerability which could expose sensitive data to an attacker. Worryingly, while disclosing the flaw, Microsoft has also conceded that there is no patch available.
The issue is being tracked as CVE-2024-38200 and it affects a variety of edition of the office suite -- namely the 32- and 64-bit versions of Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise. While there is no fix available right now, one is expected in the coming days.